Big data has become big business in recent years. The more organisations mine and analyse their data, the more they risk breaching privacy laws. Advances in software technology are enabling organisations to track data down to identifiable individuals.
Data was once thought to be an aggregate of anonymous information, but advances in behavioural profiling software have become so sophisticated and accurate that organisations now have the ability to track the data down to an identifiable individual. This means that organisations can no longer claim that data is completely anonymous.
From March 2014, the Australian Privacy Commissioner will have the ability to fine companies in breach of the Privacy Act up to $1.7 million for serious breaches. Organisations will need to take privacy issues seriously and be wary of actions that could inadvertently put them at risk of breaching privacy laws. Such organisations may be unknowingly participating in activities that could lead them to be a target of a privacy audit and possibly, a heavy fine. This includes selling, licensing or moving data offshore.
Why has big data becomes so popular? Data mining and analysis has the ability to provide:
- valuable insights from the collation of data from company databases, the internet, social media, remote sensors and third-party sources
- the ability to forecast potential events that could impact business performance or operations, thereby minimising risk
- informed decision-making
- insights for highly-targeted marketing campaigns
These have all been made possible through the lowering cost of data storage and the advances in technology used to collect and manage the data.
Are such advances in technology a privacy concern? No, according to Kareem Tawansi, CEO of software development provider, Solentive Software, “While I can envisage that individuals may be discerned from the data in particular circumstances, I believe most commercially-focused businesses are not interested in the behaviour of individuals. Rather, the value they receive from data mining will come from the identification of trends and buying patterns of a larger group. However, I do believe that the privacy of individuals still needs to be protected.”
“I always thought that the power of software was limitless and that you could do anything with software; however you also need the data in order to do whatever it is that you want. Now, we have the data and the impact that this is having on technology is growing exponentially. As such, a guideline regarding the privacy of personal information needs to be established within organisations,” continued Tawansi.
As organisations turn to software development providers for sophisticated data mining and analysis software, the delineation of responsibility becomes blurred between the client and the vendor. Is it the responsibility of the client whose requirements may include functionality that could possibly breach privacy laws? Or is it the responsibility of the vendor who develops the software that can perform those functions?
“My opinion is that as part of any software engagement process, if the vendor is aware of an ethical transgression, they need to raise this issue with the client and potentially object to taking part,” offered Tawansi.
The reality is that in most cases, the legal system is struggling to keep up with the advances in technology. Nonetheless, it is important that organisations, whether as a client or vendor, ensure that they have ethical guidelines in place that employees must abide by. This will ensure that organisations are not putting themselves at risk of being audited and potentially fined.