“Big Brother?! Ha! I’m not afraid of what the government knows about me. I’m more afraid of the internet and what it will expose about me. Heck, I’m even more afraid of people on the street with their smartphones who can take my picture without my permission and post it anywhere. I’ve been so diligent about living a private life, but now I live in fear.”
“Big Brother?! Ha! I’m not afraid of what the government knows about me. I’m more afraid of the internet and what it will expose about me. Heck, I’m even more afraid of people on the street with their smartphones who can take my picture without my permission and post it anywhere. I’ve been so diligent about living a private life, but now I live in fear.”
~ An attendee who went by the name of “Dee” at a technology public sector event in May 2014
The big data privacy reports. On the heels of Edward Snowden’s proclamation about the U.S. government’s misuse of consumer data, President Barack Obama asked his counselor, John Podesta, in January 2014 to conduct a 90-day study on big data privacy with recommendations on how to move forward as a country. In May, two reports were publicly released:
- Big Data: Seizing Opportunities, Preserving Values – A report prepared by John Podesta and team, which evaluated big data opportunities and challenges and provided the President with important conclusions and recommendations for policy development.
- Report to the President – Big Data and Privacy: A Technological Perspective – A report prepared by the President’s Council of Advisors on Science and Technology (PCAST) to complement and inform the big data implications for policy as presented in John Podesta’s report.
Both reports are a good discussion starter about balancing the effective use of big data with the intrusions of privacy and discrimination, and they aptly demonstrate that the government understands the big data questions on the table – from both a policy standpoint and a technological standpoint. However, they didn’t go far enough to address tough, but common, privacy concerns, like the ones expressed by “Dee” in the quote above.
What needs to happen next? The public and private sectors need to come together and make some hard decisions about managing the government’s complex data, modernizing its infrastructure, and constraining snooping and surveillance, while building consensus on how much efficiency we’re willing to forego in the name of privacy, and vice versa.
Why this matters. One key issue that I was pleased to see highlighted in these White House reports is the de-identification (or anonymization) and re-identification of individuals’ identities. It’s important to understand this one.
You’re probably familiar with the concept of de-identifying or anonymizing data. In simple terms, it means removing any information from a data set that could personally identify a specific individual; for example, the person’s name, a credit card number, a social security number, home address, etc. Companies that sell consumer data, such as data brokers, typically only sell anonymized, and often aggregated, data. So what’s the big deal?
With today’s big data technologies, it’s becoming easier to re-identify individuals from this anonymized data. Programming techniques have been and continue to be developed to pull these anonymized pieces back together from one or more data sets. In addition, there is growing concern by what analysts call the “mosaic effect” whereby a person’s identity can be derived or inferred from data sets that don’t even include personal identifiers. So if a company says it anonymizes your data before passing it onto others, be aware that your identity could still be revealed through advanced re-identification techniques.
In our organizations, as we continue to learn more about our customers by integrating big data, such as social media, with our CRM data, we may discover stories about them they never intended or wanted us to know. We need to respect these new insights and respect our customers’ privacy.
Questions to think about. Where does your organization stand when it comes to data privacy? Consider these questions:
- Does your organization have a privacy policy? Make sure you understand and adhere to your company’s privacy policies, especially in regards to data, before a customer complaint or lawsuit beats you to the punch.
- Do you tell your customers when a request is made for their data – from the government or otherwise? Do you publish periodic transparency reports? If this isn’t part of your process, is this a practice your organization could consider?
- Is your company willing to fight for your customers’ privacy rights in court? How about Congress? This isn’t just a fight for the big boys like Google and Facebook. It’s for any company who values its customers and wants to protect their privacy from intrusive entities and/or activities.
One final thought. “Dee” (from above quote) readily admits that she’s a bit paranoid. But what if her fears are valid and some of us just aren’t paranoid enough? Dee’s concern really isn’t with Big Brother as much as it is with “Big Companies” (read “not the government”) who are collecting big data on her through her social media channels, FitBit, phone records, internet browsing, car GPS, and the list goes on. Moving onto the national stage, we’ve witnessed Edward Snowden going public with the link between Big Brother and Big Companies, and more recently, the White House has issued two reports addressing these same Big concerns.
Yet the question still remains: What are we doing – in our companies and in our private lives – about privacy issues brought on by big data and big data technologies? Do we even care? In a future post, I will share some industry statistics and trends on this subject. In the meantime, stay safe. It’s a big data world out there.