An ex-Google employee recently spoke about disrupting big data operations like Google and social media.
"I think there is a huge opportunity for micropayment-based models to disrupt what we have now", James Whittaker, the Microsoft technology lead said.
"I'm really interested in monetisation, because information isn't really free. With Google and all technology you are all data - your data belongs to someone else."
Privacy impact assessments
The ICO stated that companies should carry out privacy impact assessments to sum up what information is being used and for what purpose. The assessment should outline any plans to keep personal information for longer than usual, but must state the reasons why.
Companies cannot hold on to information just to see whether it will be useful in the future, if they are to abide by data protection laws, the ICO said.
Further, customers must be given a "privacy notice" which states when their personal information is being recorded and what it is being analysed for.
Companies who buy datasets take responsibility that the customers would have been shown a privacy notice at the time their information was recorded.
"If an organisation is relying on people's consent as the condition for processing their personal data, then that consent must be freely given, specific and informed. This means people must be able to understand what the organisation is going to do with their data and there must be a clear indication that they consent to it", the ICO said.
"If an organisation has collected personal data for one purpose and then decides to start analysing it for completely different purposes (or to make it available for others to do so) then it needs to make its users aware of this."
This could affect organisations like Facebook, which recently came under fire for allowing researchers to carry out a mood experiment on a sample of users.
"This is particularly important if the organisation is planning to use the data for a purpose that is not apparent to the individual because it is not obviously connected with their use of a service. For example, if a social media company were selling on the wealth of personal data of its users to another company for other purposes," the ICO said.
Big data complexity is no excuse
The report is a reminder to companies that they cannot hide behind the complexity of big data if it wants to stay on the right side of the law.
Customers are well within their right to make a subject access request to find out what information a company holds on them, the ICO said.
It said: "It may be thought that the volume and variety of big data and the complexity of the analytics makes it more difficult for organisations to meet this obligation. However, these cannot be an excuse for not meeting legal obligations."
Sign up for CIO Asia eNewsletters.