Privacy in the era of big data and cloud

Privacy is simply defined as a state in which one is not observed or disturbed by other people. Taking this definition further is Article 12 of the Universal Declaration of Human Rights which states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”

UN General Assembly, Guidelines for the Regulation of Computerized Personal Data Files, 14 December 1990, state that “data likely to give rise to unlawful or arbitrary discrimination, including information on racial or ethnic origin, colour, sex life, political opinions, philosophical and other beliefs ... should not be compiled”.

Most recently, the OECD updated its guidelines governing the Protection of Privacy and Transborder Flows of Personal Data (2013). In regards to the Security Safeguards Principle: “Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.”

In regards to Openness Principle: “There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.”

Within the revised guidelines is the introduction of data security breach notification laws supporting the “Security Safeguards Principle” which requires data controllers to inform individuals and/or authorities when a security breach has occurred. This is potentially a game changer, these laws are usually justified on the grounds that data controllers have little incentive to disclose breaches voluntarily given the possible harm this can cause to their reputation.

Requiring notification may enable individuals to take measures to protect themselves against the consequences of identity theft or other harms. Notification requirements may also provide privacy enforcement authorities or other authorities with information to determine whether to investigate the incident or take other action.

This will apply to all players big and small who collect any form of personal data, physical or digital.

A question we should ask ourselves is what prompted OECD to change its guidance in 2013? The answer is simple, data leaks—too many of them. Have a look for yourself at some of the biggest data breaches visualised here. Adobe was hacked and lost 38 Million records as recently as September 2013, and if you combine the number of personal records lost, hacked, accidentally published or leaked due to an inside job across Sony, Evernote, Facebook, iSoft, Vodafone, Twitter, Apple, LinkedIn, over the past 2 years the number of accounts is in excess of 300 million records.

Today we live in a connected world and the age of “big data” spear headed by Facebook, LinkedIn, iSoft, Twitter and numerous other social media and commercial cloud based software, where online and electronic transactions are the order of the day and all transactions are stored by entities both government and corporate with whom we interact.

Increase in the use of big data provides interesting new insights on everything from shopping patterns to predictions on health of the population and financial risks based on consumer earning vs spend.

The phrase "scientia potentia est" (or "scientia est potentia" or "scientia potestas est") is a Latin aphorism often claimed to mean "knowledge is power". Big data provides ingredients to harvest knowledge and, like a bank vault database that stores personal information, multiple facets of personal information can be targeted by forces of good (government and corporates) and forces of evil (criminals and terrorists) to undertake activities to further their own agendas—all without the complete knowledge of the individual. The responsibility and accountability of safeguarding these big data vaults, at this stage, is a bit grey. What is not grey is the risk of a compromise.

Whilst the promise of big data is all about predictive analysis and assisting human lives by making them simple, it also poses major privacy concerns for the average person. The ability for companies and governments to gain an insight into your personal lives through collecting, processing and analysing your social media, health and financial data could spell trouble if incorrect assumptions are made about, for example, your health or financial records.

What if results of analysis are used to form notions regards the way individuals behave and interact under the guise of improving the understanding of customer and citizen behaviours? This, in turn, supposedly assists in the provision of improved services, but could this be the start of a Minority Report type experience, where someone knows of something even before you do?

Scary huh!

From where I see it, big data and cloud have introduced threat vectors across the domains of legal, public policy, constitutional rights and ethics, all of which are areas of specialist knowledge and deep research. A lot remains to be explored as a whole. Coverage of no one particular domain will provide the solution but instead, a synthesis of approaches will be needed to introduce a working platform that provides clarity of what privacy really means in the era of big data and cloud.

Join the CSO newsletter!

Error: Please check your email address.

More about Adobe SystemsAppleEvernoteFacebookGeneral AssemblyiSoft GroupOECDSonyVodafone

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Puneet Kukreja

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place