Ontario’s Information and Privacy Commissioner, Anne Cavoukian, and IBM Fellow, Jeff Jonas, have released a very interesting paper entitled “Privacy by Design in the Age of Big Data“.
“Big Data” is the buzz word used to describe the latest frontier in data analysis. In very simple terms, we are producing huge quantities of structured and unstructured data through our electronic activities. Organizations are now able to “crunch” extremely large data sets involving disperse data from various aspects of those digital footprints that we leave behind through our activities. Moreover, the increased sophistication of technologists in developing algorithms and the increasing processing power of technology means that the analysis of extremely large data sets may take place almost in real time, thereby permitting organizations to act or react to opportunities as they present themselves.
The size of the data sets, the combining of data about individuals from multiple sources or interactions, and the risk of inadvertent disclosure or unauthorized access creates significant privacy risks. However, there is also a significant risk that a lack of understanding by the public and legislatures or a significant privacy breach at this critical stage of development of Big Data analysis could produce a knee-jerk legislative or policy reaction. We only need to recall how justified and unjustified fear of “Big Brother” databases have entrenched privacy legislation that has historically prevented sharing of information across government departments and agencies.
Ontario’s Information and Privacy Commissioner, Dr. Cavoukian, and IBM Fellow, Mr. Jonas, demonstrate that privacy and “Big Data” can co-exist. We can have the benefits of both. Their paper outline seven technical principles employed in Mr. Jonas’ “next generation” systems, which balance the utility of Big Data with privacy principles by embedding those principles in a very sophisticated way into the systems employed by the technology. Of course, the technology itself is not the complete answer to privacy issues. The point is that by embedding privacy principles into the technology, the technology will not frustrate an organization’s adherence to privacy principles.
For example, accountability and transparency are embedded into the feature of “full attribution” — that is, all data can be traced back to its source and changes accounted for in real time. However, by using sophisticated technologies to de-identify data on transfer, the data sets will be anonymous when placed into the Big Data database used for deployment of the Big Data analytics.
If you are interested in “Big Data”, be sure to join me, Nathalie Des Rosiers (General Counsel, Canadian Civil Liberties Association) and Colin McKay (Manager, Global Public Policy, Google Canada) at the Canadian Institute’s Forum on Privacy Law and Compliance (September 20-21, 2012) where we will be presenting on this topic.