Big Data Brings Big Privacy Concerns
- 24 January, 2013 15:35
When CIOs think of big data, they might envision the technical challenges and opportunities posed by the vast reservoirs of information their companies are collecting and analyzing. But when some policy makers contemplate the same situation, their concerns turn to questions of privacy, and what steps data-rich companies are taking to safeguard consumers' personal information.
In recent years, lawmakers and regulators have voiced mounting concerns about the volume of data that businesses are collecting, how that information is then used and if it is sold, and whether consumers are given meaningful notice about those companies' practices.
In the Senate, John Rockefeller (D-W.V.), the chairman of the Commerce Committee, opened an inquiry into the practices of nine data brokers in October. Committee staffers will continue the probe in the new Congress as Rockefeller and other lawmakers contemplate new legislation to protect consumer privacy in the Internet age.
"We have gotten involved in data brokers and big data -- quote unquote -- because it's very clear that we're approaching this place where more and more of consumers' lives are going to be online," Erik Jones, deputy general counsel for Rockefeller's committee, said during a panel discussion here at the annual State of the Net conference hosted by the Advisory Committee to the Congressional Internet Caucus.
"Because of that there's a digital footprint that is now available. There are certainly benefits to that," Jones adds. "But there are also concerns that are raised. And what we are trying to do on the committee is better understand what that means for consumers."
Online Data Collection Policies
Jones stresses that Rockefeller and other members working on privacy issues are keenly aware of the balancing act they would face in drafting a law that provides meaningful protections for consumers without hobbling emerging business models built around benign uses of consumer data, including all the content and applications that Internet companies offer for free, generating revenue through advertising tailored to users with increasing precision.
About two months after Rockefeller sent letters to the data brokers asking for information about their information-collection and marketing policies, the Federal Trade Commission followed suit with its own set of orders demanding similar information from nine firms. Of those, three data brokers -- Acxiom, Datalogix and Rapleaf -- also received letters from Rockefeller.
In issuing its orders, the FTC said that it would use the information the data brokers provided to inform its understanding of the privacy practices of the industry, which senior officials have identified as an area of particular concern in the agency's ongoing policy work on Internet privacy.
"The power of big data is the ability to make inferences on, you know, reasonably fine-grained groups of people. And that's the very thing that causes the privacy violation as well," says Paul Ohm, a senior policy adviser with the FTC. "You can have really, really, really aggregated data that we would all agree could never be violated in anything we would consider privacy. Turns out that's the data that's the least useful."
In the Senate, Rockefeller has been one of the leading voices calling for meaningful online privacy protections, though if any legislation with his name on it is to become law, it will have to win passage in the 113th Congress. Rockefeller has announced that he will retire after the end of his term in 2015, rather than seek reelection.
In the meantime, efforts to extract detailed information from industry players about their data-collection practices have been frustrated by a lack of specificity, according to Jones.
"What we're trying to understand is what exactly is this information people are collecting, the companies are collecting, and what are they selling it for," Jones says. "The concerns that are being raised on the committee are no one really knows what this information is. We've had plenty of meetings where individuals will come in and talk about the benefits on the marketing side, because that's what we're focusing on, and how it helps drive the growth of the Internet and it's very helpful for you to find the right product that you need. But what we're not hearing is well, how specific is this information? Where is it being collected from? I think it's important for consumers and for Congress to understand really what this information is. And at this point it's essentially a black box."
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.
Read more about big data in CIO's Big Data Drilldown.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
"How many of the Fortune 500 companies have access to PRISM? https://en.wikipedia.org/wiki/Industrial_espionage ..."Australia suspected to have PRISM data: Ludlam
Australia Post’s mail business to lose $200 million this year
Australia Post’s mail business to lose $200 million this year
Microsoft's ambivalence about Office on the Web gives Apple shot with iWork on iCloud
3 Lessons Learned From a Failed Customer Feedback Test
Securing the Promise of Virtualisation
For today’s enterprise, this whitepaper identifies three general areas of risk associated with risk; those that are traditionally areas of risk, the hazards that are exclusive to virtualisation and the more recent set of risks that are associated with newly formed hybrid environments. Read more to find out how to keep pace with evolving threats, quicker provisioning and dynamically mobile workloads.
Spear-Phishing Email: Most Favored APT Attack Bait
This research paper presents findings on APT-related spear phishing from February to September 2012. We analysed APT-related spear-phishing emails collected throughout this period to understand and mitigate attacks. The information we gathered not only allowed us to obtain specific details on spear phishing but also on targeted attacks. We found, for instance, that 91% of targeted attacks involve spear-phishing emails, reinforcing the belief that spear phishing is a primary means by which APT attackers infiltrate target networks.
Mobility Apps: What every developer should know
Learn how others have delivered industry-leading, multi-platform management and security solutions. In this whitepaper, we look how app developers can develop, deploy and manage apps that enterprises can rely on today and into the future. Click to download!