Big Data privacy and compliance issues on muddy legal ground
The theme was one of those to emerge from Whitehall Media's Big Data Analytics conference in London last month. While it was made clear that there is immense potential in harvesting data from the proliferation of sources to obtain new business insights, there were also voices calling for a more considered approach than was apparent from some of the speakers' case studies.
Robert Bond, head of data protection and information law at legal firm Charles Russell Speechlys outlined the legal risks, which derive largely from organisations amassing increasingly large stores of data on individuals. This could be held in the cloud or by third parties, and some organisations favour holding as much as data as possible indefinitely, despite not having a clear use, on the grounds that it might have some value in the future.
These factors are intensifying the risk of sanctions if any data is lost, stolen or misused. Bond said that over the past two years there had been a 1,000% increase in data breaches affecting his firm's clients, deriving mainly from internal mistakes. Also, with the European Data Protection Regulation due to come into force in the next three years, organisations will have to be able to show how they build profiles of individuals and obtain permission to use the data.
Bond warned that, unless the analytics industry creates a robust code of conduct, this could lead to unwelcome regulation.
"Big Data needs big guidance," he said. "As a lawyer I'm in favour of Big Data, but if we don't help ourselves as an industry we will get big law, and that would be problematic."
He suggested the industry could take a lead from the Direct Marketing Association in developing a sector code of conduct, and said relevant work is also being done by bodies such as Tech UK's Big Data and Analytics Council and the Cloud Industry Forum.
It was also notable that some of the presentations, while playing up the business potential, included indications of how the stakes are being raised. This was particularly so in the way that wearable devices and locational technology are providing new streams of data on people's movements, activities and health signs.
Dr Louise Bennett of the BCS Security Community Expertise and chair of the conference, emphasised the risks by pointing out that Big Data could be misused in creating an infrastructure for surveillance, or to falsely identify relationships that impose a stigma on some groups of people. She asked a panel of speakers how they could find a workable balance between obtaining insights from Big Data protecting the privacy of their customers.
The answers indicated that most organisations have noted the risks and that some are taking personal identifiers out of the data, but beyond this little detail was offered. It suggested that many organisations racing to harness Big Data are yet to pay close attention to the possible privacy pitfalls.
But a contribution from Chris Smith, head of business intelligence at Jagex Games Studio, summed up the fact that rapid changes in technology changes can test the letter of law, and that it can take time to adapt.
"Big Data is a real paradigm shift, and the laws are getting stretched" he said. "We have to deal with it."