Big Data Raises Big Privacy Questions
Concerns over data privacy are nothing new. But as a growing array of systems and devices connect to the Internet and new data sources emerge—including the Internet of things—the issues are becoming increasingly murky for many business executives. Striking a balance between the requirements of a business and the trust of consumers is paramount.
"Big Privacy Rises to the Challenges of Big Data," a recently released report from Constellation Research, offers observations and insights on the current state of affairs. Steve Wilson, vice president and principal analyst, found that gaps and problems are emerging.
"Never before has so much personal information been available so freely to so many," Wilson notes. While this data is the "lifeblood of most digital enterprises today," he cautions organizations about pushing the dial too far.
"Big data promises vast benefits for a great many stakeholders, but the benefits are jeopardized by the excesses of a few," Wilson points out. "Some cavalier online businesses are propelled by a naive assumption that data in the 'public domain' is up for grabs; they err on the side of abandon."
Wilson goes on to note that the well-meaning slogan, "Privacy is not a technology issue" can wreak havoc. "Too often, executives toss out the statement that the law has not kept up with advances in technology," he says, adding that he doesn't buy into that statement.
"It's really very surprising how technology-neutral data privacy laws deal neatly with so many of the current controversies in cyber-space—like face recognition, natural language processing, DNA hacking, Augmented Reality and so on." Wilson says that data privacy principles introduced by the Organization of Economic Cooperation and Development in 1980 have established a solid foundation.
Nevertheless, the temptation to plug in new data and use it in sometimes questionable ways is growing. For instance, the report notes that pay-as-you-drive insurance that uses speed and time data collected by small black boxes in vehicles arouses new privacy concerns. When this data is combined with map data, speed and time can be used to deduce the location of a car at any time—even without specific GPS data.
Likewise, data collected by fitness devices that's combined with shopping data and other information sources can yield deep insights into an individual's health and medical issues.
In this emerging world of big data, organizations must respect boundaries. "When businesses go too far with advanced data analytics and leave users feeling violated or betrayed, everyone suffers," Wilson says. "Disillusioned customers don't just abandon the firms that have squandered their trust; they also lose confidence in cyber-space more broadly and withdraw from other new and worthwhile services, like e-government, e-health, digital payments and e-commerce."
Wilson advises organizations to adhere to two primary concepts. The first, "The Collection Limitation Principle," requires businesses and government to collect only the personally identifiable information (PII) they need for legitimate and transparent purposes. The concept centers on discipline rather than prohibition, and organizations must be able to justify what they collect, he explains.
The second concept, "The Openness Principle," requires data custodians to provide a level of transparency that lets outsiders know how, when and where they collect data, as well as who they share personally identifiable information with.
"More than ever, in the face of big data's temptations, privacy is essentially about restraint," Wilson concludes. "Privacy is not only about what organizations do with PII; just as important is what we choose not to do with it."