“Big data” is a hot topic today, as industry, government, and consumer advocates seek to use data to improve governmental and business offerings while seeking the appropriate balance between utility and privacy/security.
The aim of a panel at the K(NO)W Identity Conference entitled, “The Challenges of Big Data and Regulatory Compliance,” was to explore the following issue:
Have data? Can use it? While the cost of managing and using “big data” has dropped tremendously with technical innovation and proliferation of sophisticated on-demand cloud based computing, the costs of regulatory and policy management have not. We’ll explore the practical challenges posed by data regulations on data storage, transmission, automated decision making, and user disclosure.
According to panelist Greg Jones, Vice President of Data & Analytics at credit reporting agency Equifax, “Big Data is a tool we all want to use to make the right decision.”
Panelist Aleksandr Yampolskiy, CEO and Co-Founder of SecurityScorecard, discussed the trade-offs consumers make in giving away their data or in agreeing to generally cumbersome conditions. He gave the example of Uber – this platform gathers lots of data about its users, but users are generally willing to accept this because they value the utility of being able to call a ride quickly and easily. They also may agree to expensive surge pricing under certain circumstances, such as in inclement weather or if they are in an area where it would be difficult or impossible to flag down a taxi and they don’t want to be “stranded.” However, consumers may balk at other blanket requests for data, if they do not feel what they are getting in return is valuable.
Yampolskiy also discussed the security concerns that people have about companies that collect and hold massive amounts of personally identifiable information. There have been many hacks, leaks, and breaches of such companies’ websites over the years. According to Yampolskiy, if a company has a lot of malware coming out of it in email and other communications, then that is a good indication that its security has flaws and that its systems will be breached in the future. External signals are good indicators of the cybersecurity of a company, he said.
Stefanie Schmidt, General Counsel & Chief of Staff for DemystData, said that breaches and hacks like the recent “WannaCry” ransomware attack shouldn’t scare people away from the benefits of data use and innovation. Schmidt gave the example of Circuit City and Blockbuster, who stayed away from the newest innovations in serving their customers and then went out of business because of it. Schmidt also stated that companies have a duty to make a more inclusive environment, but this can only happen when companies have the data they need to serve consumers.
Julia Jacobson, a Partner at K&L Gates, LLP, had a few words of advice on how companies who use big data can avoid problems and build goodwill with regulators. Companies should: vet their vendors, have strong cybersecurity policies and effective employee training, and to test their cybersecurity policies to make sure they are working. She advised, “Don’t fight transparency.”