The human is the weakest link in any cyber security attack. Most cyber security breaches happen because of the human error. Facebook breach is no exception.
The privacy laws should be intelligent enough to identify the active breach and the passive breach. Active breach is where the security are breached and compromised deliberately by a hacker. A passive breach is where human beings are tricked to part with their personal data. Personally, I feel that the data breach at Facebook should be treated as a passive breach.