Privacy, Security and Liability Add to reading list

Securing the Compound

Nearly two centuries after miners dug up stretches of California chasing fortune, we’re using computer power to mine big data.

Nearly two centuries after miners dug up stretches of California chasing fortune, we’re using computer power to mine big data.

Who stands to profit? On one hand, businesses do. For consumers, the answer is a little less clear. As businesses fine-tune their methods of collecting and storing data about consumers and employees, those same people are left to wonder what happens to that data, who keeps it secure and how much of it is theirs.

Think about it: You leave a massive trail of data in any given day—digital breadcrumbs that lead back to you. In the course of 24 hours, the average person might:

• Use a map app on the way to work
• Check email
• Search for a new restaurant online
• Click “like” on a Facebook page
• Post to Twitter
• Request a rideshare
• Buy dinner or groceries online

This deluge of personal data has created opportunities for new types of businesses to emerge. Data brokers buy, collect and sell consumer data. But do these brokers have the right to profit from your information? Do they own it, or do you? What are the security risks of passing it around, and who is liable if it lands in the wrong hands or paints an inaccurate or unflattering picture? So far, the questions outnumber the answers.

Privacy

When you search online for something, should your search history automatically disappear, untraced, or should Google have access to it? What about your Amazon purchases? Should anyone besides the IRS know your income bracket? Your credit rating?

Data privacy deals with who has the right to determine which data in a computer system can be collected and shared. Some say that decision should belong to the person generating the data, while others grant the power to the companies fulfilling your requests. After all, many of the online services we use every day are free, and they require data to improve their offerings.

Data privacy deals with who has the right to determine which data in a computer system can be collected and shared.

For example, in 2018, Facebook investigated thousands of apps for potentially violating data-privacy policies on the platform. As a result, the social media network suspended close to 200 apps. view citation[1] An earlier data breach by Cambridge Analytica, a British political consulting firm, sparked this investigation. The firm previously used Facebook to collect personal information on roughly 50 million people, reportedly selling the data to political candidates. Those candidates used the data to influence U.S. elections in 2014 and 2016, while individual Facebook users had no idea this was happening. view citation[2]

Situations like this one leave many people wondering where traditional privacy protections stand in today’s big data world. For example, federal law has long required medical researchers to obtain informed consent from clinical trial participants. view citation[3] A typical informed-consent form explains how the researchers plan to use participants’ personal data and protect their privacy.

But by design, big data analytics often uncovers hidden patterns in data by making connections between unrelated data points. As a result, even if a researcher discloses the type of information being collected on us, we may not be able to anticipate how the data will be used in the future.

By design, big data analytics often uncovers hidden patterns in data by making connections between unrelated data points.

Privacy is a particular challenge for the health care sector, which captures a huge amount of sensitive patient information in the form of genetic sequencing, biological specimens, electronic medical records and administrative data. Researchers collect personal information from people who participate in clinical trials; pharmacies keep records of the prescriptions they fill; and hospitals store data on patients’ medical procedures, vital signs and insurance coverage.

In 2014, the U.S. Federal Trade Commission (FTC) found that data brokers collect and store billions of data elements on nearly every household and commercial transaction. view citation[4] The brokers then use powerful analytics tools to learn more about consumers’ interests, often revealing an individual’s income, age, health status or other information along the way—without the person’s knowledge. The FTC has called for greater transparency and accountability from data brokers. Of the brokers the FTC examined, one stored information on more than $1 trillion in transactions, and another held 700 billion data elements in its database. view citation[5]

You might not mind if the collection of data by companies and data brokers helps you find products and services that make your life easier. Alternatively, you might feel that this practice completely violates your right to privacy. Either way, it’s important to know that when you go online to shop, play games, use social media or even plan your day, your digital trail isn’t yours alone.

Security

Keeping data secure is one of the biggest challenges confronting society today. Businesses and data brokers constantly add new records to their collections, causing networked databases to branch outward exponentially.

These large, centralized databases hold vast amounts of sensitive personal data. Databases maintained by medical providers, for example, play a key role in ensuring your health and safety. However, they also act as beacons for hackers, who exploit cybersecurity weaknesses to steal data. Hackers go after anything from medical and bank account information to Social Security numbers and passwords. Some of that data might then make its way to the “Dark Web,” where information is often sold for illegal or malicious purposes.

Keeping data secure is one of the biggest challenges confronting society today.

In its annual report on data security, the health care consulting firm CynergisTek reported that hacking attacks on health care providers increased 320 percent in 2016, compromising more than 16 million individual patient records. view citation[6] A hacking attack in 2017 on the credit reporting firm Equifax dwarfed that number, exposing the personal data of up to 143 million people. view citation[7]

Savvy hackers, and even some not-so-savvy ones, can overcome some of the most advanced data security measures, such as the widely trusted two-step authentication protocol. In 2016, an investor lost millions of dollars in bitcoin when a hacker faked the investor’s identity and convinced a customer service agent to transfer the investor’s phone number to a carrier linked to the hacker’s Google Voice account. The hacker then changed the investor’s passwords, locking him out of his bank, PayPal account and two bitcoin services. view citation[8]

Although the internet can deliver great convenience, we still have to be alert and aware when it comes to security online. Learning about the steps you can take in your own life—such as changing passwords often and keeping your cell number private—can help you protect yourself and your data.

Ownership

Scientists and ethicists grapple with more than privacy and security questions when it comes to data. At the root of the issue, they debate who ultimately owns the data that companies and data brokers collect, store, analyze and sell.

With physical property, ownership tends to be more clear-cut. view citation[9] However, data is fundamentally different from physical property in a few key ways. Because it’s intangible, data can be copied, combined with other data and used simultaneously by more than one person. When you fill out a product warranty or register on a website, your personal information doesn’t remain in one place. The company you shared your information with might sell it to a data broker, who then combines the information you provided with other information to build your digital profile.

Unless you read the fine print on every social media site you visit, you may not realize that you are relinquishing some of your rights to your data when you post text or media files on those platforms. For example, when you upload a photo to Facebook, you’re granting the company a broad license to use your image, at least until you delete it. view citation[10] Did you catch that part of the terms and conditions, or did you scroll past all the fine print to click “Accept”?

The European Union took a step toward clarifying the issue of data ownership with the adoption of the General Data Protection Regulation. This law, which went into effect in 2018, requires companies that collect data on individuals in Europe to explain why the information is being collected and how it will be used. It also gives individuals the right to see their personal data and correct mistakes in the company’s record. Also, individuals can petition to have personal information removed from a website under the right to erasure—known as the “right to be forgotten” view citation[11] —which deletes information or media about the person from internet records.

That may work within the European Union, but data isn’t a physical object. It travels easily across physical borders. That’s why the question of who exactly owns the data—and who controls it—carries so much weight and sparks so much debate.

Liability Issues and Workforce Shortage

With so much information being collected on people every day, some of that data ends up being inaccurate, unflattering or incomplete. But who is liable if misinformation causes you to miss out on a job opportunity, be denied for a loan, lose friends or experience other harm? And who analyzes the information to make those decisions?

With so much information being collected on people every day, some of that data ends up inaccurate, unflattering or incomplete.

Google will remove some sensitive misinformation, especially if it puts you at risk for identity theft or financial fraud. view citation[12] However, it’s nearly impossible to get negative or erroneous information removed from the internet unless you hire a lawyer. view citation[13] In 2016, the U.S. Supreme Court set a precedent by ruling that a Virginia man had to prove concrete harm to sue a data broker that posted inaccurate information about him. view citation[14]

If no one knows how to interpret the data, it may not matter whether the data is accurate. One of the biggest challenges facing the United States and other developed countries is a shortage of analysts and managers trained to perform big data analytics.

The McKinsey Global Institute estimates that the United States will face a shortage of 250,000 data scientists by 2024. In addition, the institute says our shortage of “business translators”—professionals with technical and business knowledge who can turn analytical insights into profitable actions—will be far greater over the coming decade, running in the range of 2 to 4 million. view citation[15] A great opportunity is emerging here for business decision-makers, especially those seeking to grow areas of business in and around big data.

However, companies that harness big data to provide predictive analytics to their customers also face liability risks if they’re passing off incorrect information as accurate, especially in cases where their products or services can potentially cause harm. view citation[16] For example, applications exist that predict the best time for farmers to spray pesticides on their fields. If the app makes a predictive error based on misinterpretation of data, the pesticide may drift onto nearby fields and damage other crops. This leaves the company legally liable if a court finds the recommendation from the app to be negligent. view citation[17]

Researchers hypothesize that if colleges can’t produce enough new talent to fill the data analytics gap in the coming years, professionals in other areas will experience pressure to acquire the skills necessary to understand and apply data analytics. view citation[18]

Where We Go From Here

Data is what you get when you boil the human experience down into numbers. The collection of that data gives manufacturers, retailers, service providers and countless others intimate details about our habits, interests, likes and dislikes—the essence of our daily lives. Yet it also raises the question: Does the act of purchasing from or working for a company automatically opt you into this system of mass data collection?

Data is what you get when you boil the human experience down into numbers.

Unless you live completely off the grid and only make purchases with paper currency, the answer is yes—even if no one ever asked you directly.

With big data collection as our new reality, security experts, businesses, governments and the general public are left to sort through the implications. Which information should be kept private? Who should have access to it? Who owns it? In the coming years, as hackers become savvier and data teaches us all more about ourselves and our neighbors, these unknowns will influence our lives in ways we can’t yet predict. The hope is that our collective data will help us all live better, safer and healthier lives. We just need to find ways to secure our data today and start training for the challenges of tomorrow.