I was recently talking with a friend about—what else—Facebook and her thoughts on whether that would be too private to share.
“Oh, I don’t believe in privacy,” she said with a dismissive hand wave.
That stumped me, in large part because she’s a defense attorney.
“You don’t believe in privacy as a fact or you don’t believe in privacy as a law?” I asked.
“Oh – legal privacy is very important,” she said. “But privacy as a fact—I don’t believe in it. It doesn’t exist.”
It sounds like a distinction only a lawyer could make. Yet as Big Data becomes commonplace, CIOs must educate themselves about the legal risks and responsibilities of gathering and using data, advises Larry Cohen, global CTO of Capgemini.
“I think the CIO is already kind of taking on more of a role of a risk broker and risk orchestrator in the enterprise,” Cohen told CIO.com. “I think this is a perfect example of how a role like that arises in a topic like Big Data.”
The Internet of Things (IoT) may bring many of the privacy concerns around Big Data to a head sooner rather than later. The Federal Trade Commission took its first legal action against an IoT manufacturer last September over a security vulnerability in camera software. And this summer, the White House renewed its push for a Consumer Privacy Bill of Rights that experts say could affect Big Data initiatives.
Experts say CIOs must be pro-active in self-regulating privacy and other legal issues related to Big Data and the IoT. While you may think you can make the data anonymous, it’s possible to peg down individuals even from large data sets. Wall Street Journal covers one widely reported example where researchers were able to identify individuals from DNA data submitted anonymously.
In a CIO.com analysis published last week, University of Colorado Professor of Law Scott Peppet recommended IT executives take these steps immediately:
- Audit your data to know what you track and store.
- Only store what is absolutely necessary to your business model or for improving the user experience.
- Develop a plan for asking and obtaining “meaningful consent” for using the data. Peppet said you must notify customers or users what data will be accessed, how it will be analyzed and used, where it will be stored, how it is encrypted, and the circumstances under which it will be disclosed.
Even so, you’re still in unknown legal terrain since the law itself is still evolving.
These recommendations raise other concerns, too. Will these legal concerns dampen enthusiasm for Big Data? Could such self-imposed restrictions even weaken the business case for Big Data?
After all, Big Data isn’t used for simple reporting. The primary selling point of Big Data is the ability to explore any and all data in a quest for new insights and untapped markets.
Loraine Lawson is a veteran technology reporter and blogger. She currently writes the Integration blog for IT Business Edge, which covers all aspects of integration technology, including data governance and best practices. She has also covered IT/Business Alignment and IT Security for IT Business Edge. Before becoming a freelance writer, Lawson worked at TechRepublic as a site editor and writer, covering mobile, IT management, IT security and other technology trends. Previously, she was a webmaster at the Kentucky Transportation Cabinet and a newspaper journalist. Follow Lawson at Google+ and on Twitter.