Policy

Of policy and petabytes: Shaping the use of big data

abstract head representing big data

Thinking through big-data policies will influence the future course of the tools. (Stock image)

No one knows for certain where big data is headed, but its future will be inextricably tied to the policies that govern the ways in which government agencies and corporations use ever-increasing amounts of information about individuals and the world we live in.

Existing federal policies like the Privacy Act of 1974 and the Health Insurance Portability and Accountability Act have little to say about how a corporation collects petabytes of customer data to drive sales, or how the government uses social networking analytics to predict the flu or respond to emergencies.

For anyone concerned about privacy, this is a problem, and for companies, lack of policy guidelines on new and expanding technologies like big data create potential liabilities. Still others feel there is profit potential in pushing for updated policies that deal with big data, or that it is necessary for policy to block monopolies on big data technology.

Regardless of personal stance on the issue, policy will catch up – or at least close the gap – on big data, according to industry and government speakers at the Bloomberg Big Data Conference held March 14 in Washington, D.C.

"Eventually, the law comes to Dodge City," said George O. Strawn, director of the Federal Networking and Information Technology Research and Development (NITRD) National Coordination Office (NCO).

Where such polices come from and their potential effectiveness, however, proved trickier to predict. At the agency level, security guidelines, data protection policies and information sharing standards can vary almost as widely as agency missions do; there is no one way to do big data.

And at the governmentwide level, said Jules Polonetsky, co-chair and director of the Future of Privacy Forum, there really is no law on the books that addresses the full scope of big data.

Polonetsky said the Obama administration’s "Consumer Privacy Bill of Rights" proposed last year would give consumers more control over personal information than they have now if it becomes law. The proposal focused on transparency; respect for context; security, access and accuracy; focused collection and accountability; and legislation. Such broad-scale legislation would be a massive undertaking, especially with cybersecurity thrown in the mix, said Stan Lowe, Deputy Assistant Secretary for Information Security for the U.S. Department of Veteran Affairs.

"I don’t think we can [legislate] ourselves out of this problem," said Lowe.

Lowe added that the spark for such a massive change could come from the private sector, though it might not come pretty.

He suggested the possibility of a major class-action lawsuit by consumers against a big private sector player that results in big payouts as a possible catalyst to policy changes. Case law, he said, could provide the right impetus for the government and industry to "come up with rules."

Large-scale changes in privacy and policy are not unheard of. Polonetsky pointed to the current privacy push in the European Parliament as an example. He said that the best big data outcomes will come from balanced approaches involving both the public and private sectors, but warned that balances could shift the longer both sides fail to address the policies that govern this new era of technology.

"I’m worried we have a short window on the policy side to make hard decisions," he said.

Featured

Reader comments

Sun, Mar 17, 2013 Deidre Paknad

Class action litigation in two states (CA and MA) suggests that the courts will be where consumers (and their lawyers) define expectations for privacy: zip codes were deemed personal information and combining them with other data for marketing purposes opened the door for the class action litigation. It is critical for company policy makers in privacy and legal functions to work closely with their marketing counterparts to understand what data is collected, how it is used, what combinations are analyzed (and how) and what business decisions and actions are taken from the analytics and insights that result from them. Traditional information hygiene principles in privacy, records management, and data governance are even more relevant -- and more difficult to apply -- with more data from more sources. For CIOs and Chief Data Officers, a new discipline focused on improving information economics is fast arising to ensure that organizations get maximum value for information at the lowest cost and risk; this is particularly important as volume, variety, and velocity of information increase as they face tremendous cost cutting pressures and the privacy, regulatory and litigation landscape are more active and fraught with risk than ever before. Organizations that more precisely define and measure information's 1) value, 2) cost and 3) risk get a higher return on information. Deidre Paknad Vice President Information Lifecycle Governance IBM @day_dree

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above