At the recent CSO Perspectives Roadshow I was on a panel with the esteemed David Lacey, he suggested just like Asimov's laws for robotics we need some clear maxims for the security and privacy management of big data.
Well firstly, let's just have a recap of what is Big Data before I get into attempting to draft these laws. Big Data is essentially the techniques for curating and analysing large complex datasets that are beyond the capability of most normal Database Management Systems and data warehouses. These datasets are often accessed by a wide range of researchers, scientists and (shock horror) marketeers to gather new insights into customers and problems. For example diverse datasets about the physical environment could be analysed to identify unexpected impacts of climate change. The study of pedestrian and motor vehicle traffic patterns from smartphone navigation data could be used to improve the "livability" of cities. Many applications and websites use big data with "you bought X you might also like to buy Y" tailored marketing.
So, with that in mind I offer you, Hackling's Laws of big data:
1. Collect the data legally
2. Anonymise and de identify the data to preserve privacy of individuals, ethnic/religious groups etc. before it is ingested into the big data dataset. For example:
I’d welcome your thoughts.
Increasing mandates around the security of personal data have made encryption for every business. Australian businesses are leading the world in the use of encryption to protect backups, payment-related data, and laptops – and yet they still have a long way to go before encryption is both ubiquitous and manageable.
If your last access-control update was even a few years ago, you’re probably more exposed to fraud and exploitation than you’d like to be.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem