The big data privacy conundrum

SINTEF (Norwegian: Stiftelsen for industriell og teknisk forskning), headquartered in Trondheim, Norway, is the largest independent research organisation in Scandinavian states that found a full 90 per cent of all the data in the world has been generated over the last two years. This is attributed to the rise of social media and cloud computing. IBM further quantified this by stating that we create 2.5 quintillion bytes of data – so much that 90 per cent of the data in the world today has been created in the last two years alone.

We are today living in a data rich society where data is everywhere, from your posts to social media sites like Twitter, Facebook, Reddit and Instagram pictures, to videos posted online at YouTube, transaction records of online purchases, and as most recently discovered cell phone GPS signals to identify if so required with pinpoint accuracy where the individual physically might be.

This all sounds fascinating to celebrate the advances in technology when the Internet was only fully commercialized in mid to late 1980s and early 1990s. In 2011, A United Nations commission set a goal to have 60 per cent of the world with Internet access stressing the crucial role this plays for economic growth and job creation.

With expanded connectivity and usage of social media and other productivity applications comes the major concern of the amount of data that can be deemed as personal data from a Privacy perspective is being readily made available by the users of these applications and how easily it can be collected by organisations.

In 2006 marketer Michael Palmer blogged that data is just like crude. It’s valuable, but if unrefined it cannot really be used. It has to be changed into gas, plastic, chemicals and so on to create a valuable entity that drives profitable activity; so must data be broken down, analysed for it to have value. "Data is the new oil!"

The rapid gains in data analytics technology and the readiness of organisations to mine that data and use it to sell goods as demonstrated by Target where it Figured Out A Teen Girl Was Pregnant Before Her Father Did is astounding. In a previous article “Privacy in the era of Big Data and Cloud”, we talked about privacy being simply defined as a state in which one is not observed or disturbed by other people and data likely to give rise to unlawful or arbitrary discrimination, including information on racial or ethnic origin, colour, sex life, political opinions, philosophical and other beliefs. If we put this into perspective of how collated data is being used by organisations today, I am sure we will have a very long and interesting debate.

If we now extend that a bit further and ask ourselves on how the results would be used and/or interpreted following the vast amount of data mining activities being undertaken that amongst other things includes profiling based on race, occupation, relationship status, age, address, location and ethnicity all under the broad banner of targeted marketing or national security the possibilities are endless.

Would the individuals who have been subject to the profiling activity be informed on how/and where have they been categorised? Would they ever be told on where their data is being sourced from, and where the results are being sent after the analysis has been completed? Further, does the analysis ecosystem that is offered in the cloud around BigQuery and Cloudera offerings provide the security mechanisms outlined to appropriately protect the privacy of an individual? These are all questions that remain to be answered or obligations further explored.

A point for discussion, is do organisations view or have on their agenda that collection and usage of customer data alongside the required privacy and security safeguards in a data rich world as part of their corporate social responsibility (CSR)?

Is ensuring implementation of data security controls part of their responsible business model within a self-regulating mechanism where an organisation monitors and ensures its active compliance with the spirit of the law, ethical standards, and international norms?

Will Target with its recent data breach and theft of about 40 million credit and debit card records and 70 million other records containing customer information and now undergoing a Senate inquiry have its CSR functions and extent of functions across the organisation questioned?

The analysis within the submitted to Chairman Rockefellar on March 26 2014 suggests that Target missed a number of opportunities along the kill chain to stop the attackers and prevent the massive data breach. This being determined as negligent operations in line with its “safety & preparedness” area of CSR commitment remains to be seen.

If we look at usage of cloud computing and cloud software by organisations, breach and theft of data, big data its associated analysis and end results with safeguards for privacy of personal data in isolation, then there is a varying degree of risk and appetite for acceptance. However, in today’s data rich, social media lead interconnected world where statements like "data is the new oil" are becoming norm the conundrum of privacy safeguards and what is considered responsible operations by organisations is up for debate.

Only time will tell if this introduces material risk for organisations where they are accused of negligence regards safeguarding and usage of the data that has been collated.

Join the CSO newsletter!

Error: Please check your email address.

More about CSRFacebookIBM AustraliaUnited Nations

Show Comments