Facebook will submit to outside audits of its privacy practices every two years for the next 20 years under a proposed settlement announced Tuesday with the Federal Trade Commission. The agreement comes in response to FTC charges that the company repeatedly allowed information to be shared and made public after telling consumers it could be kept private.

Under the agreement, Facebook will also have to provide a clear and prominent notice and get consumers consent before sharing data beyond their privacy settings. The company also has to maintain a privacy program crafted to deal with the risks that come with developing and managing new and existing products and services.

The main takeaway is that if a business says it will handle personal information in a particular way, it had better do so. "The agency's 8-count complaint boils down to this: Facebook's privacy practices often flew in the face of its stated policies and, as one count alleges, the company made material retroactive changes to its privacy practices, without getting users' consent," Lesley Fair, an attorney in the FTC's Division of Consumer & Business Education, wrote on the agency's blog.

In a post on the Facebook blog, CEO Mark Zuckerberg said that he is creating two new corporate officer roles in light of the settlement: Chief Privacy Officer for Policy and Chief Privacy Officer for Products. Zuckerberg noted that the FTC has settled similar charges recently with Google (NASDAQ: GOOG) and Twitter.

For more:
- see the FTC announcement
- see Lesley Fair's post at FTC.gov
- see Mark Zuckerberg's post

Related Articles:
Facebook's privacy record fails the enterprise test
News flash: Social media sap productivity
Data Privacy Day and Facebook