• Facebook knew Cambridge Analytica was mishandling user data two and a half years ago, the company's chief operating officer, Sheryl Sandberg, told NBC.
  • But when the company discovered the problem, she said, executives relied on the consulting firm's assurances that it had deleted the data.
  • The company could have done an audit but did not, she said.
  • "To this day, we still don't know what data Cambridge Analytica have," she told the Financial Times. "We made mistakes and I own them and they are on me."

Facebook's chief operating officer, Sheryl Sandberg, has continued the company's apology tour over its data scandal, acknowledging that Facebook knew Cambridge Analytica had mishandled users' data two and a half years ago but saying the company failed to follow up when the consulting firm said the data had been deleted.

Had Facebook audited Cambridge Analytica's data holdings, Facebook could have prevented the privacy scandal that has enveloped the company, Sandberg told NBC's Savannah Guthrie during an interview on Friday's Today show, part of which aired Thursday night.

Cambridge Analytica is under investigation in both the U.S. and the U.K. for the way it obtained data on as many as 87 million users from Facebook and for whether it used that data to target voters on behalf of the Trump campaign in the U.S. and the Brexit referendum in the U.K.

When asked why Facebook didn't follow up when it found that Cambridge Analytica was abusing user data back in 2016, Sandberg told Guthrie: "You are right--we could have done this two and a half years ago ... We thought the data had been deleted and we should have checked."

She continued: "We thought it had been deleted because they gave us assurances, and it wasn't until other people told us it wasn't true, but ... we had legal assurances from them that they deleted. But what we didn't do was the next step of an audit, and we're trying to do that now."

Sandberg also said, in a different interview, that Facebook could not conduct such an audit because it must wait for the U.K. information commissioner to finish its investigation of Cambridge Analytica's election activity. "To this day, we still don't know what data Cambridge Analytica have," she told the Financial Times.

Sandberg, like CEO Mark Zuckerberg, has been doing a media apology tour over the way the company has allowed third-party access to user data. "We made mistakes and I own them and they are on me," she told the FT.

"There are operational things that we need to change in this company and we are changing them ... We have to learn from our mistakes and we need to take action," she said.

She also said Facebook would introduce in America similar privacy standards to those that will be enforced in Europe later this year under the European Union's new General Data Protection Regulation and ePrivacy laws. 

The two laws require companies get affirmative opt-in permission from every user for every piece of data any company keeps or processes.

The permission process may come as a shock to Facebook users because it will force Facebook to tell them exactly what data it holds on them and with whom it shares that data; and it will force users to examine whether they want that level of information sharing to continue.

"Europe was ahead on this," she told the FT.

Most observers expect a measurable reduction in user sharing and engagement to occur once the new rules take effect.

Here's a highlight from Today:

This post originally appeared on Business Insider.