When CIOs think of big data, they might envision the technical challenges and opportunities posed by the vast reservoirs of information their companies are collecting and analyzing. But when some policy makers contemplate the same situation, their concerns turn to questions of privacy, and what steps data-rich companies are taking to safeguard consumers' personal information.
In recent years, lawmakers and regulators have voiced mounting concerns about the volume of data that businesses are collecting, how that information is then used and if it is sold, and whether consumers are given meaningful notice about those companies' practices.
In the Senate, John Rockefeller (D-W.V.), the chairman of the Commerce Committee, opened an inquiry into the practices of nine data brokers in October. Committee staffers will continue the probe in the new Congress as Rockefeller and other lawmakers contemplate new legislation to protect consumer privacy in the Internet age.
"We have gotten involved in data brokers and big data -- quote unquote -- because it's very clear that we're approaching this place where more and more of consumers' lives are going to be online," Erik Jones, deputy general counsel for Rockefeller's committee, said during a panel discussion here at the annual State of the Net conference hosted by the Advisory Committee to the Congressional Internet Caucus.
"Because of that there's a digital footprint that is now available. There are certainly benefits to that," Jones adds. "But there are also concerns that are raised. And what we are trying to do on the committee is better understand what that means for consumers."
Online Data Collection Policies
Jones stresses that Rockefeller and other members working on privacy issues are keenly aware of the balancing act they would face in drafting a law that provides meaningful protections for consumers without hobbling emerging business models built around benign uses of consumer data, including all the content and applications that Internet companies offer for free, generating revenue through advertising tailored to users with increasing precision.
About two months after Rockefeller sent letters to the data brokers asking for information about their information-collection and marketing policies, the Federal Trade Commission followed suit with its own set of orders demanding similar information from nine firms. Of those, three data brokers -- Acxiom, Datalogix and Rapleaf -- also received letters from Rockefeller.
In issuing its orders, the FTC said that it would use the information the data brokers provided to inform its understanding of the privacy practices of the industry, which senior officials have identified as an area of particular concern in the agency's ongoing policy work on Internet privacy.
"The power of big data is the ability to make inferences on, you know, reasonably fine-grained groups of people. And that's the very thing that causes the privacy violation as well," says Paul Ohm, a senior policy adviser with the FTC. "You can have really, really, really aggregated data that we would all agree could never be violated in anything we would consider privacy. Turns out that's the data that's the least useful."
Sign up for CIO Asia eNewsletters.