Companies that hold any amount of data on their customers must now — today — begin thinking very seriously about what will happen to their reputations and their businesses if they do not take immediate steps to reassure customers their data is safe and private. Questions about who actually owns, and therefore controls the rights to, customer data are bound to surface very quickly as the world realizes privacy, as it was once defined and understood, is gone. To guide IT professionals in thinking about Big Data privacy challenges, ICC, a nationally recognized enterprise technology, has defined five questions every company must ask about its data and offers a new white paper about Big Data and privacy issues, “Big Data: Big Brother or Guardian Angel?”
When news broke of the U.S. government’s massive spying program called PRISM, two things became immediately clear: The era of Big Brother had dawned and Big Data had just erased everything we thought we knew about privacy. The news worsened as large companies with terabytes of customer data came under fire for supplying the National Security Agency (NSA) with information about their customers. While those companies have denied direct involvement in the program, millions of people who thought their data was safe learned very quickly that was an illusion.
At the heart of this issue is trust, or loss of trust, and questions about customer privacy. Already, U.S. cloud services providers are losing overseas business due to potential customer fears that their data will fall into the hands of U.S. spy agencies.
To avoid this fate, U.S. companies must begin to ask very hard questions about the information contained in their data stores: What is the definition of private or personally identifiable information (PII) in a post-PRISM world? A customer’s name? Their address? These used to be considered public information but if they can be connected (and they can be via Big Data) to other data about that individual or company, such as Social Security numbers, overseas bank accounts, or medical records, does that mean this data should now be sacrosanct?
Data privacy and ownership will become legal battlegrounds in this new hyper-connected era. Until new laws are passed, it’s going to be up to individual organizations to show customers that they are protecting their data.
Here are five questions every CIO, CEO and chief counsel needs to be asking about their company’s data.
Click through for five questions every company must ask about its data to protect customers, partners and suppliers from prying eyes, as identified by ICC.
Do we understand the legal definition of PII and what our legal obligations are, and have we clearly communicated this to our employees?
If we purchase datasets culled from social media sites, or mine the sites ourselves, does the fact that site users have publicly disclosed personal information fall within the legal realm of PII? More importantly, how does this relate to information about citizens from other countries that have banned the sharing of PII outside of their jurisdictions?
What is our corporate policy and what are our ethical obligations where legal shades of gray exist?
How do we identify, let alone isolate and control, access to PII embedded in unstructured data such as blogs and audio and video files?
In the event we receive a subpoena for our customers’ information, can we or should we disclose this to our customers?