Handling Privacy and Security Concerns with Big Data

Big Data and Analytics are a boon for gauging and improving customer experience but a bane for their privacy. Therefore, it’s critical how well organisations self-regulate to avoid breach of privacy through their implementation

– Arvind Purushothaman, Practice Head & Director –Information Management & Analytics, Virtusa

“Data is the new oil”. “Data is the natural resource of the 21st century”.

These phrases have been coined and expressed by many leaders and visionaries. The similarities are endless.

Much like how the crude has to be extracted, refined and converted into a product that will benefit the end consumer, data also goes through a similar lifecycle. The process of refining leads to pollution and can harm the same people who are benefiting from it. Similarly, data privacy violations and data security breaches will do more harm to the end users in proportion to the benefits leveraged from Big Data analytics.

How would you feel when an employer questioned about your relationship status in an interview basis the data he got from the social networking websites? This is an unavoidable situation but at the same time this is when the companies, individuals and government should be mindful of how the data can be manipulated and misused; hence addressing these issues become compelling.

The debate on data privacy, or rather, information privacy is something that has been going on for the past several decades. But, in the recent context of Big Data, it has taken on a new paradigm.

Big Data: The New Behemoth?

Big Data, in a simplistic way, is a term that refers to the collection of large and diverse sets of data which is then mined to understand relationships and to further make decisions. The data can be sourced from anywhere: social media, mobile, online transactions, GPS coordinates, IP enabled devices, machine logs etc. Therefore, the amount of data created multiplies manifold on a daily basis with technological advancement.

Few interesting statistics

•    IBM estimates every day 2.5 quintillion bytes of

data creation

•    The Internet user base in India as of June 2013 was 190 million, according to the Internet And Mobile Association of India (IAMAI)

•    Facebook has 100 million users in India while Twitter will have 18.1 million users by the end of the year

•    55 million Facebook updates every day

•    In 2014 with refrence to the size of the Indian electorate and Modi’s unanimous victory, it was found out that with the use of Modi’s combination of technologies, Big Data Analytics and Social media separated him from other candidate which was crucial to his victory. There were 814 million voters in comparison to USA’s 193.6 million, and UK’s 45.5 million. The sheer amount of data for India’s voting population was the biggest obstacle

Basically every action/activity on social, online or offline media is recorded and forms a part of Big Data which can also be analyzed by businesses where they may use this data for business opportunities.

Purposes like research, marketing, consumer insights, fraud detection, improved innovation, identifying problem areas etc use Big Data but the same set of data, when used in a different context, can lead to incorrect inferences based on disparate data sources, breaching of privacy, divulging sensitive information to public and mislead people with wrong statistics.

The key point to note is that a consumer has no idea what happens behind the scenes with the data they generate by virtue of leveraging technology. They also don’t know who is collecting the data and how it will be used.

Let’s look at the different influences on data collection and usage.

The Role of Culture

In some societies, people are less willing to share personal data compared to others. In a recent survey, it was found that Indians are more willing to share personal information for convenience compared to their Western counterparts. In Western countries, the threat of identity theft and importance to individual privacy is much more important compared to countries like India.

Role of Data Brokers

There are several companies who are Data Brokers. Their business model is built around collecting data, collating, analyzing and selling information. This has been going on for several decades. A prime example is the ability of these companies to generate a credit score which is an indication of your creditworthiness. What is now new is that the data points that go into scoring mechanisms leverages a lot of your personal data collected from the sources described earlier. While some of it may be useful to reduce fraud, the manner in which the Data Brokers operate is somewhat unregulated. The issues range from lack of transparency to the use of data. Data can be used for discriminatory pricing based on unrelated data points. It is also a data privacy issue as highlighted in the recent case of a leading US retailer leveraging buying patterns to predict outcomes and making marketing decisions.

The Role of Governments

Legislation related to data privacy has existed for many decades in many countries. The overarching goal of legislation is to ensure data about citizens is not compromised and misused. For example, the United States has a Fair Credit Reporting Act (FCRA) that was enacted in 1970 to promote accuracy, fairness, and the privacy of personal information assembled by Credit Reporting Agencies (CRAs). Other countries including those in the European Union are looking at similar legislation. In Europe, the European Data Protection Supervisor (EDPS), an independent supervisory authority focuses on protecting personal data and privacy. According to the recent World Economic Forum report a new approach to personal data is needed to strike a balance between protecting individuals and unlocking innovation.

Mitigating concerns

With technology advances, more and more Big Data is going to be generated. Therefore individuals, companies and government should be conscious of any data they share. Here are a few things they should keep in mind to avoid any privacy breaches.

Organizations:

•    It is important to follow ethical guidelines and also understand the potential (un)intended consequences of collecting, storing and using the information.

•    Organizations should be more transparent with what data they are collecting, data retention guidelines and how they are using the information.

•    Organizations should not wait for government regulations but should self- regulate themselves. One way to look at it is to ask ourselves if we are comfortable if our personal data was shared and used for the same purposes.

•    They also need to be careful when they collect data across national borders because laws vary from one country to another. They should also be cognizant of exposing personal data about consumers in case of a data breach.

Government:

•    They must re-visit some of the laws that have been passed decades ago to protect data privacy. In today’s world, the new regulations should also focus on the data usage aspect and increased transparency.

•    More coordination is needed between countries to ensure standardization of regulations.

•    Educate the people on privacy breaches.

Big Data and analytics are a boon for customer experience but a bane for privacy. Therefore it’s critical how well we self-regulate to avoid such breach of privacy in our daily interactions.