There are very few industries where Big Data isn’t a hot topic right now. Businesses are collecting and analyzing ever-growing amounts of data in their quest for increased efficiency, reduced waste and, of course, profits. Companies of all sizes are investing in big data and many believe their huge data depositories are turning into one of their biggest business assets.
But there’s a problem. Big Data comes with a few big hurdles that must be overcome. And organizations which ignore them or fail to properly address them could see one of their biggest business assets turn into a lethal liability.
For a start, data is not free – collecting and storing data will always have a cost associated with it. On top of that, collecting and storing data, particularly personal data (which is what a lot of corporate Big Data is) brings legal and regulatory obligations – and falling foul of these can have disastrous consequences for your business’s reputation as well as its financial performance.
During a recent conversation with Ashley Winton, a partner in the corporate law firm Paul Hastings, we discussed the importance of understanding exactly what responsibilities come with data collection, storage and analysis. In Europe the new the data protection regulation means firms can face heavy fines (up to €20m or 4% of annual worldwide turnover) for misusing or inadequately protecting personal information.
As a general rule of thumb, private data has to be protected and can only be used for the purpose for which it was handed over. If you collect people’s personal data without making it clear what it will be used for – and taking steps to ensure it isn’t used for anything else – it’s easy to end up in hot water.
Another pitfall that many businesses fall into, Winton tells me, is assuming that “bought in” data has been cleared for use by the people who are selling it. The fact is that it is still the end user’s responsibility to make sure that their organization isn’t misusing data, even if it was bought from somewhere else.
In other words, if you buy a list of names and addresses to use for marketing purposes, and it turns out that the person who sold you those names and addresses didn’t secure the right permissions when they collected it, it’s you that will end up facing fines from regulators and potentially ruinous lawsuits from people whose data you have misused.
Regulation around the use of personal data may be less stringent in the US, but there are still many hazards to be wary of. Felix Wu, professor of law at the Benjamin N. Cardozo School of Law tells me “Unlike Europe, the US does not have comprehensive privacy regulation, but this may actually make things more difficult for companies, which must comply with a patchwork of varying state and federal laws.”
One area in which the US does regulate more substantially is around issues involving deception, Professor Wu tells me. “Companies can run afoul of laws against deception without even intending to deceive. This means that companies need to keep track, in a detailed way, of what their data handling practices are – including what they collect, how they use the data ad to whom the data is disclosed – in order to ensure that their practices are consistent with what they say in their privacy policies, marketing materials and elsewhere.”
Professor Wu points towards Google ass a relevant example of a company which has been tripped up by collecting data which was “useless to the company”. The search giant has landed in legal hot water over collection of private data by cars capturing images (and wifi data) for its Street View service.
So how do you make sure you avoid these pitfalls? Well, the correct procedure is to make sure that you have comprehensive policies in place for data governance.
This means you should be aware of the requirements and regulations concerning every step of your Big Data and analytics operations.
Good practice, Winton recommends and I wholeheartedly agree, is to include data about your data (metadata) with the data itself, making explicitly clear what permissions and governance applies to that particular bit of data
There are many other steps which should be taken to ensure you have thorough data governance procedures in place. If you collect images from CCTV for analysis, notices should be in place making it clear what that data is likely to be used for. If you use Bluetooth or newer tech such as Apple’s iBeacons to capture data about customers on your premises from their mobile phones, the agreements that they give which allow you to collect this data must explicitly state what it is used for. And if you buy in data from a third party supplier, it is absolutely essential to check the fine print to see what conditions were given to the supplier when they collected the data.
Legislation is certainly tightening up, all around the world, when it comes to matters of use or misuse of personal data, and fines can be enormous. Under new regulations recently drafted by the EU, fines for breaches could be as high as 5% of a company’s worldwide turnover. So it is becoming more important than ever to make sure you are compliant with every piece of legislation which affects you. If not, it’s only a matter of time before what should be one of your business’s biggest assets becomes one of its biggest liabilities!
This article was written by Bernard Marr from Forbes and was legally licensed through the NewsCred publisher network.