Data Privacy Day Shines Spotlight on Analytics, Looming Regs
How will you mark Data Privacy Day? There are some people who might take to the streets in protest of data abuses, and they would be justified in doing so. But others will use today’s unofficial holiday to highlight a potential way forward for big data analytics to survive the coming regulatory storm.
Data has always brought value to those who own it, even if attempts to quantify that value have failed spectacularly in the past. Regardless of how it’s actually valued, there’s little doubt that data has become the essential oil that greases our digital economy. Without data as feedstock, many our digitized creations would grind to a halt (not to mention causing the valuations of data-based startups to plummet).
The big question looming over big data today is who benefits from the data. In the Wild West phase of the big data boom that started over a decade ago, the answer was clear: Those who harvested the data collected its spoils.
During this time, questions about data security and privacy – not to mention the ethics of using fallible machine learning techniques to make business decisions that impact peoples’ lives – took a backseat to technical questions about how to engineer the systems and business questions about their efficiency.
But individuals have become increasingly fed up with that data calculus. Buoyed by a series of spectacular data-related failures– from the Equifax security breach to the Cambridge Analytica scandal –consumers are demanding a seat at the data table. And those demands are being met by willing governments that are granting citizens unprecedented control over their own data.
Big Data’s New Rules
The most visible new data rule is the European Union’s General Data Protection Regulation (GDPR), which went into effect in May 2018 and caries potential fines for mishandling data that reach billions of dollars. Since then, dozens of countries around the world have implemented their own versions of GDPR.
Here in the U.S., the Golden State leads the way with the California Consumer Privacy Act, which is largely modeled on GDPR and which goes into effect in 2020. Several other states have passed their own data regulations, including Washington, with dozens more on the cusp of passing their own data laws.
As the weight of new regulations piles up, it puts pressure on the U.S. Congress to pass a unifying federal data law that sets a single data standard and reduces risk for companies, says Brian Cleary, a vice president with RedPoint Global, a Massachusetts technology firm that helps companies manage and monetize their data.
“All of this is coming to a perfect storm scenario,” Cleary tells Datanami. “We really do need to adopt something that makes it easier for anyone who’s dealing with PII [personally identifiable information] to be able to comply and understand how to comply.”
Cleary says GDPR is a good law, but that an American version could actually build upon the learnings that have resulted since its passage it. The key issue that needs to be addressed in any American GDPR is the need to spell out the requirements in enough detail that businesses can act decisively upon them.
“I don’t think anybody is going to be all that surprised that new regulations are coming. It’s time has come,” Cleary says. “The challenge will be as we look at the unification of data privacy regulations coming together, is how clear is the guidance we give people. Because if we leave it arbitrary and gray, then it’s left up to the courts to determine if you’re in compliance, or up to the interpretation of a third-party auditor.”
Balancing Risk and Value
While data has the potential to help both consumers and companies, there is also a significant risk that data can do harm. Since consumers currently bear the brunt of that risk through things like identity theft and invasion of privacy, regulations are needed to balance the risk-reward continuum.
A new survey from Unisys tried to quantify how people feel about various risk-reward scenarios that are possible in today’s big data world. The survey found that:
- 42% don’t want their health insurance providers to track their fitness activity via wearable monitors to determine premiums or reward behavior
- 38% don’t want police accessing data from their wearable fitness monitor at their discretion to determine if they were at a given location at a certain time;
- 34% don’t want medical devices such as pace makers or blood sugar sensors to immediately transmit any significant changes to their doctor;
- 27% don’t want sensors in their luggage that communicate with an airport’s baggage management system like sending text messages when your luggage has been loaded/unloaded.
“These results suggest that consumers view the Internet as scarier than earthquakes, terrorism, and wars, largely because they feel they have little control over how to address bad actors leveraging Internet-enabled technologies,” says Unisys Chief Trust Officer Tom Patterson says.
This is the first Data Privacy Day (they celebrate European Data Protection Day in Europe) since GDPR went into effect eight months ago. Patrick McGrath, Director of Product Management at Commvault, says now is a good time for privacy advocates to recognize that their efforts have had an impact.
“Taking a more proactive information-driven approach to privacy protection has allowed our customers to improve their GDPR readiness posture, including their ability to clean up their environments to reduce their risk footprint, as well as and accelerate their response to regulatory inquiries and data subject requests,” McGrath says.
“However, with enterprises constantly adopting new applications, cybercriminals developing new types of cyberattacks and governments implementing new data privacy regulations, organizations need to continually ask themselves ‘who do they trust with their data,'” he continues. “Despite our progress and the success of our customers, the reality is that many organizations are still struggling to implement the right processes, internal expertise, and technology necessary to apply and enforce consistent security and data handling standards across all the different types of data in which personal information resides.”
Nobody was surprised when Google took the first hit under GDPR last week, when French authorities fined it about $57 million over how it disclosed collection of data used for targeted advertising with its search engine, Google Maps, and YouTube. But it won’t be alone in the GDPR doghouse for long, as industry watchers note there are GDPR accusations are pending against Amazon, Apple, and Netflix as well.
Watching how companies respond to these GDPR enforcement actions will be telling, according to Cindy Provin, the CEO of nCipher Security, a data encryption and security product vendor that was recently spun out of Thales.
“These high profile policy developments are sending a signal that the days of using personal data for commercial advantage without offering consumers some level of transparency are waning,” Provin says. “It’s time for technology companies to become vigilant about building consumer trust, both because regulators are watching and because consumers are increasingly invested in how their data is being used. Ultimately, it’s a smart business strategy. Trust takes years to build but only an instant to destroy.”
There is definitely a cost associated with putting strong data management and governance structures into place. If it was cheap and easy, everybody would have done it already. But the good news is that compliance can be a win-win scenario for both companies and consumers, according to RedPoint’s Cleary.
“Compliance can be considered a hurdle for a business, or a sunk cost,” he says. “But there’s plenty of studies that show consumer are willing to give you even more data about them as long as they see value in return. If they don’t, then they won’t.”
GDPR requires that companies be transparent with customers about what data they’re collecting and how they’re using that information. Once a company has a good handle on the entire lifecycle of data surrounding specific customer, it gives them the foundation for creating a “golden record” for that customer that can be very valuable to companies.
Companies perk up when they realize that the good data stewardship that is mandated by GDPR and other data regulations is closely correlated with successful big data analytics, Cleary says.
In addition to complying with regulations, they see higher levels of revenue, higher levels of profitability, average order dollar values go up, share of wallet going up, loyalty and retention going up, he says.
“They love hearing that story,” he says. “All of those things come from being able to understand that customer uniquely and having more relevant interactions with them. Oh, and by the way, that just happens to be the spirit of any of these data regulations.”