Big Data Brings Big Privacy Concerns

When CIOs think of big data, they might envision the technical challenges and opportunities posed by the vast reservoirs of information their companies are collecting and analyzing. But when some policy makers contemplate the same situation, their concerns turn to questions of privacy, and what steps data-rich companies are taking to safeguard consumers' personal information.

Consumer Privacy

In recent years, lawmakers and regulators have voiced mounting concerns about the volume of data that businesses are collecting, how that information is then used and if it is sold, and whether consumers are given meaningful notice about those companies' practices.

In the Senate, John Rockefeller (D-W.V.), the chairman of the Commerce Committee, opened an inquiry into the practices of nine data brokers in October. Committee staffers will continue the probe in the new Congress as Rockefeller and other lawmakers contemplate new legislation to protect consumer privacy in the Internet age.

"We have gotten involved in data brokers and big data -- quote unquote -- because it's very clear that we're approaching this place where more and more of consumers' lives are going to be online," Erik Jones, deputy general counsel for Rockefeller's committee, said during a panel discussion here at the annual State of the Net conference hosted by the Advisory Committee to the Congressional Internet Caucus.

"Because of that there's a digital footprint that is now available. There are certainly benefits to that," Jones adds. "But there are also concerns that are raised. And what we are trying to do on the committee is better understand what that means for consumers."

Online Data Collection Policies

Jones stresses that Rockefeller and other members working on privacy issues are keenly aware of the balancing act they would face in drafting a law that provides meaningful protections for consumers without hobbling emerging business models built around benign uses of consumer data, including all the content and applications that Internet companies offer for free, generating revenue through advertising tailored to users with increasing precision.

About two months after Rockefeller sent letters to the data brokers asking for information about their information-collection and marketing policies, the Federal Trade Commission followed suit with its own set of orders demanding similar information from nine firms. Of those, three data brokers -- Acxiom, Datalogix and Rapleaf -- also received letters from Rockefeller.

In issuing its orders, the FTC said that it would use the information the data brokers provided to inform its understanding of the privacy practices of the industry, which senior officials have identified as an area of particular concern in the agency's ongoing policy work on Internet privacy.

"The power of big data is the ability to make inferences on, you know, reasonably fine-grained groups of people. And that's the very thing that causes the privacy violation as well," says Paul Ohm, a senior policy adviser with the FTC. "You can have really, really, really aggregated data that we would all agree could never be violated in anything we would consider privacy. Turns out that's the data that's the least useful."

In the Senate, Rockefeller has been one of the leading voices calling for meaningful online privacy protections, though if any legislation with his name on it is to become law, it will have to win passage in the 113th Congress. Rockefeller has announced that he will retire after the end of his term in 2015, rather than seek reelection.

In the meantime, efforts to extract detailed information from industry players about their data-collection practices have been frustrated by a lack of specificity, according to Jones.

"What we're trying to understand is what exactly is this information people are collecting, the companies are collecting, and what are they selling it for," Jones says. "The concerns that are being raised on the committee are no one really knows what this information is. We've had plenty of meetings where individuals will come in and talk about the benefits on the marketing side, because that's what we're focusing on, and how it helps drive the growth of the Internet and it's very helpful for you to find the right product that you need. But what we're not hearing is well, how specific is this information? Where is it being collected from? I think it's important for consumers and for Congress to understand really what this information is. And at this point it's essentially a black box."

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for

Follow everything from on Twitter @CIOonline, on Facebook, and on Google +.

Read more about big data in CIO's Big Data Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags marketingapplicationsftcdata miningbig dataTechnology Topicsindustry verticalsprivacyTechnology Topics | Big Datasecuritysoftwaredata collectiongovernmentonline data collectionbig data privacyconsumer privacy

More about Acxiom AustraliaCongressional Internet CaucusFacebookFederal Trade CommissionFTCGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kenneth Corbin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts