The fallout from the Facebook-Cambridge Analytica data exploitation scandal should leave no organisation in doubt about the consequences of failing to protect personal data.

Since a whistleblower alleged improper practices in collecting and sharing data belonging to more than 50 million users, the two companies have come under intense media, regulatory and legal scrutiny.

Facebook is counting the cost of losing users’ and investors’ trust, with up to $100bn wiped off of the company’s value since news of the scandal broke, and is now also under investigation by the US Federal Trade Commission that could result in a penalty of up to $2tn.

“The FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook,” said Tom Pahl, acting director of the FTC’s bureau of consumer protection.

The investigation is in response to “substantial concerns about the privacy practices of Facebook” and will look at whether Facebook engaged in “unfair acts that cause substantial injury to consumers” by sharing data with Cambridge Analytica for use in political campaigns without the knowledge of the data owners.

A similar investigation has been launched in the UK by the Information Commissioner’s Office (ICO) which is charged with protecting the privacy of UK citizens.

Facebook has responded to news of the FTC investigation by saying the social networking firm remains “strongly committed” to protecting people’s information and “appreciates the opportunity” to answer the FTC’s questions.

If the FTC investigation finds that Facebook violated a 2011 consent decree with the FTC, which provided for fines of up to $40,000 per violation, the penalty could amount to trillions of dollars, according to The Guardian.

While some commentators believe that Facebook violated the FTC agreement by giving Cambridge Analytica access to data of friends of the 270,000 Facebook users who downloaded a personality type quiz developed by Cambridge University researcher Alexsandr Kogan, others say the terms of the consent decree could make it difficult for the FTC to show that Facebook had violated the agreement, because it allows Facebook to give the information of a user’s friends to third-party developers.

In addition to the FTC investigation, Facebook is facing questions from the chief law enforcement officers for 37 US states about when Facebook learned that the data was being shared with Cambridge Anaytica without the data owners’ consent, how Facebook monitored what developers did with the data they collected, and whether Facebook had safeguards in place to prevent misuse of personal data.

Facebook will face more pressure when the UK’s Digital, Culture, Media and Sport Select Committee questions Cambridge Analytica whistleblower Christopher Wylie and privacy researcher Paul-Olivier Dehaye on 27 April 2018, according to The Telegraph. The Committee has also demanded that Facebook CEO Mark Zuckerberg give evidence in person.

In the US, a third congressional committee has reportedly asked Zuckerberg to give testimony regarding the data exploitation scandal.

The powerful senate committee wants the Facebook chief to testify at a hearing next month regarding the protection and monitoring of consumer data, reports the BBC.

It has also invited representatives from Twitter and Google to discuss how such data may be misused or improperly transferred, and what steps companies like Facebook can take to better protect personal information of users and ensure more transparency.