Few of us would doubt the value in the proper use of big data collection. Healthcare is perhaps most important, but better law enforcement and product safety improvement come in close seconds. Then there’s the intelligence value of collected data to find and neutralize growing threats to our nation.
So how can we take advantage of the value of big data without suffering the distrust and damage caused by its unauthorized collection and use?

Data, Data, Who’s Got Your Data?

In today’s connected world, you might say anyone and everyone. We’ve all heard that nothing is sure but death and taxes .... You can add the collection and use of big data to that list.
Everywhere we look, corporations and government agencies are relying on big data stores to pursue their relationships with you. If you shop online (and who doesn’t, these days?) your inbox and smartphone are full of marketing messages from retailers that seem to know what you have been buying, from whom and how long ago. Even your health records, driving records and a host of other things about you are being digitized and kept for analysis. In a culture that amasses big data that way, the deluge we are seeing is unlikely to abate anytime soon.
It’s become virtually impossible to know for sure who has your data or what are they doing with it. This is especially true as the “data sharing” phenomenon has grown – organizations collecting data and then sharing it with other organizations in return for their data. Now, even organizations you may trust with your information often don’t retain it and usually don’t control how it is used once they share it.
And with the rise of a highly sophisticated global data theft industry, even big data stores held by organizations with no intent to abuse or share them are vulnerable to unauthorized use – often ending up back in the marketplace as the criminals “fence” them back into legal channels.
With so many ways your data is being collected and with so many groups collecting it, or stealing it from someone who has, everything we do with any connection to the Internet is probably on someone’s digital shelf being used for … who knows what?
Big data can seem — and is often touted as — an unmixed blessing, taking us toward a brave new world of information transparency. But, like the “man behind the curtain” in the Wizard of Oz, there is a side to the big data phenomenon that we are meant to “pay no attention to.”
So, our question: How can the collectors of big data guarantee that our information won’t be used in ways we don’t approve of?
The answer: They can’t.

Fighting an Old War

All this isn’t to say we aren’t doing anything, but what we’re doing is way behind the times.
Several years ago, as technology began its rapid rise and data collection grew with it, privacy concerns (at a much lower level of jeopardy) drove the industry to adopt several protective techniques in an attempt to assure people that their data would be safe and used only for purposes they were OK with:
  1. Purpose limitation, the careful restriction of collected data to only those elements critical to its intended use
  2. Data minimization, the collection of only that data absolutely needed to perform the intended functions
  3. Anonymization (a.k.a. “de-identification”), separating personal information from the statistical data needed for analysis
  4. Software and hardware barriers to prevent data repository compromise
These worked (sort of) for a while, often creating more impression than substance of safety. But, like the aphorism about generals always fighting the previous war, while the growth of technology has rendered these techniques less and less effective, industry continues to depend on them to deal with today’s new world of big data.
The use of big data by legitimate firms for legal uses can be controlled to some extent by the use of “opt-out and opt-in” relationships between firms and their clients: Unless you give me permission to use or share your data, I agree not to do so. We see this on a growing number of websites.