An auditing firm responsible for monitoring Facebook for federal regulators told them last year that the company had sufficient privacy protections in place, even after the social media giant lost control of a huge trove of user data that was improperly obtained by the political consulting firm Cambridge Analytica.

The assertion, by PwC, came in a report submitted to the Federal Trade Commission in early 2017. The report, a redacted copy of which is available on the commission’s website, is one of several periodic reviews of Facebook’s compliance with a 2011 federal consent decree, which required Facebook to take wide-ranging steps to prevent the abuse of users’ information and to inform them how it was being shared with other companies.

The accounting firm, formerly known as PricewaterhouseCoopers, effectively gave Facebook a clean bill of health. “Facebook’s privacy controls were operating with sufficient effectiveness to provide reasonable assurance to protect the privacy” of users, said the assessment, which stretched from February 2015 to February 2017.

But during that period, Facebook was aware that a researcher based in Britain, Aleksandr Kogan, had provided Cambridge Analytica with private Facebook data from millions of users. Cambridge, which later worked for the Trump campaign, used the information to build psychological profiles of American voters before the 2016 election. Some details of Mr. Kogan’s work — though not the full scope of the data he had obtained — were revealed in an article in The Guardian in late 2015.