The big data privacy conundrum

SINTEF (Norwegian: Stiftelsen for industriell og teknisk forskning), headquartered in Trondheim, Norway, is the largest independent research organisation in Scandinavian states that found a full 90 per cent of all the data in the world has been generated over the last two years. This is attributed to the rise of social media and cloud computing. IBM further quantified this by stating that we create 2.5 quintillion bytes of data – so much that 90 per cent of the data in the world today has been created in the last two years alone.

We are today living in a data rich society where data is everywhere, from your posts to social media sites like Twitter, Facebook, Reddit and Instagram pictures, to videos posted online at YouTube, transaction records of online purchases, and as most recently discovered cell phone GPS signals to identify if so required with pinpoint accuracy where the individual physically might be.

This all sounds fascinating to celebrate the advances in technology when the Internet was only fully commercialized in mid to late 1980s and early 1990s. In 2011, A United Nations commission set a goal to have 60 per cent of the world with Internet access stressing the crucial role this plays for economic growth and job creation.

With expanded connectivity and usage of social media and other productivity applications comes the major concern of the amount of data that can be deemed as personal data from a Privacy perspective is being readily made available by the users of these applications and how easily it can be collected by organisations.

In 2006 marketer Michael Palmer blogged that data is just like crude. It’s valuable, but if unrefined it cannot really be used. It has to be changed into gas, plastic, chemicals and so on to create a valuable entity that drives profitable activity; so must data be broken down, analysed for it to have value. "Data is the new oil!"

The rapid gains in data analytics technology and the readiness of organisations to mine that data and use it to sell goods as demonstrated by Target where it Figured Out A Teen Girl Was Pregnant Before Her Father Did is astounding. In a previous article “Privacy in the era of Big Data and Cloud”, we talked about privacy being simply defined as a state in which one is not observed or disturbed by other people and data likely to give rise to unlawful or arbitrary discrimination, including information on racial or ethnic origin, colour, sex life, political opinions, philosophical and other beliefs. If we put this into perspective of how collated data is being used by organisations today, I am sure we will have a very long and interesting debate.

If we now extend that a bit further and ask ourselves on how the results would be used and/or interpreted following the vast amount of data mining activities being undertaken that amongst other things includes profiling based on race, occupation, relationship status, age, address, location and ethnicity all under the broad banner of targeted marketing or national security the possibilities are endless.

Would the individuals who have been subject to the profiling activity be informed on how/and where have they been categorised? Would they ever be told on where their data is being sourced from, and where the results are being sent after the analysis has been completed? Further, does the analysis ecosystem that is offered in the cloud around BigQuery and Cloudera offerings provide the security mechanisms outlined to appropriately protect the privacy of an individual? These are all questions that remain to be answered or obligations further explored.

A point for discussion, is do organisations view or have on their agenda that collection and usage of customer data alongside the required privacy and security safeguards in a data rich world as part of their corporate social responsibility (CSR)?

Is ensuring implementation of data security controls part of their responsible business model within a self-regulating mechanism where an organisation monitors and ensures its active compliance with the spirit of the law, ethical standards, and international norms?

Will Target with its recent data breach and theft of about 40 million credit and debit card records and 70 million other records containing customer information and now undergoing a Senate inquiry have its CSR functions and extent of functions across the organisation questioned?

The analysis within the submitted to Chairman Rockefellar on March 26 2014 suggests that Target missed a number of opportunities along the kill chain to stop the attackers and prevent the massive data breach. This being determined as negligent operations in line with its “safety & preparedness” area of CSR commitment remains to be seen.

If we look at usage of cloud computing and cloud software by organisations, breach and theft of data, big data its associated analysis and end results with safeguards for privacy of personal data in isolation, then there is a varying degree of risk and appetite for acceptance. However, in today’s data rich, social media lead interconnected world where statements like "data is the new oil" are becoming norm the conundrum of privacy safeguards and what is considered responsible operations by organisations is up for debate.

Only time will tell if this introduces material risk for organisations where they are accused of negligence regards safeguarding and usage of the data that has been collated.

Join the CSO newsletter!

Error: Please check your email address.

More about CSRFacebookIBM AustraliaUnited Nations

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Puneet Kukreja

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place