Big data vs. privacy: the big balancing act

Big data use is expected to grow exponentially in the next few years now that the noise and excitement over the volumes of data we have at our fingertips are starting to be replaced by action and practical experimentation, and many organisations start to really capitalise on their investments in analytics, data collection and storage.

In 2016, it’s a market worth around $40 billion, and projected to reach $66.8 billion by 2021.

But alongside this gold rush, major security challenges have come to the forefront. Consumers are becoming more wary about what is happening with the vast amounts of data now collected about them – with high-profile and damaging data breaches continuing to make the headlines – and it has never been more important to maintain the balance between profit and privacy.

Major breaches have never been more frequent or their impact greater. The hauls of data thieves now commonly reach in the millions, such as in the case of the LinkedIn data breach, which affected 117 million, or the attack on US retailer Target in 2013 that saw the data of 110 million customers exposed.

Throw in the EU’s upcoming new rules around data protection, which strengthen the rights of individuals over their personal data and promise hefty penalties for companies that fail to secure it, and it makes for a challenging environment for those managing big data.

>See also: Data protection and Brexit: Where UK businesses will stand with GDPR

So now and in the next few years, how will businesses respect privacy concerns while still permitting the use of big data to drive business value?

As Richard Sijbrandij, practice leader big data and analytics at big data consultancy firm Arrow explains, the challenges around securing big data aren’t really anything new, but just get amplified in many big data projects as internal and external data is being used in a more collaborative way.

‘From a data security perspective, there are some important challenges with the protection of big data – most distributed systems have only a single level of protection, which isn’t ideal,’ says Sijbrandij. ‘Non-relational databases (NoSQL) are actively evolving, making it difficult for security solutions to keep up with
the demand.

‘Automated data transfer requires additional security measures. Any incoming data needs to be validated to ensure that it’s from a trustworthy and accurate source. Data audits might not be actively and routinely performed on big data due to the huge amount of information involved, and the source of the data might not be consistently monitored and tracked.’

The volumes involved in big data analysis mean that accessing an organisation’s big data repository can provide bigger returns for cyber criminals in one fell swoop, and the implications for the business from a regulatory and trust point of view
can be severe. With that being the case, experts agree that a belts and braces approach to securing this data is critical.

Not all plain sailing

Understandably, there are serious concerns over the repercussions that come with the processing of significant amounts of big data – privacy being a major apprehension.

This is why it’s vital for companies to actively demonstrate transparency and accountability to customers when dealing with this data, and as Jon Geater, CTO of Thales e-Security, explains, the General Data Protection Regulation (GDPR) will place an even greater onus on organisations to do so.

‘Companies will now have an even greater obligation to protect the personal information entrusted to them, no matter how it’s processed,’ says Geater. ‘The new rules also make clear another important factor that we should already have known: that you can outsource your risk, but you can’t outsource your responsibility.’

Even if organisations use a third-party provider to store and manage data – such as a cloud provider – they are still responsible for its protection and must demonstrate exactly how the data is protected in the remote system.

Therefore, formal privacy-by-design techniques need to make their way down the supply chain if companies are to avoid penalties or nightmarish discovery and analysis tasks.

In addition, organisations will now have to provide citizens with online
access to any of their own personal data they store.

While the Data Protection Act traditionally allowed anyone to request access to this data, once GDPR is in place organisations must make this available for download ‘where possible’ and ‘without undue delay’.

‘This is a very significant change,’ says Geater, ‘and securing this access will represent a significant challenge to many organisations – especially while still complying with the new tighter rules – and will require robust cybersecurity technology across
the board.’

A balance of power

No matter what volumes of data they’re dealing with, it’s crucial for businesses to get a good handle on where their data is, how it’s stored and who has access to it. A failure to do so means running the risk of getting hauled in front of the Information Commissioner’s Office and a hefty fine.

‘The GDPR comes as a welcome piece of legislation, and in many ways the reform creates a strong and comprehensive set of rules that need
to be applied in order to sufficiently protect data,’ says Phil Bindley, CTO of secure cloud hosting company The Bunker. ‘In doing so, this creates more trust in the digital environment and means that a privacy-focused approach can work in conjunction with the use and analysis of data.’

The GDPR comes at a time when customer expectations have never been higher over the privacy of their data. But Bindley argues that any legislation that helps cement trust in brands should be welcomed.

Putting the power back into the hands of customers can only serve the businesses who rely on them, helping to build a far more positive relationship and engender consumer trust.

As Neil Bramley, B2B PC business unit director at Toshiba Europe, argues, it’s an expectancy of the consumer today that interactions with brands are done on their own terms, and achieving this is how companies can build these relationships and ensure the retention of their customers.

‘Big data is the key to doing so,’ says Bramley, ‘but with more and more staff having access to this data – for example, it is particularly integral to the roles of sales and marketing staff – CIOs need to ensure that it is being handled safely and sensitively at all times.’

Unauthorised use

Mismanagement of big data can lead to crippling and long-lasting damage to a company – from financial fines to irreversible reputational damage. Yet according to research from Toshiba, CIOs are finding that the unauthorised use of IT systems and solutions is endemic across Europe – 84% say it happens to some degree within their organisations, with 43% of those saying it is a widespread problem.

’With big data constantly at employee fingertips, it is essential that this issue is resolved quickly, especially with the sheer volume of data so rapidly increasing, and simultaneously heightening the risk of any security incident occurring.’

>See also: The disappointing truth about data privacy and security

But in addition to the extra responsibility on data handlers, Neil Costigan, CEO of biometric security firm BehavioSec, thinks there needs to be a drastic change of attitude on the part of the consumer.

Many consumers are wising up to the potential security threats that are out there, with many expressing fears about what is happening to their personal data. The issue for businesses is that this has not had an impact on their action.

‘BehavioSec’s report on digital behaviour discovered that 21% have shared their phone password and 10% even admit to sharing online banking details with people they know,’ says Costigan. ‘Consequently, it isn’t that the security mechanism is broken – it is only as secure as consumers’ willingness to protect it.’

Businesses that rely on customer data need to stop building irritating security barriers, he says. ‘These businesses promise frictionless, easy-to-access services, and this conflicts with the disruptive security measures they implement. They will have to change their attitude of placing frustrating security barriers that encourage consumers to take risky shortcuts and instead look into technology such as behavioural biometrics that analyse the behaviour that people are already displaying on a continuous basis.’

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Big Data