How can businesses continue to respect privacy concerns while still permitting the use of big data to drive business value?
‘Companies will now have an even greater obligation to protect the personal information entrusted to them, no matter how it’s processed’
Big data use is expected to grow exponentially in the next few years now that the noise and excitement over the volumes of data we have at our fingertips are starting to be replaced by action and practical experimentation, and many organizations start to really capitalize on their investments in analytics, data collection and storage.
In 2016, it’s a market worth around $40 billion, and projected to reach $66.8 billion by 2021.
But alongside this gold rush, major security challenges have come to the forefront. Consumers are becoming more wary about what is happening with the vast amounts of data now collected about them – with high-profile and damaging data breaches continuing to make the headlines – and it has never been more important to maintain the balance between profit and privacy.
Major breaches have never been more frequent or their impact greater. The hauls of data thieves now commonly reach in the millions, such as in the case of the LinkedIn data breach, which affected 117 million, or the attack on the US retailer Target in 2013 that saw the data of 110 million customers exposed.
Throw in the EU’s upcoming new rules around data protection, which strengthen the rights of individuals over their personal data and promise hefty penalties for companies that fail to secure it, and it makes for a challenging environment for those managing big data.
So now and in the next few years, how will businesses respect privacy concerns while still permitting the use of big data to drive business value?
As Richard Sijbrandij, practice leader big data and analytics at big data consultancy firm Arrow explains, the challenges around securing big data aren’t really anything new, but just get amplified in many big data projects as internal and external data is being used in a more collaborative way.
‘From a data security perspective, there are some important challenges with the protection of big data – most distributed systems have only a single level of protection, which isn’t ideal,’ says Sijbrandij. ‘Non-relational databases (NoSQL) are actively evolving, making it difficult for security solutions to keep up with
‘Automated data transfer requires additional security measures. Any incoming data needs to be validated to ensure that it’s from a trustworthy and accurate source. Data audits might not be actively and routinely performed on big data due to the huge amount of information involved, and the source of the data might not be consistently monitored and tracked.’
The volumes involved in big data analysis mean that accessing an organizations big data repository can provide bigger returns for cyber criminals in one fell swoop, and the implications for the business from a regulatory and trust point of view can be severe. With that being the case, experts agree that a belts and braces approach to securing this data is critical.
Not all plain sailing
Understandably, there are serious concerns over the repercussions that come with the processing of significant amounts of big data – privacy being a major apprehension.
This is why it’s vital for companies to actively demonstrate transparency and accountability to customers when dealing with this data, and as Jon Geater, CTO of Thales e-Security, explains, the General Data Protection Regulation (GDPR) will place an even greater onus on organizations to do so.
‘Companies will now have an even greater obligation to protect the personal information entrusted to them, no matter how it’s processed,’ says Geater. ‘The new rules also make clear another important factor that we should already have known: that you can outsource your risk, but you can’t outsource your responsibility.’
Even if organizations use a third-party provider to store and manage data – such as a cloud provider – they are still responsible for its protection and must demonstrate exactly how the data is protected in the remote system.
Therefore, formal privacy-by-design techniques need to make their way down the supply chain if companies are to avoid penalties or nightmarish discovery and analysis tasks.
In addition, organizations will now have to provide citizens with online access to any of their own personal data they store.
While the Data Protection Act traditionally allowed anyone to request access to this data, once GDPR is in place organizations must make this available for download ‘where possible’ and ‘without undue delay’.
‘This is a very significant change,’ says Geater, ‘and securing this access will represent a significant challenge to many organizations – especially while still complying with the new tighter rules – and will require robust cybersecurity technology across the board.’
A balance of power
No matter what volumes of data they’re dealing with, it’s crucial for businesses to get a good handle on where their data is, how it’s stored and who has access to it. A failure to do so means running the risk of getting hauled in front of the Information Commissioner’s Office and a hefty fine.
‘The GDPR comes as a welcome piece of legislation, and in many ways the reform creates a strong and comprehensive set of rules that need to be applied in order to sufficiently protect data,’ says Phil Bindley, CTO of secure cloud hosting company The Bunker. ‘In doing so, this creates more trust in the digital environment and means that a privacy-focused approach can work in conjunction with the use and analysis of data.’
The GDPR comes at a time when customer expectations have never been higher over the privacy of their data. But Bindley argues that any legislation that helps cement trust in brands should be welcomed.
Putting the power back into the hands of customers can only serve the businesses who rely on them, helping to build a far more positive relationship and engender consumer trust.
As Neil Bramley, B2B PC business unit director at Toshiba Europe, argues, it’s an expectancy of the consumer today that interactions with brands are done on their own terms, and achieving this is how companies can build these relationships and ensure the retention of their customers.
‘Big data is the key to doing so,’ says Bramley, ‘but with more and more staff having access to this data – for example, it is particularly integral to the roles of sales and marketing staff – CIOs need to ensure that it is being handled safely and sensitively at all times.’
Mismanagement of big data can lead to crippling and long-lasting damage to a company – from financial fines to irreversible reputational damage. Yet according to research from Toshiba, CIOs are finding that the unauthorised use of IT systems and solutions is endemic across Europe – 84% say it happens to some degree within their organizations, with 43% of those saying it is a widespread problem.
’With big data constantly at employee fingertips, it is essential that this issue is resolved quickly, especially with the sheer volume of data so rapidly increasing, and simultaneously heightening the risk of any security incident occurring.’