Are you a corporate- or humanitarian-minded big data enthusiast? Depending on your response, you might be better suited to one side of the Atlantic or the other.
One of big data’s attractions is that it has the potential to find hidden patterns in heterogeneous data sets collected from sensors; customers; legacy databases; third parties; open-source data, and OLTP sources, among others. Collecting all this data takes time, effort, and capital. Companies that invest in this technically-challenging process should reap the rewards by being first to market with innovative products, micro-segmented customer strategies, and executing on new market insights.
However, these "Milton Friedman" views on the economics of big data receive different receptions depending upon which side of the Atlantic you're standing.
No general US Data Protection Act
In the United States, there is no general purpose Data Protection Act. The norm is based upon a bias towards the corporate entity, and they can do pretty much what they like with the data they harvest. The approach is biased effectively for them by the lack of an "opt-out" feature in the majority of contacts consumers sign with their vendor. If you want social media access; an internet search engine; cable; music via the internet; even power to your house; then you have very little choice but to go along with the vendor agreement as presented.
What happens to your data after it has been collected is largely unknown. Retrieval of the data, its removal, knowing where it's held, and who has subsequently accessed it is almost impossible in the majority of cases. The only real exception to this is healthcare data collection governed by the HIPAA privacy rules.
The topic of data protection in the United States, known more formally as the “Federal Cyber Policy,” did not even come up in the recent Presidential debates, and the general population seems happy to allow a Laissez-faire philosophy to prevail.
More individual rights in the EU
Across the Atlantic, the EU has a Data Protection Act with teeth (more formally known as Directive 95/46/EU), protecting an individual's personal data and the free movement of that data. The act has seven fundamental points, including: giving consumers notice of when their data is being collected; why it is being collected; how securely it is being held, and who has access to it. Additionally, they have the right to deny consent for collection, need to be allowed access to it, and are given a way to make the owners holding the data accountable for adherence to these principals.
For companies on each side of “the Pond,” doing business on the other becomes a tricky balancing act between maximizing data set coverage and minimizing liability, and up until now there has not been a high degree of concern on either side by citizens to gain access to the data from the others' big data sets.
But as big data takes hold, this is all about to change. The British Government has even started to make noise about developing new legislation to make the power force firms hand over what they are terming as “hidden data.” While the threat to impose a ten pound fine per customer may initially seem insignificant, multiplied by tens of millions of customers, on a recurring basis, it can become punitive.
Legal specialists needed
As such, British and American companies developing big data sets need to establish strong policies and procedures around their data to ensure they stay compliant. Two aspects to this data governance should be considered: First, engage a legal firm that specializes in trans-national data flows. Do not assume in-house counsel will have expertise in this technical and rapidly evolving field, and second, create a technology audit trail for any data collected.
While the US is not currently contemplating any equal legislation to the EU’s, there are other factors to be considered. Gartner’s 2012 Big Data Hype Cycle (purchase necessary) has the topic of “Information Valuation” in the Technology Trigger sector, with a 10-year time window for reaching the "Plateau of Productivity." This indicates that companies, and by extension, individuals, will have the potential to place values on their data within that time period.
Should this happen, individual pieces of data will become currency. This has the potential to cause the individual citizen to become active in obtaining the value of their own data for themselves, rather than giving it over to firms, and supporting populist legislation in order to do so.
In light of this, a strong proactive data policy at the start of a big data build is prudent. Retroactive costs on adding personalized meta-data to big data sets will make the cost of Y2K seem insignificant in comparison. It's rare that we get to start afresh in technology, and yet, the big data model is one such opportunity -- an opportunity to get compliant and proactive on day one.
Re: What a headache! Companies do still ask for identifying info at POS, Radio Shack asked me for e drivers license to use a credit card, it is clear that companies are still in need of developing data governance policies on this topic, more work for the legal council, let's hope they are up to it at your firm.
Re: What a headache! Good point, but the trend is for atomic level detail, especially in the USA where the rules are more flexible and the ability to opt out is not really available. Anyone think we will get a DPA in the states during this presidential term?
User Rank: Blogger 11/29/2012 | 5:03:00 PM
Re: EU laws alone are not sufficient Wow. Looks like a headache all of its own... even without involving US law... I know in the UK we don't have much creativity when it comes to interpretation - most often to our own detriment
User Rank: Exabyte Executive 11/29/2012 | 4:55:26 PM
Re: Two sides of the same coin... Saul, Privacy and Data? Isn't Big Data enough of an oxymoron? It may be difficult for us to accept but our privacy went out the window a long time ago when we started collecting data and we are unlikely to get it back. We may be able to hold on to portions of it but not all. I am not sure this is all that bad either.
User Rank: Exabyte Executive 11/29/2012 | 4:50:05 PM
Re: What a headache! Everyone asks for private information that should only be disclosed to legal authorities. Some numbers shouldn't be a part of commercial transactions. In the US that should include social security number and in the UK that would be our NI number. But you know what, some organizations use and demand it anyway.
User Rank: Exabyte Executive 11/29/2012 | 4:42:58 PM
EU Data Privacy Mirage I live in the UK and from the moment I leave the house in the morning until when I return at night, I am on CCTV, which means my every action is being monitored and recorded. In public buses, trains, on the street, supermarket and everywhere you can imagine (except in the toilet, perhaps) you being watched. What happens to that information and who gets to review the Big (really Big) Data that is generated? Heavens knows!