Big Data, Bigger Responsibility

Big data is big news these days—and with good reason. The Cloud Security Alliance estimates that humans now generate 2.5 quintillion bytes of data every day.

The big data phenomenon is a direct consequence of the digitization and “datafication” of nearly every activity in personal, public, and commercial life. Consider, for instance, the growing impact of mobile phones. The global smartphone audience grew from 1 billion users in 2012 to 2 billion today, and is likely to double again, to 4 billion, by 2020, according to Benedict Evans, a partner with the venture capital firm Andreessen Horowitz.

Add to that the Internet of Things (IoT), the growing network of everyday objects equipped with sensors that can record, send, and receive data over the Internet without human intervention. Gartner Inc. estimates that the IoT currently includes 4.9 billion connected “things”—a 30 percent increase from 2014; analysts predict that the number will hit 25 billion by 2020. Of course, all those phones and devices will be generating data.

“Companies of all sizes and in virtually every industry are struggling to manage the exploding amounts of data,” says Neil Mendelson, vice president for big data and advanced analytics at Oracle. “But as both business and IT executives know all too well, managing big data involves far more than just dealing with storage and retrieval challenges—it requires addressing a variety of privacy and security issues as well.”

In a talk at the Technology Policy Institute’s 2013 Aspen Forum, Federal Trade Commission chairwoman Edith Ramirez described some big data pitfalls to be avoided. Though many organizations use big data for collecting non-personal information, there are others that use it “in ways that implicate individual privacy,” she noted, adding that the type of information collected may “reflect an individual’s health concerns, browsing history, purchasing habits, social, religious and political preferences, financial data, and more.”

Ramirez described several potential pitfalls, including:

• Ubiquitous and indiscriminate collection from a wide range of devices
• Unexpected uses of collected data, especially without customer consent
• Unintended data breach risks with larger consequences

As head of the governmental entity responsible for protecting U.S. consumers, Ramirez called for “big responsibility” with big data. “The larger the concentration of sensitive personal data, the more attractive a database is to criminals, both inside and outside a firm,” she said. “The risk of consumer injury increases as the volume and sensitivity of the data grows.”

Ramirez also called for stronger incentives to push companies to better safeguard sensitive information. “The FTC has urged Congress to give the agency civil penalty authority against companies that fail to maintain reasonable security,” she said. “The advent of big data only bolsters the need for this legislation.”

That has significant meaning for organizations, Mendelson explains: “If they fail to secure the life cycles of their big data environments, they may face regulatory consequences, in addition to the significant brand damage that data breaches can cause.”