Privacy considerations & responsibilities in the era of Big Data & Internet of Things
by Ramkumar Ravichandran, Director, Analytics, Visa Inc. – January 8, 2015.
Over the past few months, I heard so much about Big Data & IoT posing a threat to privacy especially with so much happening around us. In the same time period, I had attended more than 4 events (as audience and as a panel speaker myself) on this issue. The biggest question in my mind was if we need to worry at all, since the explosion of technology capturing more and more data should bring in noisy data, shoot up the cost of storing it, impact speed of (connecting first & then) analyzing it and lead to fragmented insights.
The following links shed some light on my reasoning (more noise from too much data is statistically proven) :
When I posed this question to Sarah Bruno of Law Firm Arent Fox at a meetup, she did make a great point, with the improvement in technology capturing the data the technology to tie/store/analyze has also improved, so the threat is real. Other points she made were,
- Identification increased and noise decreased: Companies have realized this and are going for connectivity measures – primary cookies, real name credentials, etc. and are able to tie it across devices, channels and platforms.
- Sensitivity of the data (esp with IoT has gone up).
- Commercialization of the data and insights has created incentives for misuse.
- Advancements in hacking – best of technologies are unable to prevent it from happening in the first place.
So, is it doomsday already?
- No, with IoT and explosion of devices the biggest challenge is instrumentation, storage and usage anyway so less to worry about over the next 3 years.
- In those 3 years, data and privacy related regulations will come about with better understanding of technologies and risks and failure points for misuse.
- Companies realize the cost (financial, legal and PR) of loss and are doing better job of protecting them (identifying the breach when it is happening vs. finding it later that it happened).
- Many laws exist to protect, media ever more active and privacy lawyers are doing a lot to fix accountability and make the situation more responsible.
Is Big data always bad?
Unequivocal No! Data has benefited Consumers/Business/Governments and Societies in innumerable and tangible ways- e.g., discounts, offers, customized help based on geo/condition in medical devices, farming, auto assurance, government delivery and so on. So the response shouldn’t be to discourage it but to make it safer.
Are Businesses the only stakeholders with data?
No, it’s everyone from Government to businesses to communities to individual consumers. The worries of Consumers in general on this issue was summarized well in the Survey report from the White House post Snowden – “Consumers are more worried about usage and storage and less about what/when is collected?”
So what are the various stakeholders doing about this?
There is already a lot happening on this aspect from the regulators, businesses, thought leaders like Sandy Pentland and so on. Debates, discussions, brainstorms are being done – laws and policies are being framed to prepare and educate everyone to improve safety and security of all entities and individuals, e.g.,
- FTC revising rules protecting, sharing, storing. Europe coming up with stronger regulations, aka, forget me on Google.
- Data Governance methodology – instead of split ownership, single body creating and enforcing compliance rules
- Tiered security for different types of data (PII, PAI vs. others).
- Simplification of agreements and constant updates and notices about changes
- Let users decide what they want to share and make revenue on
Is it all?
Not at all, it is an evolving space and each of the entity has its own to-do list and responsibilities,
- From Regulators: Clearer regulations (and merging hundreds of those that exist and make it easy to implement), better enforcement and stronger pressure for compliance (regular, easy and cost effective compliance checks)
- From Media: Scrutiny and PR pressure. No desensitize users to the threats.
- From Businesses: Audits, Tech upgrade (encryption, tokenization), Better communication (first time & updates), sticking to the spirit and not only letter of law, ownership of data security, resist temptation to collect and store everything (not enough value but lots of risk), Consumer education – how and why the data collected will be used, how should they protect it and what value does it add, Consumer Stakeholdership (so that they are informed and willing to share in return for benefits).
- From Consumers: Responsibility for protection of data (better password protection), know what is being done and why (if you don’t know -ask)
Big data & Internet of Things are real and much closer to reality that we all imagine. They bring in their own risks but if we all follow the best practices, demand more safety, work together and do our part the future will be safe/secure and wonderful in a way that we are yet to imagine.
– Harvard Business Review: #HBRLive: The Internet of Things, Privacy, and The New Deal on Data (video, interview with Sandy Pentland)