Big Data and Privacy. What a Dilemma!!!
- Djanah Lawrence
- Oct 8, 2020
- 3 min read
Updated: Sep 21, 2022
My first Data Information Technologies and Applications (DITA) lecture felt like I was entering a total unknown world of terms completely foreign. Terms like Big Data, Algorithm and data amalgamation seems like a totally different language.
I was listening to my professor Lyn Robinson and the other students conversing and sharing ideas which they seemed to be familiar with. I couldn't utter a word so I decided to just listen.
While listening to the Professor and my peers, I realise that I knew more than I thought. After all Data is everywhere, on the street corner, in shop windows, on TV, books, magazines, my phone, literally everywhere, what is so difficult to understand about that!
One term I heard that stick with me was "Big Data". I was intrigued by the many questions surrounding this term. For instance:
‘What makes big data big? Who has the data and what can they do? Is it a Good thing /not a good thing?’
These questions led me to think about our privacy when sharing our data with part of our society such as governmental organisations, private companies such as Google, Facebook or Amazon etc…
What are our rights as individuals living in a society where we are obliged to share our information to access services as well as social media platforms?
According to the Kuppingercole Report Analysis (https://offer.comforte.com/big-data-analytics-security-and-compliance-challenges-in-2019), societal concerns over how data is being acquired and used are leading to increasingly tough regulations governing how organisations can acquire, store and use data.
For examples let's look at the EU GDPR (General Data Protection Regulation). GDPR imposes a much tougher regulatory framework that affects Libraries and other organisations worldwide that hold or process personal data relating to residents in the European Union.
In order to meet the obligations imposed by these laws, it is essential that organisations implement good data governance as well as data centric security controls over how they acquire, store, process, and analyse data. In the past there has been a tendency to view security as a technology issue.
The organisations or companies board members must set clearly defined business objectives for the use of Big Data, together with the needs for compliance and the acceptable levels of risk. The responsibility for the data must be clearly defined and its lifecycle must be properly managed. To be able to demonstrate compliance it must be possible to audit the way in which it is acquired, analysed and secured as well as how its results are used.
Access controls are fundamental to ensuring that data is only accessed and used in ways that are authorised. Identity and access management are essential to control legitimate access but are not enough to protect against all risks.
Many of the data breaches have occurred because of the simplest controls which were non-existent or were not implemented properly.
Organisations must implement best practices and data centric approach to secure data analytics infrastructure and adopt a privacy by design approach where personal data is involved. They must implement controls to ensure that data moving to cloud services is properly protected. Where cloud services are used, organisations using them should require independent certification that they comply with the relevant laws and regulations.
My final thoughts on Big Data privacy is that it is a good thing when it is regulated by policies like GDPR, however when it is managed by private companies like Facebook or Amazon, breaches of data security can occur because of commercial values of collected data and I will say that the latter is definitely not a good thing.
I agree that we need policies like GDPR to regulate how companies treat data. I recall that in Asia, people that do online shopping often receive scam calls, in which the scammers seem to know many things about you, from your address to recent shopping records. While I cannot tell if the data they use is an accidental leakage from the online shopping platforms or the platforms sell the data, all of these would happen less frequently if there is stricter regulation on how companies store and treat the data they gain from the users.
Very interesting read. I agree that speaking up during lectures is daunting, although exercises like these help immensely. Your points about corporations use of big data are also very important. It's scary to think that our information is being passed around and used against us. Unfortunately, it's difficult/near impossible to withdraw from it as so many people rely on the internet and social media, especially in times like these. More regulation is definitely needed.
Hi Tim, thanks for commenting on my post.
GDPR is a great legislation but what will happen when Britain completely come out of Europe as GDPR is a European Legislation if I am not mistakened.
You just gave me an idea for my next assignment.
Thank you
Agreed. Regulation and transparancy in regards to what data is being collected and how it will be used is really important, and with legislation like GDPR, we have more ownership over what data is held on us by organisations - I used to work for a broadcasting company and people could request that we delete all data that we have on them.
I do worry though that we all just consent to companies rules regarding our data without reading what that data will actually be used for... or maybe that's just me.
Very informative piece