IBM and customer loyalty company Aimia, which runs the Nectar scheme, are ethical exemplars for big data governance, said the ICO this morning.
The ICO had said it would publish its guidelines for organisations that use big data to comply with data protection law at the launch of its annual report earlier this month, when it argued for stronger powers to police breaches of the Data Protection Act and other information laws.
Today's report re-emphasised rules that companies must abide by when using personal information to improve customer services, targeted marketing and enhanced rewards on a mass-scale. It aired the best and worst examples of big data usage amongst organisations.
Aimia has developed an ethical big data model called TACT, which stands for Transparency, Added value, Control and Trust.
"Their research showed high levels of concern amongst consumers about privacy and a desire for control over their personal data, and, contrary to a commonly expressed view, this was shared by consumers aged 19-29," the report stated.
IBM was equally lauded for its ethical big data analytics framework.
The report added that companies will be motivated to change the way they collect and record customer-based business intelligence by risk of bad PR alone.
"It would harm a company's reputation if it were the subject of a media story about the misuse of personal data, while consumers can also publicise their views to the world instantly," the report stated.
"This is an important consideration in a competitive world. There may well be a competitive advantage in being seen as a responsible and trustworthy custodian of customer data."
The ICO referred to information law academic Paul Ohm's comments that Google's infamous Flu Trends project "breached a wall of trust" by using search data to find correlations between search terms and recorded cases of flu. It also highlighted retailer Target, who found a correlation between women's due dates and purchases, enabling them to effectively predict pregnancies and send relevant offers.
Customer access to data
Customers should be granted easy access to data held by companies so they can re-use it or sell it to other organisations, the ICO added.
"The proposed EU regulations includes a provision on data portability that would enable data subjects, under certain conditions, to obtain their personal data in 'electronic and structured format which is commonly used' and transfer it to other systems," the ICO said. Customers should be able to reuse the data for their own purposes or monetise it by selling it to other organisations, it said.
"Our subject access code of practice 76 supports this by encouraging data controllers, when responding to subject access requests, to provide personal data in open reusable formats where it is practicable to do so."
Sign up for CIO Asia eNewsletters.