With new details emerging almost every day about the Facebook data breach founder Mark Zuckerberg is apologizing, a lot.

This isn’t the first time Facebook has had legal issues because they played fast and loose with our data. And this isn’t the first time Zuckerberg has apologized. So I have to wonder whether his promises to do better will be enough. And if not, what will that mean for business owners who rely on the platform to build communities and reach new markets.

Let’s start with the facts:

Who is Cambridge Analytica?

They are a British political consulting firm with expertise in data mining, data analysis, and data brokerage. Essentially they collect and analyze data, using the information to develop targeted messages to influence individual behavior. The primary use of their data seems to be to influence elections around the world.

Is this wrong? Actually, no. Consumer research has been the foundation of marketing since the 1950’s. What’s different in this case is how the data was gathered.

How did they get the data?

Facebook collects a lot of information about us. Their entire business model is built on this data.

Facebook gave permission to University of Cambridge psychology professor Aleksandr Kogan to harvest information from users who downloaded his app — “thisisyourdigitallife.”  We know that 270,000 Facebook users downloaded the personality test. To build the personality profile users gave permission for data to be collected on their location, their friends, and content they liked. This was all allowed under Facebook’s Terms of Service (TOS).

So where did all this go wrong? Instead of just collecting data on the 270,000 people who agreed to participate, the app also collected information on the behavior patterns of their friends. Original estimates were 50 million people, but we now know that more than 87 million people were swept up in this study. This expanded collection is in violation of Facebook’s TOS.

Kogan’s decision to give the data to Cambridge Analytica for use in their marketing programs was also wrong.

Did Facebook Do Enough?

In 2015 Facebook realized what had happened and they asked Cambridge Analytica to purge the data, but that obviously did not happen. So now, almost three years later as the story is coming out Mark Zuckerberg is apologizing for the Facebook data breach. But this time, it looks like his apologies and promises won’t be enough. These disclosures, combined with proof of Russian trolls using the Facebook advertising platform to run ads and create political events have made Facebook fans and critics angry.

Everyone is angry

Users feel betrayed and they are changing their behavior. The “Delete Facebook” movement is more show than action. People are unwilling to really give up the connections the Facebook community gives them, but they are dialing back. Users are logging in less often and sharing less information. They are accessing and raising their privacy settings and disconnecting the integration of many apps from Facebook.

Governments are investigating and considering regulation. This week Zuckerberg testified in front of two congressional committees. While there was a lot of grandstanding, it is unlikely there will be much immediate action.

Before new laws can be passed, there needs to be agreement as to what Facebook really is. And there is no real agreement. Some see Facebook as a utility such as a phone company, while others see it as a media publishing company. That definition matters because the definition will determine which entities within our government have oversight.

While there is one bill in Congress which, if approved, would require Facebook ads to display a “paid for by” message similar to television ads, it is unlikely that measure will pass in our anti-regulatory environment.

But the U.S. is not the only government considering action, both the UK and the European Union are considering some restrictions. So, Facebook may be required to make changes to meet their rules even if our government is slower to act.

Advertisers are frustrated. After years of investing in their Facebook community, they have seen declining reach as Facebook continues to tweak the algorithm. They are concerned the cost of ads will increase and their effectiveness will likely to drop as Facebook dials back on the amount of information you can access and consumers raise privacy settings.

Investors are concerned. With quarterly revenues exceeding $10 billion they have a right to be and we expect they will put pressure on Facebook to clean up their act to protect their revenue stream

So What’s Next?

Facebook has already announced they are restricting accounts with large followings, and require that they verify their legitimacy. They are shutting down troll farms and moving towards requiring more transparency from advertisers.

But they are moving slowly. Chief Operating Officer, Sheryl Sandberg basically said it took years to build this model, and while they are moving to make improvements, the changes won’t happen overnight.

What Should You Do?

As a consumer adjust your privacy settings. Read terms of service more carefully. Disconnect apps that use Facebook to login. Change passwords. Ok, the last one you should do regularly anyway.

If you are concerned, download your profile settings from Facebook to see what they know or think they know about you.

If you are a business, don’t give up on Facebook yet. Continue to take advantage of the social community while it lasts. Build your community, run ads, and post events. But recognize that you don’t own the content, platform, or your contacts. So use some of your advertising to drive traffic to your website and to your email list. At the end of the day, you need to own your contacts, not simply rent access from Facebook.

Will things change? Yes, but if you own your contacts and media by hosting them on your website and building your email list, you will be in control of your future, regardless of what is uncovered in the next report of a Facebook data breach.

What does Facebook Say?

Curious as to how Facebook’s attitude about privacy has changed over the last decade? This short video produced by the Washington Post gives you a quick look.