fbpx Skip to content

Knowledge Byte: The Privacy and Ethics of Big Data

84057392_3382513485109192_2570936499621068800_n

Cloud Credential Council (CCC)

Exp4

For all its potential uses and capability to enact changes, Big Data also raises a number of privacy and ethics-related questions that ought to be addressed. Reviewing its relationship with compliance can be an important first step in exploring this topic.

Compliance

Country/state differences:

● PCI DSS, HIPAA (US), Data Protection Act (UK)

● Review compliance with the above legislation in relation to Big Data

● Big Data Privacy Review commissioned by White House

Various types of legislations are relevant to privacy in different jurisdictions. In the UK, the Data Protection Act is the main mechanism used to deal with privacy and its violations. In the US, the legislation dealing with medical records and privacy is HIPAA. On the other hand, PCI DSS is an international set of requirements applicable in all places where credit card transactions are processed. It needs to be noted that in countries with state (territory)/federal structure, for example, Australia, Canada, the US, India, and so on, there may be privacy-related state legislation, in addition to applicable federal acts.

Big Data privacy review was commissioned by the White House in 2014. The review provides a set of recommendations in relation to Big Data and privacy:

● Pass National Data Breach Legislation

● Extend Privacy Protections to non-US Persons

● Amend the Electronic Communications Privacy Act to ensure a similar standard of protection of data in physical and online worlds

Challenges

● Complex IT environment – Not well understood and still, mainly tech-driven, consequently less IS audit oversight.

● The number of Big Data solutions are sitting outside IS – Residing in business areas and being used for experiments.

● Higher risk than usual:

  •  000,000s vs 000s of records/transactions
  • New insights are generated

● Reidentification not always effective:

  • 85% of people in the US can be identified using publicly available information – ZIP, DOB, and sex.
  • > 50% from city, DOB, and sex.

Approach

● Bring the privacy issues to CxO/Board’s attention – Use COBIT5 Principle 1 – Meeting Stakeholders Needs, EDM 1.01-1.03.

● Anonymize the data quickly.

● Ensure “new” data is covered by policies:

  • Systems processing these datasets need to be covered in the audit plan.

● Governance/risk/audit function needs to provide education to business users on the risks associated with privacy and Big Data.

Data anonymization is the process of encrypting or removing personally identifiable information from data sets so that the people whom the data describe remain anonymous. Data anonymization enables the transfer of information across a boundary, such as between two agencies, while reducing the risk of unintended disclosure.

Race and gender are sensitive and should be used carefully in Big Data projects. In some cases, it may even be illegal to do. For example, age profiling when evaluating a potential customer in a bank can be illegal. At the same time, in medical situations, it may be necessary. Also, implied race can be a problem. For example, certain postcodes are associated with some nationalities. In such cases, ethical issues may arise because using postcodes is very closely related to using nationality.

Related products to help you upskill

Sorry, we couldn't find any posts. Please try a different search.

Never miss an interesting article

Get our latest news, tutorials, guides, tips & deals delivered to your inbox.

Please enter your name.
Please enter a valid email address.
Please check the required field.
Something went wrong. Please check your entries and try again.

Keep learning

Big-Data-101

Learn The Basics of Big Data Before Becoming Certified

Thanks to the advancing technology over the years, it's now easier to collect data and store it. In this way, the generated and collected data...
Big-Data-hiring

The Big Data Approach to Hiring Professionals

No company in the world succeeds without the right people. Until a fully capable AI-driven company comes along in the heart of it all, it...
Big-Data-beyond-IT

9 Ways Big Data Applications Extend Beyond the IT Industry

Think Big Data is only used in the IT industry? Think again. The reality is that Big Data goes far beyond IT and has the...
Scroll To Top
Tweet
Share
Share