Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Big Data security, privacy concerns remain unanswered

David Geer | Dec. 6, 2013
Big Data creates new security and privacy challenges that de-identification can't meet.

Reconstituting Identities
However, computer scientists have shown they can use data that is not PII to reconstitute the associated person's identity. "There are many ways to piece data back together once you have even one type of data to work with," says Keith Carter, Adjunct Professor, The Business School of the National University of Singapore. If a brand or government acquired a list of GPS records covering one year, it could use that to learn a lot about a person or persons including their identities.

"You would easily be able to find out who they are by identifying the address they regularly come from at seven or eight in the morning. You would be able to see the school or office where they then show up. You would be able to learn where they went back to in the evening," says Carter, a speaker at the "Big Data World Asia 2013" conference.

From that, someone could get their name and address with a high degree of accuracy using a public address lookup tool. Having the family name, they could determine which family member it is by where they end up once they leave home in the morning, whether at a primary or secondary school or at a certain place of work.

Losing Faith
The Stanford Law Review article suggests that the ability to reidentify people from pieces of data has a negative impact on privacy policy and undermines faith in anonymization. Further, the article suggests that deidentification is a key component of business models especially in healthcare, online behavioral advertising, and cloud computing. One implication is that if enterprises are entrenched in deidentification as a privacy solution, this could leave them hard pressed to find and fund an alternate solution. So, abuses that result from reidentification could go on for a long time.

But, this assumes that governments and businesses had faith in anonymization in the first place, according to Carter, who has had roles with Roles with Accenture, Goldman Sachs and Estee Lauder. There is also an assumption here that businesses and governments have spent a lot of money on something that doesn't deliver business value, Carter notes. In fact, what governments and businesses have done is to give themselves safe harbor by using deidentification/anonymization. And, even when companies don't use deidentification, the legal repercussions are a slap on the wrist, Carter confirms.

The truth is there may never be an adequate solution for Big Data privacy concerns, affordable or otherwise. There may only be solutions that protect enterprises and other entities from liability while pacifying people whose data is at risk. Unfortunately, for the individual, this means that abuses will indeed go on, regardless of the solution at hand.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.