The privacy implications of big data

While its potential uses and benefits are endless, big data also poses some risks to companies.

Although the term big data is likely one that lawyers and business managers have heard, its impact on privacy is one they still need to understand, says David Navetta, one of the founding partners of the Information Law Group.

While its potential uses and benefits are endless, he said, "Big data also poses some risk to both the companies seeking to unlock its potential, and the individuals whose information is now continuously being collected, combined, mined, analyzed, disclosed and acted upon."

Even the best definitions of big data are abstract from a legal standpoint, Navetta said. To better understand what big data means to businesses or other organizations, it might be useful to view it as a business process or a supplement to existing business processes that allows an organization to access unimaginable amounts of structured and unstructured data from internal and external sources, and through analysis, understand the relationships within and between that data. He added that there are limitations and legal risks associated with the process and the result.

He also said that while big data may represent the Holy Grail of marketing, its implications for privacy are significant.

In part because of the complexity of the big data ecosystem, it is too easy, Navetta said, for big data to circumvent, intentionally or not, the rules in the United States for notice, awareness, choice and consent outlined in the Fair Information Practice Principles.  

He added that even of the people who may take the time to read a disclosure statement outlining privacy and data sharing policies, few get the concept of the data broker and that their data remains in a database where it can be shared or correlated indiscriminately. Even fewer understand how their data may be combined with other existing profile data and reveal more than the consenting person could have contemplated at the time of disclosure.

Another area of concern is people's access to their own data. With big data it is either non-existent or incomplete. Even if access is covered in the Fair Credit Reporting Act, access and participation in a big data environment may be too complex to control. And in some cases, even if a person can track and identify where personal data is being held and by whom, they have no legal recourse to access it.

Navetta said the Federal Trade Commission is open to considering additional regulatory scrutiny over data brokers and in December issued nine orders for information to analyze the industry's privacy practices. It also launched an investigation to study the data broker industry's collection and use of consumer information.

Navetta said big data analytics is already the norm for many organizations, and as companies rush headlong into this space, they would be wise to step back and contemplate the potential privacy implications of their activities, and consider steps to address privacy concerns. "Proactively dealing with the privacy issues discussed in this article can help organizations safely leverage big data while still retaining customers, and avoiding reputational harm, litigation and regulatory scrutiny," he said.

For more:
- see Navetta's article

Related Articles:
Making security legally defensible
Data brokers under FTC microscope
Gartner: 30 percent of businesses will monetize info assets in 4 years