SlideShare une entreprise Scribd logo

Ekwensi ACC article

Ronke Ekwensi
Ronke Ekwensi
1  sur  6
Télécharger pour lire hors ligne
CHEAT SHEET ■■ You know it when you see it. Big Data has proved difficult to define. Lawyers should be concerned with its practical rather than theoretical implications. ■■ Mitigate privacy risks. Like any other set of records, Big Data should be subject to your standard information security protocols. This includes anonymizing data, providing agreements for informed consent, and proper monitoring and tracking. ■■ Keep it secure. The risks of uncontrolled data can outweigh its usefulness. High-profile leaks carry financial costs but also shake the customer’s faith. ■■ Keep it human. Unchecked algorithms can lead to embarrassment if they are not monitored closely. Potential issues involve inadvertent discrimination, excessive data scraping or the accidental collection of copyrighted material. By Bennie Smith and Ronké Ekwensi Today’s legal departments are standing at the cusp of a game-changing shift driven by the ability of their organizations to collect and leverage huge volumes of data. Big Data offers unprecedented opportunities for commerce, innovation and social engineering. But it also presents new challenges for in-house counsel when it comes to privacy, security and a blurring between what is helpful to consumers and customers, and what crosses the line into intrusive or off-putting behavior. By harnessing huge volumes of information from different sources, businesses can glean fresh insights and new intelligence. Big Data offers the potential to predict events, from curing diseases to anticipating consumer purchases to more accurately figuring out who may commit fraud. This can drive everything from new business models to real social change. The Hidden Dangers OF BIG DATA ACC DOCKET JULY/AUGUST 2015 73
Many of the game-changing pos- sibilities of Big Data can’t be realized until organizations and their legal departments figure out what privacy and security mean in today’s ever- changing environment. However, laws and regulations are trailing far behind technological and strategic innovations, making it difficult to fully leverage the data and expand uses beyond why it was initially collected. For legal departments, the issues around privacy and security are numer- ous, vague and sometimes conflict- ing. There are obvious risks with data breaches and having to grapple with huge stores of potentially responsive in- formation as part of ediscovery. There are few laws that specifically address Big Data as it relates to businesses, con- sumers and customers in the United States (although that is not the case in many overseas jurisdictions such as the European Union — see sidebar). In order to avoid the risks and pitfalls while leveraging all the advantages, you need to understand how Big Data intersects with privacy and security to impact the legal department and the business; how to proactively fulfill the potential of this new information; and anticipate where the barriers might lie. Implications of Big Data There are many different definitions of Big Data. According to technology research firm Gartner, “Big data is high-volume, high-velocity and high- variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making.” Along with Gartner’s definition of volume, ve- locity and variety, you should be think- ing about a fourth factor — the veracity of Big Data. Simply having a lot of data doesn’t make it reliable or useful. Rather than getting bogged down in definitions, it’s much more helpful to think of Big Data in the context of what it enables, not just its attributes. Like “business records,” you know Big Data when you see it. For in-house counsel, the practical implications are much more important than the theoretical ones. The outcome of Big Data, or what it produces, should be your concern. When used properly, Big Data can provide tremendous insights across a huge range of activities, such as human behavioral or buying patterns, disease behavior, human genetic makeup and the like. The key is pulling together disparate data to gain insights, rather than hoarding petabytes and exabytes of information that just sit on servers or in the cloud. For some companies, Big Data can manifest itself through honed information about future purchases. For others, it can be leveraged to develop new healthcare treatments that help to prevent negative drug interac- tion. Other uses include: making tax preparation predictive; determining where tourists spend their time and money; tracking crime; and honing search engines to provide more benefits to businesses. Regardless of your industry or strate- gic uses for Big Data, as in-house coun- sel your focus should be on proactively enabling the advantages of Big Data to help foresee and minimize risk. The le- gal department can take the lead in en- visioning a new future where Big Data is used appropriately and thoroughly. However, just collecting a bunch of data isn’t helpful. In fact, uncontrolled data presents more risks if you don’t know what you have, where it exists, how to leverage it or if it can be produced. Big Data should be subject to all your organization’s record management programs and data governance policies. And since much of this data tends to have a relatively short shelf life and becomes obsolete or irrelevant very quickly, your organization’s data reten- tion policy needs to address this as well. It’s important to know what types of data fall into this category, so you can discard the information when it is no longer useful. For example, when home monitoring systems capture informa- tion on temperatures, that data will probably no longer be as useful in 12 or 24 months. Even consumer buying habits that are more than two years old may lose their value and usefulness. Some categories of Big Data, par- ticularly information that is obtained through third parties, may also have re- strictions on how it can be used. When organizations purchase data from other companies, the information may be subject to strict usage agreements. When using this type of information, you must be sure that everyone at your organization understands any license agreements that may restrict how it can be parsed or combined with other in- formation. Failing to do so can lead to broken contracts or mistrust between your organization, business partners, consumers and other shareholders. In order to leverage Big Data, you need to tame it — to parse the signal from the noise. For companies across industries, the key lies in utilizing technologies to collect the data and ag- gregate it with other information such as transaction data, Internet brows- ing habits and other data to create a comprehensive picture of individual Bennie Smith has spent more than 15 years in the online advertising and advertising technology space. His previous roles have included chief privacy officer, DoubleClick, Inc.; VP platform policy & operations at Right Media Exchange/Yahoo! He is currently leading Fan Duel’s efforts in building and operating a trust-based marketplace as vice president. bennie@fanduel.com Ronké Ekwensi is a managing director in the legal management consulting practice at Duff and Phelps, and leads the records and information governance service line. Ekwensi focuses primarily on executing and implementing information governance and records management solutions for clients. ronke.ekwensi@DuffandPhelps.com 74 ASSOCIATION OF CORPORATE COUNSEL THE HIDDEN DANGERS OF BIG DATA
people’s preferences. This allows com- panies to take what they know about consumers and prospects in an attempt to better target them with information about goods and services based on their individual preferences. Information from Big Data is also feeding in to the science of social phys- ics. According to MIT’s Media Lab, social physics targets how we create organizations and governments that are cooperative, productive and creative. It states: “These are the questions of social physics, and they are especially important right now, because of global competition, environmental challenges and government failure. The engine that drives social physics is Big Data: the newly ubiquitous digital data that is becoming available about all aspects of human life. By using the data to build a predictive, computational theory of hu- man behavior we can hope to engineer better social systems.”1 Privacy and Big Data In the realm of Big Data, you must nav- igate potential regulatory and privacy landmines. Regulatory expectations are evolving in the United States, but those regulations generally center on how users can control their personal data, along with other issues such as a “bill of rights” for customers, privacy by design and other policies designed to improve transparency and accountability. Other privacy issues involve the loss of anonymity. With so much data being collected and analyzed, companies may not be able to completely guarantee that they can strip away all identifying features of specific people without a proper framework and rules in place. While there are few laws that specifi- cally regulate Big Data, organizations have to abide by a plethora of other regulations that govern privacy more generally. Federal and state regulations that can impact how Big Data is used include: ■■ Gramm-Leach-Bliley Act (GLBA) ■■ Fair Credit Reporting Act (FRCA) ■■ Genetic Information Nondiscrimination Act (GINA) ■■ Health Insurance Portability and Accountability Act (HIPAA) ■■ Electronic Communications Privacy Act ■■ California Online Privacy Protection Act In 2014, President Obama called on the administration to conduct a broad 90-day review of Big Data and privacy. The review encompassed how these technologies affect the way Ameri- cans live and work, as well as how the private sector, universities and the government are using Big Data. As part of the review, the admin- istration accepted public comments around Big Data and privacy, in- cluding the public’s level of concern with different data practices and whether they trust different organiza- tions to keep data safe and handle it responsibly. According to the White House, respondents felt most strongly about data use and collection practices. More than 80 percent of respondents were very concerned with ensuring that proper transparency and oversight is in place. While most respondents said they did not trust government intelli- gence and law enforcement agencies at all, they were far less negative toward business. Only 42 percent said they trusted businesses “not at all” when it comes to Big Data. In order to proactively engage with Big Data and address consumer, gov- ernment and legal issues, you must lay the framework for determining how you own and can use data. This should include agreements for informed consent, along with the ability to ter- minate that consent. You also need to figure out a way to track and monitor how the data is being used or may be used in the future. Your organization may also need to compartmentalize information into different databases to ensure Big Data isn’t mingled together. Keeping data secure When it comes to Big Data, losing control is one of the biggest fears for in-house counsel. The list of companies that have experienced data breaches is large, and growing all the time (see sidebar). While data breaches are one issue, us- ing Big Data for predictive analytics can lead to embarrassing mistakes or reveal- ing information that consumers would rather keep to themselves. One highly publicized incident featured Target’s ability to use analytics to figure out when customers are pregnant. According to media reports, one of those customers was a high-school girl, and her father fu- riously called his local store to complain about coupons delivered to his house for a crib and baby clothes. The store manager followed up to apologize, only to learn from the father that the daughter was pregnant after all. You should also be concerned about data being misappropriated, particularly if it is collected through online methods. These issues can range from inadver- tently misusing copyrighted information to “scraping” data from websites that expressly disallow the practice. Losing control of Big Data can trigger investigations by regulatory agencies and lawsuits by consumers who have been affected. Within a week of Anthem’s massive data breach, the company was facing potential class- action lawsuits accusing the company of failing to properly protect consumer data by not encrypting information. There are also less obvious risks of Big Data. One risk can include discrim- ination. While companies may never deliberately discriminate based on race, gender or sexual orientation, analytics As best as possible, inform your customers about the data you collect about them and how you intend to use it. ACC DOCKET JULY/AUGUST 2015 75
could figure out those factors without a human even knowing about it. Based on those analytics, companies may take recommended actions that could lead them into legal trouble. Practical implications Now that you know of the risks involved with Big Data, what can you do? Of course, you can ignore it and deal with problems as they arise. This may be the most tempting option, considering how much else you have to do. But the smarter approach is to become proactive and figure out how your organization can take control of Big Data. This will allow you to head problems off before they begin, and it will also position you as a thought leader and problem solver. Among the steps to take: Know what you have. In many companies, departments may be collecting and using Big Data without the legal department even knowing about it. The first step should be to reach out to colleagues across the business, IT and marketing depart- ments and other areas to find out what information they have or intend to gather and what they plan to do with it. Understand the specific risks your company faces Different industries collect and leverage different types of information. Some of this data may be specifically protected by laws and regulations, such as finan- cial and health information. You need to know how your company may be impacted, so you can plan thoroughly. Break down silos When it comes to Big Data, marketing should be talking to IT, the business should be in communication with compliance, and everyone needs to be talking to you. This will not only give you better insights into potential prob- lem areas, it will allow your colleagues to reduce redundant efforts and could spark new ideas. Establish policies and procedures The next step is letting everyone who handles information and analyt- ics know what they need to do, and how they need to do it. Policies and 76 ASSOCIATION OF CORPORATE COUNSEL THE HIDDEN DANGERS OF BIG DATA International Privacy Laws: The EU, UK and China For in-house counsel, navigating data security and privacy laws in one country is painful enough. However, understanding how to navigate these issues in other jurisdictions can be much more complicated. Even if companies don’t have international operations or customers, they may store or access Big Data in other jurisdictions. One of the most significant laws to consider is the European Union’s Data Protection Directive, which deals with the collection, processing and movement of personal data. The directive addresses several matters. One includes the Regulation on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data. Another one you need to be aware of is the Directive on the Protection of Individuals with Regard to Processing of Personal Data by Competent Authorities for the Purposes of Prevention, Investigation, Detection or Prosecution of Criminal Offences or the Execution of Criminal Penalties, and the Free Movement of Such Data. EU member states may also have their own privacy laws. The United Kingdom also has the Data Protection Act, which dictates how personal information such as health history, religious affiliations and criminal records can be used. China also has several laws that protect personal data, including the Law on the Protection of Consumer Rights and Interests, which affects companies that provide goods or services to Chinese consumers. Under this law, companies must notify consumers about how they plan to use their personal data and obtain their consent to collect and use it. China also has other data protection and secrecy laws that operate like blocking statutes and forbid transfer of commercial secrets outside the country. ACC EXTRAS ON… Big Data ACC Docket The Cure to the Big Data Headache: What to Know for Peace of Mind (Dec. 2014). www.acc.com/docket/data_dec14 Career Path – Big Data (Jan. 2014). www.acc.com/ docket/cp_jan14 Top Ten Ten Powerful Impact of Big Data on Big Law – And How the Modern GCs are Making it Work for Them (Oct. 2013). www.acc.com/topten/data_oct13 Practice Resource Advanced information collection and analytic capabilities have dramatically expanded and transformed the operations of businesses and other organizations. Those same information processing capabilities have a substantial impact on the discovery process associated with litigation. Read “Litigation Discovery in the Age of Big Data” for more information, http://bit.ly/litdiscoverybigdata. ACC HAS MORE MATERIAL ON THIS SUBJECT ON OUR WEBSITE. VISIT WWW.ACC.COM, WHERE YOU CAN BROWSE OUR RESOURCES BY PRACTICE AREA OR SEARCH BY KEYWORD.
While companies may never deliberately discriminate based on race, gender or sexual orientation, analytics could figure out those factors without a human even knowing about it. procedures should be regularly re- viewed and updated to keep pace with changing technology, regulations, case law and best practices. Incorporate privacy and security controls These should be part of all the relevant processes before anyone in the business ever sees the analytics or puts them to use. Leverage technology While there are invaluable nuggets of information in Big Data, there’s also a whole lot of junk. Without a way to sift, sort and manage these records, they will only accumulate. This drags down servers, costs money and will make conducting discovery of potentially responsive information even more of a headache than it already is. Communicate, communicate, communicate As best as possible, inform your cus- tomers about the data you collect about them and how you intend to use it. Be sure to gain their consent — and when something changes, communicate again to provide them with updates. The world of Big Data means that customers and consumers will need to negotiate a new deal with the compa- nies they engage with. In order to gain convenience and improved service, customers need to understand that they will need to exchange their data. Conclusion Prediction is one of the hallmarks of Big Data — and the more robust the data set, the more accurate predictions will be. This not only applies to buying habits, but medical treatments, scien- tific breakthroughs and other areas. While this is tremendously exciting on many levels, Big Data also presents serious legal, privacy and security concerns. These issues will only grow more complicated. So the sooner you get in front of them, the easier it will be to avoid risk and make use of all this information. ACC NOTES 1 socialphysics.media.mit.edu/. Major data breaches over the last few years, from LexisNexis to Anthem When it comes to Big Data, one of your biggest fears is probably a data breach — and if it isn’t, it should be. Here is just a snapshot of the biggest or most significant security breaches, based on information from the Privacy Rights Clearinghouse: ■■ LexisNexis, March 10, 2005 — 310,000 records affected ■■ TJX Companies, Jan. 17, 2007 — 100 million records affected ■■ Heartland Payment Systems, Jan. 20, 2009 — more than 130 million records affected ■■ Epsilon, April 2, 2011 — 50 million to 250 million records affected ■■ Target Corp., Dec. 13, 2013 — 40 million records affected ■■ The Home Depot, Sept. 2, 2014 — 56 million records affected ■■ Sony Pictures, Nov 24, 2014 — 47,000 records affected ■■ Anthem, Feb. 5, 2015 — 80 million records affected ■■ Sheer numbers don’t always tell the entire story. While the Sony breach was relatively small, it included extremely sensitive information, including the Social Security numbers of famous actors, entire movie scripts and emails that turned out to not be quite as funny as the authors probably thought they were while writing them. Source: Privacy Rights Clearinghouse, www.privacyrights.org ACC DOCKET JULY/AUGUST 2015 77 HAVE A COMMENT ON THIS ARTICLE? VISIT ACC’S BLOG AT WWW.INHOUSEACCESS.COM/ACC-DOCKET.

Recommandé

Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
BRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBBRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBMargaret (Peggy) Daley
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
 
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...Ebiquity
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityKegler Brown Hill + Ritter
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 

Recommandé

Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
BRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBBRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBMargaret (Peggy) Daley
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
 
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...Ebiquity
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityKegler Brown Hill + Ritter
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Successful stewardship Presentation
Successful stewardship PresentationSuccessful stewardship Presentation
Successful stewardship PresentationCertus Solutions
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the CloudIESL - The Institution of Engineers, Sri Lanka
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leadersDeeson
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020TheCEOViews
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guideTrustArc
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementTrustArc
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_toAnne ndolo
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to ActCathy Gilmartin
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...Kenneth Riley
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Bart Van Den Brande
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshellMatthew Butler
 
Nota de esclarecimento
Nota de esclarecimentoNota de esclarecimento
Nota de esclarecimentoGuy Valerio Barros dos Santos
 
Democracia e socialismo
Democracia e socialismoDemocracia e socialismo
Democracia e socialismoDaylson Lima
 

Contenu connexe

Tendances

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Successful stewardship Presentation
Successful stewardship PresentationSuccessful stewardship Presentation
Successful stewardship PresentationCertus Solutions
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leadersDeeson
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020TheCEOViews
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guideTrustArc
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementTrustArc
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_toAnne ndolo
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...Kenneth Riley
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Bart Van Den Brande
 

Tendances (20)

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Successful stewardship Presentation
Successful stewardship PresentationSuccessful stewardship Presentation
Successful stewardship Presentation
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leaders
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to Compliance
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR Management
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_to
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshell
 

En vedette

Democracia e socialismo
Democracia e socialismoDemocracia e socialismo
Democracia e socialismoDaylson Lima
 
He 2015-03 - mkt adm
He 2015-03 - mkt admHe 2015-03 - mkt adm
He 2015-03 - mkt admFlavioCLima
 
IATA-ENAC Advanced Master in Airline Operations - Program Brochure
IATA-ENAC Advanced Master in Airline Operations - Program BrochureIATA-ENAC Advanced Master in Airline Operations - Program Brochure
IATA-ENAC Advanced Master in Airline Operations - Program BrochureElena Suciu
 
Fernandes, florestan [artigo] comunidade-e-sociedade-tonnies-ferdinand-comu...
Fernandes, florestan [artigo] comunidade-e-sociedade-tonnies-ferdinand-comu...Fernandes, florestan [artigo] comunidade-e-sociedade-tonnies-ferdinand-comu...
Fernandes, florestan [artigo] comunidade-e-sociedade-tonnies-ferdinand-comu...Daylson Lima
 
Invention - Design article le Parisien
Invention - Design article le ParisienInvention - Design article le Parisien
Invention - Design article le ParisienSISMO Design studio
 
BCI Recommendation Letter
BCI Recommendation LetterBCI Recommendation Letter
BCI Recommendation LetterHarold Stone
 
BonJovi Interview
BonJovi InterviewBonJovi Interview
BonJovi InterviewBill Bodkin
 

En vedette (12)

Nota de esclarecimento
Nota de esclarecimentoNota de esclarecimento
Nota de esclarecimento
 
Democracia e socialismo
Democracia e socialismoDemocracia e socialismo
Democracia e socialismo
 
I AM
I AMI AM
I AM
 
Kredītlīnija
KredītlīnijaKredītlīnija
Kredītlīnija
 
He 2015-03 - mkt adm
He 2015-03 - mkt admHe 2015-03 - mkt adm
He 2015-03 - mkt adm
 
Cpj ff
Cpj ffCpj ff
Cpj ff
 
IATA-ENAC Advanced Master in Airline Operations - Program Brochure
IATA-ENAC Advanced Master in Airline Operations - Program BrochureIATA-ENAC Advanced Master in Airline Operations - Program Brochure
IATA-ENAC Advanced Master in Airline Operations - Program Brochure
 
Fernandes, florestan [artigo] comunidade-e-sociedade-tonnies-ferdinand-comu...
Fernandes, florestan [artigo] comunidade-e-sociedade-tonnies-ferdinand-comu...Fernandes, florestan [artigo] comunidade-e-sociedade-tonnies-ferdinand-comu...
Fernandes, florestan [artigo] comunidade-e-sociedade-tonnies-ferdinand-comu...
 
EduQuest
EduQuestEduQuest
EduQuest
 
Invention - Design article le Parisien
Invention - Design article le ParisienInvention - Design article le Parisien
Invention - Design article le Parisien
 
BCI Recommendation Letter
BCI Recommendation LetterBCI Recommendation Letter
BCI Recommendation Letter
 
BonJovi Interview
BonJovi InterviewBonJovi Interview
BonJovi Interview
 

Similaire à Ekwensi ACC article

data-dilemma-navigating-the-legal-and-ethical-maze-of-big-data-2023-5-25-7-18...
data-dilemma-navigating-the-legal-and-ethical-maze-of-big-data-2023-5-25-7-18...data-dilemma-navigating-the-legal-and-ethical-maze-of-big-data-2023-5-25-7-18...
data-dilemma-navigating-the-legal-and-ethical-maze-of-big-data-2023-5-25-7-18...Data & Analytics Magazin
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial servicesWhite & Case
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data PrivacyGigya
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
Data set module 4
Data set module 4Data set module 4
Data set module 4Data-Set
 
Data set Legislation
Data set LegislationData set Legislation
Data set LegislationData-Set
 
Data set Legislation
Data set LegislationData set Legislation
Data set LegislationData-Set
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Druva
 
Practical analytics john enoch white paper
Practical analytics john enoch white paperPractical analytics john enoch white paper
Practical analytics john enoch white paperJohn Enoch
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxAdarsh748147
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
Data foundation for analytics excellence
Data foundation for analytics excellenceData foundation for analytics excellence
Data foundation for analytics excellenceMudit Mangal
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 

Similaire à Ekwensi ACC article (20)

data-dilemma-navigating-the-legal-and-ethical-maze-of-big-data-2023-5-25-7-18...
data-dilemma-navigating-the-legal-and-ethical-maze-of-big-data-2023-5-25-7-18...data-dilemma-navigating-the-legal-and-ethical-maze-of-big-data-2023-5-25-7-18...
data-dilemma-navigating-the-legal-and-ethical-maze-of-big-data-2023-5-25-7-18...
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial services
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data Privacy
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
Data set module 4
Data set module 4Data set module 4
Data set module 4
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?
 
Practical analytics john enoch white paper
Practical analytics john enoch white paperPractical analytics john enoch white paper
Practical analytics john enoch white paper
 
Big data security
Big data securityBig data security
Big data security
 
Big data security
Big data securityBig data security
Big data security
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPER
 
Big data impact and concerns
Big data impact and concernsBig data impact and concerns
Big data impact and concerns
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptx
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 
Data foundation for analytics excellence
Data foundation for analytics excellenceData foundation for analytics excellence
Data foundation for analytics excellence
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Ey Lets Talk Sustainability (August 2016)
Ey Lets Talk Sustainability (August 2016)Ey Lets Talk Sustainability (August 2016)
Ey Lets Talk Sustainability (August 2016)
 

Ekwensi ACC article

  • 1.
  • 2. CHEAT SHEET ■■ You know it when you see it. Big Data has proved difficult to define. Lawyers should be concerned with its practical rather than theoretical implications. ■■ Mitigate privacy risks. Like any other set of records, Big Data should be subject to your standard information security protocols. This includes anonymizing data, providing agreements for informed consent, and proper monitoring and tracking. ■■ Keep it secure. The risks of uncontrolled data can outweigh its usefulness. High-profile leaks carry financial costs but also shake the customer’s faith. ■■ Keep it human. Unchecked algorithms can lead to embarrassment if they are not monitored closely. Potential issues involve inadvertent discrimination, excessive data scraping or the accidental collection of copyrighted material. By Bennie Smith and Ronké Ekwensi Today’s legal departments are standing at the cusp of a game-changing shift driven by the ability of their organizations to collect and leverage huge volumes of data. Big Data offers unprecedented opportunities for commerce, innovation and social engineering. But it also presents new challenges for in-house counsel when it comes to privacy, security and a blurring between what is helpful to consumers and customers, and what crosses the line into intrusive or off-putting behavior. By harnessing huge volumes of information from different sources, businesses can glean fresh insights and new intelligence. Big Data offers the potential to predict events, from curing diseases to anticipating consumer purchases to more accurately figuring out who may commit fraud. This can drive everything from new business models to real social change. The Hidden Dangers OF BIG DATA ACC DOCKET JULY/AUGUST 2015 73
  • 3. Many of the game-changing pos- sibilities of Big Data can’t be realized until organizations and their legal departments figure out what privacy and security mean in today’s ever- changing environment. However, laws and regulations are trailing far behind technological and strategic innovations, making it difficult to fully leverage the data and expand uses beyond why it was initially collected. For legal departments, the issues around privacy and security are numer- ous, vague and sometimes conflict- ing. There are obvious risks with data breaches and having to grapple with huge stores of potentially responsive in- formation as part of ediscovery. There are few laws that specifically address Big Data as it relates to businesses, con- sumers and customers in the United States (although that is not the case in many overseas jurisdictions such as the European Union — see sidebar). In order to avoid the risks and pitfalls while leveraging all the advantages, you need to understand how Big Data intersects with privacy and security to impact the legal department and the business; how to proactively fulfill the potential of this new information; and anticipate where the barriers might lie. Implications of Big Data There are many different definitions of Big Data. According to technology research firm Gartner, “Big data is high-volume, high-velocity and high- variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making.” Along with Gartner’s definition of volume, ve- locity and variety, you should be think- ing about a fourth factor — the veracity of Big Data. Simply having a lot of data doesn’t make it reliable or useful. Rather than getting bogged down in definitions, it’s much more helpful to think of Big Data in the context of what it enables, not just its attributes. Like “business records,” you know Big Data when you see it. For in-house counsel, the practical implications are much more important than the theoretical ones. The outcome of Big Data, or what it produces, should be your concern. When used properly, Big Data can provide tremendous insights across a huge range of activities, such as human behavioral or buying patterns, disease behavior, human genetic makeup and the like. The key is pulling together disparate data to gain insights, rather than hoarding petabytes and exabytes of information that just sit on servers or in the cloud. For some companies, Big Data can manifest itself through honed information about future purchases. For others, it can be leveraged to develop new healthcare treatments that help to prevent negative drug interac- tion. Other uses include: making tax preparation predictive; determining where tourists spend their time and money; tracking crime; and honing search engines to provide more benefits to businesses. Regardless of your industry or strate- gic uses for Big Data, as in-house coun- sel your focus should be on proactively enabling the advantages of Big Data to help foresee and minimize risk. The le- gal department can take the lead in en- visioning a new future where Big Data is used appropriately and thoroughly. However, just collecting a bunch of data isn’t helpful. In fact, uncontrolled data presents more risks if you don’t know what you have, where it exists, how to leverage it or if it can be produced. Big Data should be subject to all your organization’s record management programs and data governance policies. And since much of this data tends to have a relatively short shelf life and becomes obsolete or irrelevant very quickly, your organization’s data reten- tion policy needs to address this as well. It’s important to know what types of data fall into this category, so you can discard the information when it is no longer useful. For example, when home monitoring systems capture informa- tion on temperatures, that data will probably no longer be as useful in 12 or 24 months. Even consumer buying habits that are more than two years old may lose their value and usefulness. Some categories of Big Data, par- ticularly information that is obtained through third parties, may also have re- strictions on how it can be used. When organizations purchase data from other companies, the information may be subject to strict usage agreements. When using this type of information, you must be sure that everyone at your organization understands any license agreements that may restrict how it can be parsed or combined with other in- formation. Failing to do so can lead to broken contracts or mistrust between your organization, business partners, consumers and other shareholders. In order to leverage Big Data, you need to tame it — to parse the signal from the noise. For companies across industries, the key lies in utilizing technologies to collect the data and ag- gregate it with other information such as transaction data, Internet brows- ing habits and other data to create a comprehensive picture of individual Bennie Smith has spent more than 15 years in the online advertising and advertising technology space. His previous roles have included chief privacy officer, DoubleClick, Inc.; VP platform policy & operations at Right Media Exchange/Yahoo! He is currently leading Fan Duel’s efforts in building and operating a trust-based marketplace as vice president. bennie@fanduel.com Ronké Ekwensi is a managing director in the legal management consulting practice at Duff and Phelps, and leads the records and information governance service line. Ekwensi focuses primarily on executing and implementing information governance and records management solutions for clients. ronke.ekwensi@DuffandPhelps.com 74 ASSOCIATION OF CORPORATE COUNSEL THE HIDDEN DANGERS OF BIG DATA
  • 4. people’s preferences. This allows com- panies to take what they know about consumers and prospects in an attempt to better target them with information about goods and services based on their individual preferences. Information from Big Data is also feeding in to the science of social phys- ics. According to MIT’s Media Lab, social physics targets how we create organizations and governments that are cooperative, productive and creative. It states: “These are the questions of social physics, and they are especially important right now, because of global competition, environmental challenges and government failure. The engine that drives social physics is Big Data: the newly ubiquitous digital data that is becoming available about all aspects of human life. By using the data to build a predictive, computational theory of hu- man behavior we can hope to engineer better social systems.”1 Privacy and Big Data In the realm of Big Data, you must nav- igate potential regulatory and privacy landmines. Regulatory expectations are evolving in the United States, but those regulations generally center on how users can control their personal data, along with other issues such as a “bill of rights” for customers, privacy by design and other policies designed to improve transparency and accountability. Other privacy issues involve the loss of anonymity. With so much data being collected and analyzed, companies may not be able to completely guarantee that they can strip away all identifying features of specific people without a proper framework and rules in place. While there are few laws that specifi- cally regulate Big Data, organizations have to abide by a plethora of other regulations that govern privacy more generally. Federal and state regulations that can impact how Big Data is used include: ■■ Gramm-Leach-Bliley Act (GLBA) ■■ Fair Credit Reporting Act (FRCA) ■■ Genetic Information Nondiscrimination Act (GINA) ■■ Health Insurance Portability and Accountability Act (HIPAA) ■■ Electronic Communications Privacy Act ■■ California Online Privacy Protection Act In 2014, President Obama called on the administration to conduct a broad 90-day review of Big Data and privacy. The review encompassed how these technologies affect the way Ameri- cans live and work, as well as how the private sector, universities and the government are using Big Data. As part of the review, the admin- istration accepted public comments around Big Data and privacy, in- cluding the public’s level of concern with different data practices and whether they trust different organiza- tions to keep data safe and handle it responsibly. According to the White House, respondents felt most strongly about data use and collection practices. More than 80 percent of respondents were very concerned with ensuring that proper transparency and oversight is in place. While most respondents said they did not trust government intelli- gence and law enforcement agencies at all, they were far less negative toward business. Only 42 percent said they trusted businesses “not at all” when it comes to Big Data. In order to proactively engage with Big Data and address consumer, gov- ernment and legal issues, you must lay the framework for determining how you own and can use data. This should include agreements for informed consent, along with the ability to ter- minate that consent. You also need to figure out a way to track and monitor how the data is being used or may be used in the future. Your organization may also need to compartmentalize information into different databases to ensure Big Data isn’t mingled together. Keeping data secure When it comes to Big Data, losing control is one of the biggest fears for in-house counsel. The list of companies that have experienced data breaches is large, and growing all the time (see sidebar). While data breaches are one issue, us- ing Big Data for predictive analytics can lead to embarrassing mistakes or reveal- ing information that consumers would rather keep to themselves. One highly publicized incident featured Target’s ability to use analytics to figure out when customers are pregnant. According to media reports, one of those customers was a high-school girl, and her father fu- riously called his local store to complain about coupons delivered to his house for a crib and baby clothes. The store manager followed up to apologize, only to learn from the father that the daughter was pregnant after all. You should also be concerned about data being misappropriated, particularly if it is collected through online methods. These issues can range from inadver- tently misusing copyrighted information to “scraping” data from websites that expressly disallow the practice. Losing control of Big Data can trigger investigations by regulatory agencies and lawsuits by consumers who have been affected. Within a week of Anthem’s massive data breach, the company was facing potential class- action lawsuits accusing the company of failing to properly protect consumer data by not encrypting information. There are also less obvious risks of Big Data. One risk can include discrim- ination. While companies may never deliberately discriminate based on race, gender or sexual orientation, analytics As best as possible, inform your customers about the data you collect about them and how you intend to use it. ACC DOCKET JULY/AUGUST 2015 75
  • 5. could figure out those factors without a human even knowing about it. Based on those analytics, companies may take recommended actions that could lead them into legal trouble. Practical implications Now that you know of the risks involved with Big Data, what can you do? Of course, you can ignore it and deal with problems as they arise. This may be the most tempting option, considering how much else you have to do. But the smarter approach is to become proactive and figure out how your organization can take control of Big Data. This will allow you to head problems off before they begin, and it will also position you as a thought leader and problem solver. Among the steps to take: Know what you have. In many companies, departments may be collecting and using Big Data without the legal department even knowing about it. The first step should be to reach out to colleagues across the business, IT and marketing depart- ments and other areas to find out what information they have or intend to gather and what they plan to do with it. Understand the specific risks your company faces Different industries collect and leverage different types of information. Some of this data may be specifically protected by laws and regulations, such as finan- cial and health information. You need to know how your company may be impacted, so you can plan thoroughly. Break down silos When it comes to Big Data, marketing should be talking to IT, the business should be in communication with compliance, and everyone needs to be talking to you. This will not only give you better insights into potential prob- lem areas, it will allow your colleagues to reduce redundant efforts and could spark new ideas. Establish policies and procedures The next step is letting everyone who handles information and analyt- ics know what they need to do, and how they need to do it. Policies and 76 ASSOCIATION OF CORPORATE COUNSEL THE HIDDEN DANGERS OF BIG DATA International Privacy Laws: The EU, UK and China For in-house counsel, navigating data security and privacy laws in one country is painful enough. However, understanding how to navigate these issues in other jurisdictions can be much more complicated. Even if companies don’t have international operations or customers, they may store or access Big Data in other jurisdictions. One of the most significant laws to consider is the European Union’s Data Protection Directive, which deals with the collection, processing and movement of personal data. The directive addresses several matters. One includes the Regulation on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data. Another one you need to be aware of is the Directive on the Protection of Individuals with Regard to Processing of Personal Data by Competent Authorities for the Purposes of Prevention, Investigation, Detection or Prosecution of Criminal Offences or the Execution of Criminal Penalties, and the Free Movement of Such Data. EU member states may also have their own privacy laws. The United Kingdom also has the Data Protection Act, which dictates how personal information such as health history, religious affiliations and criminal records can be used. China also has several laws that protect personal data, including the Law on the Protection of Consumer Rights and Interests, which affects companies that provide goods or services to Chinese consumers. Under this law, companies must notify consumers about how they plan to use their personal data and obtain their consent to collect and use it. China also has other data protection and secrecy laws that operate like blocking statutes and forbid transfer of commercial secrets outside the country. ACC EXTRAS ON… Big Data ACC Docket The Cure to the Big Data Headache: What to Know for Peace of Mind (Dec. 2014). www.acc.com/docket/data_dec14 Career Path – Big Data (Jan. 2014). www.acc.com/ docket/cp_jan14 Top Ten Ten Powerful Impact of Big Data on Big Law – And How the Modern GCs are Making it Work for Them (Oct. 2013). www.acc.com/topten/data_oct13 Practice Resource Advanced information collection and analytic capabilities have dramatically expanded and transformed the operations of businesses and other organizations. Those same information processing capabilities have a substantial impact on the discovery process associated with litigation. Read “Litigation Discovery in the Age of Big Data” for more information, http://bit.ly/litdiscoverybigdata. ACC HAS MORE MATERIAL ON THIS SUBJECT ON OUR WEBSITE. VISIT WWW.ACC.COM, WHERE YOU CAN BROWSE OUR RESOURCES BY PRACTICE AREA OR SEARCH BY KEYWORD.
  • 6. While companies may never deliberately discriminate based on race, gender or sexual orientation, analytics could figure out those factors without a human even knowing about it. procedures should be regularly re- viewed and updated to keep pace with changing technology, regulations, case law and best practices. Incorporate privacy and security controls These should be part of all the relevant processes before anyone in the business ever sees the analytics or puts them to use. Leverage technology While there are invaluable nuggets of information in Big Data, there’s also a whole lot of junk. Without a way to sift, sort and manage these records, they will only accumulate. This drags down servers, costs money and will make conducting discovery of potentially responsive information even more of a headache than it already is. Communicate, communicate, communicate As best as possible, inform your cus- tomers about the data you collect about them and how you intend to use it. Be sure to gain their consent — and when something changes, communicate again to provide them with updates. The world of Big Data means that customers and consumers will need to negotiate a new deal with the compa- nies they engage with. In order to gain convenience and improved service, customers need to understand that they will need to exchange their data. Conclusion Prediction is one of the hallmarks of Big Data — and the more robust the data set, the more accurate predictions will be. This not only applies to buying habits, but medical treatments, scien- tific breakthroughs and other areas. While this is tremendously exciting on many levels, Big Data also presents serious legal, privacy and security concerns. These issues will only grow more complicated. So the sooner you get in front of them, the easier it will be to avoid risk and make use of all this information. ACC NOTES 1 socialphysics.media.mit.edu/. Major data breaches over the last few years, from LexisNexis to Anthem When it comes to Big Data, one of your biggest fears is probably a data breach — and if it isn’t, it should be. Here is just a snapshot of the biggest or most significant security breaches, based on information from the Privacy Rights Clearinghouse: ■■ LexisNexis, March 10, 2005 — 310,000 records affected ■■ TJX Companies, Jan. 17, 2007 — 100 million records affected ■■ Heartland Payment Systems, Jan. 20, 2009 — more than 130 million records affected ■■ Epsilon, April 2, 2011 — 50 million to 250 million records affected ■■ Target Corp., Dec. 13, 2013 — 40 million records affected ■■ The Home Depot, Sept. 2, 2014 — 56 million records affected ■■ Sony Pictures, Nov 24, 2014 — 47,000 records affected ■■ Anthem, Feb. 5, 2015 — 80 million records affected ■■ Sheer numbers don’t always tell the entire story. While the Sony breach was relatively small, it included extremely sensitive information, including the Social Security numbers of famous actors, entire movie scripts and emails that turned out to not be quite as funny as the authors probably thought they were while writing them. Source: Privacy Rights Clearinghouse, www.privacyrights.org ACC DOCKET JULY/AUGUST 2015 77 HAVE A COMMENT ON THIS ARTICLE? VISIT ACC’S BLOG AT WWW.INHOUSEACCESS.COM/ACC-DOCKET.