Big Data Set to Transform Privacy, Create New Iteration of Accountability

By Murray Griffin

June 12 –Businesses must rethink their approach to privacy in the era of big data, and they risk a costly backlash if they fail to do so, Peter Cullen, executive strategist for policy innovation at the Information Accountability Foundation, told a June 10 seminar in Hong Kong.

Far-reaching changes would required, Cullen said at the seminar on big data from a privacy perspective, which was convened by the Hong Kong Office of the Privacy Commissioner for Personal Data.

The task will be made even more challenging by the growing significance in the big data life cycle of connected products, manufactured by companies that until recently have paid little heed to privacy, he said.

“We are absolutely living in a data-driven world that is powered by very advanced analytics,” Cullen, who was formerly a general manager and chief privacy strategist at Microsoft Corp., said.

Data Smorgasbord.

Vast pools of data can now be aggregated from multiple sources, including smartphones and wearable devices, sensors in a wide array of products and online activities, Cullen said.

This has led to a smorgasbord of data “that is available for both creating value and unfortunately for also creating risk,” he said.

Many manufacturers are focusing on the connectedness and personalization of their products and are consequently discovering that they are “no longer a device or a product company, they are an information company, or at the very least a significant amount of value is being created through the use of information,” Cullen said.

As a result, “in a strange way many companies will become data brokers in the future,” he said.

That has significant ramifications, partly because these businesses generally don’t have mature privacy systems and are likely to make mistakes, he said.

Compounding the problem, regulators and policymakers are struggling to keep up with the changes, he said.

That could either result in an undesirable policy vacuum or a counter-productive regulatory response “that may take classes of information or classes of uses of information right off the table, which is a risk for business, and a risk to individuals, and certainly a risk to society,” Cullen said.

New Approach: ‘Accountability 2.0.’

The solution is for businesses to think beyond an approach based on compliance with accountability as its bedrock–what he termed “accountability 1.0”–to one that also contemplates the much broader concept of fairness.

“Accountability 1.0 is necessary, but not sufficient,” he said.

The new approach, or “accountability 2.0,” will have to involve rethinking individual participation, he said.

“It is super-important that individuals do have meaningful consent and meaningful control where it is appropriate,” Cullen said. “We are going to have to think very innovatively about what that looks like.”

Changing Roles.

Within organizations, roles may have to be broadened to deal with the new risks.

Companies currently have specialist privacy officers and data security officers, but they generally don’t look in a broad way at the risks arising from the way information is used and interpreted across the organization or among organizations, Cullen said.

“Nobody is looking at what I will call the ‘horizontal risk’ to individuals as part of the enterprise risk management structure,” he said.

That means “there is a whole class of risks” that isn’t “getting the attention it deserves,” he said.

The more advanced companies are exploring the concept of data governance boards, which include important decisionmakers and an apply an ethical framework to projects involving big data, Cullen said.

Communication of Reworked Approach.

If and when companies do succeed in reworking their approaches to managing the risks and opportunities of big data, there is still one more task remaining, explaining what they have done and why they have done it, he said.

“I think if the inside process is going to change, its pretty important for business to think about how it is going to tell that story, not just to regulators and policymakers, but to customers,” he said.

“This is really a responsibility and also an opportunity I think for businesses to actually act in a way that helps create that future as opposed to waiting for guidance from a regulatory authority or a policymaker,” Cullen said.

By Murray Griffin

To contact the reporter on this story: Murray Griffin in Hong Kong at correspondents@bna.com

To contact the editor responsible for this story: Katie W. Johnson at kjohnson@bna.com

Copyright 2015, The Bureau of National Affairs, Inc.