Big data is complicated, and not just because it involves massive amounts of computing power. It can also at times be morally complicated. It has provided a huge leap for humankind, and it's producing incredible rewards in the spheres of science, medicine — and, yes, marketing. But big data is also posing the kind of uncomfortable questions that can set IT professionals back on their heels.
[PHOTO: Creative Commons; Charles Fettinger: http://www.flickr.com/photos/charlesfettinger/4465958653/]
If you want evidence of how this is happening, consider the impact of recent news about the U.S. government's massive spying program, PRISM. Recent revelations about the program have challenged much of what we thought we knew about our online privacy. And that has implications for every IT team dealing daily with customer information.
"Can you protect your data from government agencies armed with writs from super-secret courts?" asks Jim Gallo, national director of Business Analytics at ICC. "How do you reassure your customers that you will never turn over their information to these agencies? How are you going to stand against the full weight of the U.S. government to protect your clients and keep their business from becoming everyone's business?"
A new white paper from ICC explores some of these quandaries — and Gallo breaks out some key questions that IT teams must ask as they incorporate big data analysis into their company's business activities.
5 Questions: Big Data and Privacy
"One person’s good intentions can be construed as another’s misguided deeds," writes Gallo in the new ICC report. "The lines between what’s legal, what’s ethical, and what’s not, are being blurred by the big data trend."
IT teams can take steps to avoid getting caught in the blurred areas, however. But to do so, Gallo suggests, they have to ask some tough questions about what constitutes private and personally identifiable information (PII), in a post-PRISM world.
The ICC report points to five key areas:
1. Do we understand the legal definition of PII and our legal obligations? Have we clearly communicated these things to our employees?
2. If we purchase data sets culled from social media sites, or mine the sites ourselves, does the fact that site users have publicly disclosed personal information fall within the legal realm of PII? More importantly, how does this relate to information about citizens from other countries that have banned the sharing of PII outside of their jurisdictions?
3. What is our corporate policy and what are our ethical obligations where legal shades of gray exist?
4. How do we identify, let alone isolate and control access to PII embedded in unstructured data such as blogs, audio, and video files?
5. In the event we receive a subpoena for our customers’ information, can we or should we disclose this to our customers?
The answers to these questions can only come from within each organization. And it'll take time — on the order of years, probably — to sort the best practices from the fumbles. But, as Gallo points out, the time to start asking and answering is now.
"We should move forward with a sense of optimism about the future," Gallo writes. "Big data is making our lives better — through medical research, by creating smarter cities, through mass customization of our web experiences, and certainly in the security arena.
"However, we should proceed with our eyes wide-open," he adds. "As we’ve learned from Mr. Dickens, wisdom and foolishness are not mutually exclusive."