Big Data Brings Big Privacy Concerns
- 24 January, 2013 15:35
When CIOs think of big data, they might envision the technical challenges and opportunities posed by the vast reservoirs of information their companies are collecting and analyzing. But when some policy makers contemplate the same situation, their concerns turn to questions of privacy, and what steps data-rich companies are taking to safeguard consumers' personal information.
In recent years, lawmakers and regulators have voiced mounting concerns about the volume of data that businesses are collecting, how that information is then used and if it is sold, and whether consumers are given meaningful notice about those companies' practices.
In the Senate, John Rockefeller (D-W.V.), the chairman of the Commerce Committee, opened an inquiry into the practices of nine data brokers in October. Committee staffers will continue the probe in the new Congress as Rockefeller and other lawmakers contemplate new legislation to protect consumer privacy in the Internet age.
"We have gotten involved in data brokers and big data -- quote unquote -- because it's very clear that we're approaching this place where more and more of consumers' lives are going to be online," Erik Jones, deputy general counsel for Rockefeller's committee, said during a panel discussion here at the annual State of the Net conference hosted by the Advisory Committee to the Congressional Internet Caucus.
"Because of that there's a digital footprint that is now available. There are certainly benefits to that," Jones adds. "But there are also concerns that are raised. And what we are trying to do on the committee is better understand what that means for consumers."
Online Data Collection Policies
Jones stresses that Rockefeller and other members working on privacy issues are keenly aware of the balancing act they would face in drafting a law that provides meaningful protections for consumers without hobbling emerging business models built around benign uses of consumer data, including all the content and applications that Internet companies offer for free, generating revenue through advertising tailored to users with increasing precision.
About two months after Rockefeller sent letters to the data brokers asking for information about their information-collection and marketing policies, the Federal Trade Commission followed suit with its own set of orders demanding similar information from nine firms. Of those, three data brokers -- Acxiom, Datalogix and Rapleaf -- also received letters from Rockefeller.
In issuing its orders, the FTC said that it would use the information the data brokers provided to inform its understanding of the privacy practices of the industry, which senior officials have identified as an area of particular concern in the agency's ongoing policy work on Internet privacy.
"The power of big data is the ability to make inferences on, you know, reasonably fine-grained groups of people. And that's the very thing that causes the privacy violation as well," says Paul Ohm, a senior policy adviser with the FTC. "You can have really, really, really aggregated data that we would all agree could never be violated in anything we would consider privacy. Turns out that's the data that's the least useful."
In the Senate, Rockefeller has been one of the leading voices calling for meaningful online privacy protections, though if any legislation with his name on it is to become law, it will have to win passage in the 113th Congress. Rockefeller has announced that he will retire after the end of his term in 2015, rather than seek reelection.
In the meantime, efforts to extract detailed information from industry players about their data-collection practices have been frustrated by a lack of specificity, according to Jones.
"What we're trying to understand is what exactly is this information people are collecting, the companies are collecting, and what are they selling it for," Jones says. "The concerns that are being raised on the committee are no one really knows what this information is. We've had plenty of meetings where individuals will come in and talk about the benefits on the marketing side, because that's what we're focusing on, and how it helps drive the growth of the Internet and it's very helpful for you to find the right product that you need. But what we're not hearing is well, how specific is this information? Where is it being collected from? I think it's important for consumers and for Congress to understand really what this information is. And at this point it's essentially a black box."
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.
Read more about big data in CIO's Big Data Drilldown.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- In Control at Layer 2: A Tectonic Shift in Network Security
- Vodafone Ireland Implements World-Class Service Excellence with HP BSM
- Getting Real About Security Management and Big Data – A Roadmap for Big Data in Security Analytics
- Devising a Server Protection Strategy with Trend Micro
- Best Practices for Migrating to SharePoint 2013
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Batten Down the Hatches! A Guide to Protecting Data in Motion
The risks facing high-speed data networks and unencrypted data while in motion are very real and on the rise. As information becomes one of the most valuable ‘off balance sheet’ assets, protection of that information and the investment in it is a paramount obligation of office-holders and management. Read now for a better understanding of the risks to data in motion.
Advanced Persistent Threats and Real-Time Threat Management
Businesses face a constantly evolving threat landscape. One of the greatest challenges is presented by advanced persistent threats (APTs), which are sophisticated, multi‐faceted attacks targeting a particular organisation. Mitigating the risk of APTs requires advances beyond traditional layered security to include real‐time threat management. This whitepaper describes the nature of APTs, the risks they pose to businesses, and techniques for blocking, detecting, and containing APTs and other emerging threats. Read now.
Tolly Report: Performance Survey of Virtual Environment Security
This report by Tolly tests the system resource requirements of competing vendor solutions when performing on-demand and on-access scanning functions, during distributed definition updates. Click to download how the four competing options ranked against each other.