Big data is big business. It enables firms to gather huge reams of information to help provide better insights and so make better decisions. But with great power comes great responsibility.
With ever more data being generated, collected, harvested and processed, issues around data privacy and protection will only grow.
Hackers’ eyes will light up at the potential for accessing such vast troves of data, while in the UK fines await from the Information Commissioner’s Office (ICO) for anyone who falls foul of the Data Protection Act (DPA) by allowing unauthorised access to personal information processed via big data systems.
Follow the rules
No doubt this is why the ICO released its first big data guidance document in late July. “Big data is not a game that is played by different rules,” said Steve Wood, the ICO’s head of policy delivery, as he unveiled the report.
The report acknowledged that, while many big data projects do not use personal information, for example weather projects, many gather data on people from social media sites, loyalty cards and sensors in clinical trials.
Wood advised firms embarking on such projects to familiarise themselves with the UK’s data laws to ensure they know their responsibilities for keeping this information secure.
The ICO also issued guidance on data collection, including keeping data secure and encrypted, ensuring it is not kept for longer than necessary and that the data collected is, “adequate, relevant and not excessive”.
This last line is especially pertinent. With so much information being created it is easy to gather huge amounts of data, but without any clear reason for doing so.
Mark Brown, director of information security at consultancy EY, urged firms to be aware of this pitfall as it could store up problems.
“A lot of companies have viewed big data as ‘let’s collect as much data as possible so we’ve got it there to use it.' But, with the prevalence of breaches we are seeing, data needs to be managed correctly,” he said.
Brown splits this management into two areas that need consideration for data protection and data use: consumer trust and operational efficiency, which complement one another.
“Consumer trust is based upon reputation and you can’t maintain brand reputation if you’re losing data,” he explained.
“But if you understand the risk and compliance issues you can create an information architecture that offers enhanced operational efficiency. Put these together and your business can grow.”
To get this right security must play an important part of any big data strategy. This is especially important as many firms will turn to cloud-based systems for the storage and processing of big data.
Raj Samani, EMEA chief technology officer at McAfee, part of Intel Security, advised companies to pay particular attention to this challenge, as outsourcing data to a cloud provider does not absolve a company of data protection responsibility.
“You need to do your due diligence. You are legally obliged for the data, even if hosted by the cloud provider, so you need to ensure they have appropriate security in place,” he warned.
For those managing data themselves, big data security best practice follows similar security requirements as those applied to ‘normal’ data, noted Samani, who argued that firms need to employ tools to protect themselves, and their data, as much as possible.
“People will say there is no silver bullet, but I disagree. There are, it’s just that not every threat is a werewolf,” he said.
“You can use encryption, malware detection, white-listing, signature-based detection, undertake regular scanning and patching and so on. There is no such thing as 100 percent security, but it’s about reducing the risk level.”
Show your working
If firms get this right it should give some peace of mind people can hand over their data with confidence. This, though, leads to another issue: explaining what the data will be used for.
The ICO urges companies to be open and clear on this, citing Channel 4’s use of a YouTube video to explain how it gathers and uses data as a good example of how to do this, rather than posting dense and dull privacy notices.
“The fact that there are poorly written privacy notices does not remove the responsibility on organisations to explain to customers what they are doing,” the ICO report noted.
This is an important part of the future of big data. If people become savvier about their personal data, questioning who is gathering it, for what purpose and how it is secured, it will become harder for organisations to gather the big data they desire.
Samani believes that while at present people seem unaware of the value of their data, this could change. “The perceived value of personal data has never been so low, but at the same time the value of data is increasing," he said.
“If people realised this they would start to make better decisions about when to release data and when it may be unsafe to do so. We may get to a world were people begin to preserve their personal data because they realise it has monetary value.”
Target's targeting works too well
Heeding all this advice could save businesses and consumers from some tricky big data situations, as the following example involving US retailer Target shows.
The firm used data analytics on its customer database to work out when female customers appeared to be pregnant based on browsing and buying habits.
To enhance customer loyalty, Target would then send coupons regarding certain items, including those that would appeal to expectant mothers as their due date approached.
One day, though, an irate father confronted a store manager when his daughter was sent the booklet, claiming the inclusion of baby items was inappropriate. The store manager apologised and rang the man a few days later to reiterate the apology.
However, the man then admitted that his daughter was indeed pregnant, a fact she had to reveal owing to the situation. It was a win for Target’s analytics system, but not the ideal human or emotional outcome.
Target realised that such a blatant sales approach could make customers uneasy so the retailer changed its strategy to subtly include such promotions alongside everyday items.
The case demonstrates the power of data and the importance of considering everything from security and data protection to privacy issues for any firm embracing big data.
A version of this article first appeared in the V3 Big Data Definitive Guide available for iOS, Android and on the web.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches