Do Facebook's Privacy Violations Qualify as Bad CSR?

Anybody who has seen the Evolution of Privacy on Facebook graphic circulating on the internet knows that the leading social networking site is pushing the boundaries of user comfort levels.  There is no question that customer privacy is one of the defining issues for social media and social networking at this moment in time.  But is this a corporate social responsibility issue, or is it simply an instance of bad customer relations?

For some insight into this question, I decided to investigate whether various ESG (environmental, social, and governance) data and research groups evaluate privacy issues as part of their assessments of a company's social responsibility.  Here is a snapshot of what I learned.

The Global Reporting Initiative (GRI) includes "Respect for Privacy" in its Product Responsibility section.  GRI's telecommunications sector supplement explains that "in a telecommunications context, this includes policies and programmes for data protection. Examples are the encryption and deletion of personal data, the production of telecommunications directories, and the delivery of other data management products and services."

The Dow Jones Sustainability Indexes (DJSI) do not include customer issues in their general company evaluations, instead favoring corporate citizenship/philanthropy, labor practice indicators, human capital development, social reporting, and talent attraction/retention under their social assessments of companies.  However, Sustainable Asset Management's Sustainability Yearbook (which is produced by the company that develops the DJSI) treats privacy protection under the economic dimension for its Computers and Internet Category.

KLD (now part of RiskMetrics Group) does not discuss privacy specifically on its website, but includes product-level concerns in its social analysis of companies.

The FTSE4Good's social indicators do not concentrate on privacy concerns, instead focusing primarily on employee diversity, health and safety systems, employee relations, and philanthropy.

Corporate Responsibility Magazine (formerly CRO) does not include privacy in its company assessments, instead evaluating human rights, employee relations, and philanthropy as its key social concerns.

Corporate Knights does not clearly include customer relations in its general criteria, limiting the aspect of assessments to leadership diversity and CEO-to-average-worker-pay.

In short, Global Reporting Initiative, Dow Jones Sustainability Indexes, and KLD treat customer relations as an environmental, social, and governance issue while FTSE4Good, Corporate Responsibility Magazine, and Corporate Knights do not.  But does this split tell us anything about the boundaries of corporate social responsibility?  Or do they tell us something else entirely?  I would welcome input from readers on what distinguishes the two mindsets and the companies that foster them.

Photo credit: http://mattmckeon.com/facebook-privacy/