Want more Insights from SAS? Subscribe to our Insights newsletter. Or check back often to get more insights on the topics you care about, including analytics, big data, data management, marketing, and risk & fraud.
Big data privacy: Four ways your data governance strategy affects security, privacy and trust
Do a web search for “big data” and you can find countless articles about “delivering value” from big data. While figuring out what to do with this data is important, a topic that isn’t quite as hot – but might be much more important – is big data privacy, which focuses on whether big data is protected in compliance with your organization’s existing standards.
Big data privacy falls under the broad spectrum of IT governance and is a critical component of your IT strategy. You need a level of confidence in how any data is handled to make sure your organization isn't at risk of a nasty, often public data exposure. That extends to privacy for all your data, including big data sets that are increasingly becoming part of the mainstream IT environment.
Privacy is also related to issues like data monetization. If the data that you have isn’t secure, high-quality or fit for purpose, can you trust the monetary value placed on that data? And, as the amount of data grows, do you have a strategy for larger privacy efforts, or big data privacy, in your organization?
The recommended approach... is to blend your business rules and IT rules. If you can accomplish this collaborative effort through the use of governance solutions to establish a big data privacy framework within your IT environment, then all the better.
Big data privacy vs. traditional data privacy standards
Of course, data privacy is not a new topic. By the 1970s, it was a recognized concern for issues such as medical records or financial information. In those early days, the first data privacy principles adopted what were often called “Fair Information Practices” (FIP).
The FIP efforts in organizations followed five tenants.
- Openness. There should be no systems for collecting personal data that are kept secret.
- Disclosure. Organizations should provide a way for individuals to learn what information is available and how it is used.
- Secondary usage. Information collected for one purpose should not be used for another purpose without the consent of the individual. (Note: this was the hardest to implement – and thereby became the least practiced tenant).
- Correction. Individuals should have the ability to correct or amend erroneous information.
- Security. Any organization creating, maintaining, using or disseminating identifiable personal data must assure the data is being used correctly and must take precautions to prevent misuse.
With new privacy-based regulations like HIPAA and Sarbanes-Oxley, more organizations have a more defined business need to safeguard data privacy. This has led to an expansion beyond the tenants of a FIP approach.
As our domain of data has evolved, a new focus is tracking the source of information (also known as lineage). It’s also important to understand the quality of the actual information and the usage of the information as it pertains to personal privacy and industry compliance criteria. This gets more complicated as data becomes an asset both for the organization and the consumer.
The push towards self-service and the need for big data privacy
As any other privacy or security issue, you must balance big data privacy issues against your business goals. Why do you collect and manage data in the first place? You’re typically using it to fuel an operational effort (supporting sales) or an analytical effort (learning who to sale to).
For e-commerce or online customer experiences, that data is more visible to the customer throughout their journey. As a result, the data can have a more direct impact on the bottom line. After all, without a good e-commerce experience, customers may choose to go elsewhere. Similarly, a poor online support program may lead to increased churn.
This “transparency” comes with some risk. More self-service interactions with customers means you are collecting and packaging more information about customers about their accounts, their purchases and their preferences. More data can lead to a better customer experience, but it can also put you at risk. There is simply a greater risk of exposure of personal or confidential information.
As a result, data and IT governance efforts are finding a new push as organizations begin to collect data for more public consumption. And now business and IT, once mortal enemies (almost), are now realizing that data is everyone’s responsibility.
Preparing for privacy in a big data world
When planning big data privacy efforts, a starting point is to understand the sources of data and how this data is used. As we all know, that conversation rapidly goes in the direction of how to use or exploit data.
However, there is tendency to avoid the delicate subject of how to support privacy of the individual and how to protect data in an increasingly digital world. The complicating factor is how to keep a balance between:
- The value to end users.
- The level of privacy and protection is necessary for both you and your customer.
This issue has to be addressed if you want your digital business practices to be seen as credible to your customers as providers of big data content.
Strike a balance: Big data privacy vs. big data usefulness
The recommended approach for clarifying these concerns is to blend your business rules and IT rules. If you can accomplish this collaborative effort through the use of governance solutions to establish a big data privacy framework within your IT environment, then all the better.
Recently, Steve Culp wrote a column for Forbes detailing how better data management leads to better fraud and crime prevention. One of the key points to consider is data quality. Culp writes, “…banks need to establish central data screening and reconciliation processes.” To do that, they should implement data governance to help create “clear lines of responsibility among business process owners, their technology counterparts and the fraud and financial crime data management teams.”
Naturally, you have to strike a balance between big data privacy, security and performance. To help you create a better way to implement data governance in a big data world, I’ve included a useful checklist for your IT and business groups:
- Implement business rules on big data. By making business rules part of your IT infrastructure, you get consistency, operational latency and workflow control across the enterprise.
- Know your boundaries. Check the quality of your source data before putting it into production. And ensure your sources of information are reputable and responsible. It’s better to spend more time at this phase than to regret any type of misinformation and resulting business process change.
- Create privacy and privilege levels. Review the standards and use the filters. Here, it’s important to understand what record filters can do for you and how to apply these filters for a given usage of data to service insight approach.
- Add data quality, no matter how big the data is. Data quality checks matter. In “old-school IT,” garbage in meant garbage out. Apply a data quality process to ensure your actual analysis and insights reflect the reality of the data at the foundation of your decisions.
Of course there are always debates, both within an organization and in the market overall, around governance, security and trust. Regardless of the details, it’s vital to have a big data privacy effort in place. These steps should be addressed during the design and implementation process – and as part of reviews and proof of concept trials – to make sure they fit in your big data environment.
- Learn more about data privacy by downloading the white paper The Rising Importance of Customer Data Privacy in a SoLoMo Retailing Environment.
- Implement an IT strategy for big data.
- Read more Big Data Insights.