– Tom Ilube is chief executive officer of online security firm Garlik. The views expressed are his own. –

Facebook’s announcement that they are taking a new approach to their policies on the use of personal data is a quantum leap. By allowing users a greater role in its governance, the world’s most popular social network has set the benchmark for all organisations holding an individual’s personal information.

It is a brave and important move for Facebook: by allowing users to have a say in the way that their personal information is used and distributed, consumers will finally be allowed to take control of their digital identities.

In the past couple of weeks, Facebook founder Mark Zuckerberg has oscillated from holding on to people’s information forever to the position he announced today - giving users the chance to have a say on what happens to this data.

Facebook has learned the hard way that consumers value transparency above everything else. The world watches their every move and this naïve attempt to change their terms and conditions, without fully consulting their users, meant there was an inevitable loss of credibility.

The scale of the backlash against the changes has clearly alarmed Facebook, and with over 8.5 million subscribers in the UK alone, the risks of not taking action were too high. The furore has re-awakened them to their responsibilities to users and also reminded them of their founding principle - to help make the world more open and transparent. And it is in accordance with this, they have published both the Facebook Principles and the Rights & Responsibilities.

Users are already thanking Facebook for their honesty and engagement on this crucial issue, with almost 3,000 publicly welcoming the move on Zuckerberg’s blog. Naturally, the devil is in the detail and we must wait to see how this principles play out in practice. However, as the public become more aware of the dangers associated with posting personal information online, they begin to expect organisations to do more to ensure this data is not abused.

With this increasing acceptance of the importance of personal information, people have realised that it is a valuable commodity - not only to themselves, but also to companies and advertisers. As this awareness grows, organisations will not be allowed to take consumers’ personal data for granted, and will learn that they can only earn the opportunity to gather it if they are aware of their obligation to use it responsibly.

The Information Commissioner has warned against tardiness with people’s information and privacy - be it individuals on social networks or the Government’s proposed mega database. In this light, it can only be hoped that Facebook’s move will have implications for the wider world.

By democratising the gathering, storage, use and application of information obtained from its users, Facebook has acknowledged the huge responsibilities involved in holding personal data. Zuckerberg has now set the standard for transparent privacy policies within all online organisations and we will be watching avidly to see if others follow suit.

Royal Bank of Scotland, NatWest and American Express account holders’ personal details were found on a computer’s hard drive after it was sold on eBay.

The security breach was the latest in a series of incidents involving banks and government departments where sensitive personal data has gone astray.

Critics say the mishaps feel like they are becoming daily: personal bank details are sold on eBay one day, another bank’s computer disc goes missing in the post another day, while a government contractor’s memory stick is lost during another. 

Experts and politicians have called for better security, driven by a “cultural change” and a harsher climate of penalties.

Liberal Democrat MP Tom Brake describes the current approach taken by business and government as “slapdash”, and says they must learn to value the information in terms of how much it would be worth if it got into the wrong hands.

Cyber-Ark, a firm that helps organisations protect highly sensitive data, said organisations must adopt stricter rules preventing staff gaining access to information.

“There is no respect, no concept of value,” the company’s Calum Macleod said.

“There is insufficient care and attention. People who work in IT are allowed to use their privileges to gain access to information which has nothing to do with them.

“It is too easy for these employees to access information — there is far too much emphasis on accessibility. I don’t think organisations have really thought through mobility of information.”

Allowing information to become lost or sold is “bread and butter” for the criminal fraternity who can use the data to assume identities and clear bank accounts.

Do you feel banks and the government take personal data seriously? What could be done to better protect your information?