Getting Responsible with Big DataGetting Responsible with Big Data

No organization is immune from distrust when big data is involved.

Data collection has been a long-time practice. The more data collected, the more conclusions can be drawn. While this is advantageous to the ones doing the collecting, it can put those the data covers at a disadvantage.

Big data is both a collection and processing effort, and it's important to note that big data does not automatically produce useful and accurate results. Analysis can still lead to erroneous conclusions.

As an example, take my youngest son, who once came to me with a question: "When did the world become color? Did it become color before or after I was born?" I asked how he came to ask such a question. He said that:

His information was correct, but his conclusion was not. In the same way, big data will only be as good as the information collected, the conclusions that are produced, and how it is used responsibly. (See my previous blogs on the topic, Big Data: A Tool, Not an Answer, and Big Data at Odds with Privacy?)

In January, 2014, President Obama spoke at the Department of Justice, calling on the administration to conduct a broad review of big data and privacy, looking to determine how they impact the way we work and live as well as how big data was being used by universities, the government and the private sector. As part of the administration's review , public input on big data issues was surveyed on WhiteHouse.gov. Respondents were asked to comment on how concerned they were with data practices. They were also asked about how much they trust institutions to keep their data safe and handle it responsibly.

A total of 24,092 individuals responded to the survey. The two graphics below summarize some of the survey results showing where the concerns are and who are the most mistrusted entities collecting big data:

No organization is immune from distrust when big data is involved.

Big data holds the potential to impinge on both individuals and businesses. There are responsibilities for both the data collector and the processor. The recommendations proposed by the report are primarily focused on protecting the use of, and avoiding the abuse of personal big data:

There will be many who say that new big data rules place a burden on the organizations collecting and processing big data. But most of these organizations use the big data to generate revenue. I think this is just a cost of doing business and should not be used as an argument against the protection of big data. I think that burden is necessary to protect the individual.

I expect that Europe will enact big data legislation that will precede the efforts in the U.S. International organizations will have to conform to the European rules, and those organizations should not be allowed to avoid such rules for U.S. citizens and non-citizens residing in the U.S. It will be difficult for the international organization to comply with European rules while not applying them in the U.S.

Further, any organization collecting and/or processing big data should monitor possible legislation. Companies' legal departments or legal advisors should be anticipating the actions that will be required. The organization should implement the most likely rules, standards, and legislation as it is written. Unless there is a grandfather clause or a waiting period, the organization should be ahead in protecting big data, not a follower that could end up in court.

A final issue is who should be in charge of the big data security and protection. The CSO seems to be a good candidate but that person's job is protecting the organization. The techniques and technologies used by the CSO overlap with those of protecting big data, however, when there is a problem and the organization is at fault, will the CSO act as an independent agent or be influenced by the other responsibilities of protecting the organization? Because of this potential conflict of interests, I think that larger organizations should leverage an independent big data individual or staff with internal enforcement powers.