Big Data and Privacy: The Legal Landscape Affecting Corporate Research by Shannon Harmon, JHC #CRC2014 #MRX


CRC_brochure2013Live blogging from the Corporate Researchers Conference in Chicago. Any errors or bad jokes are my own.

Big Data & Privacy: The Legal Landscape Affecting Corporate Research by Shannon Harmon, JHC

  • our lives are a series of data points
  • more opportunity vulnerability and the potential for greater abuse
  • smaller entity might purchase data from 3rd party
  • who owns the data, who has the right to access the data, what steps are taken to keep it secure
  • goal of any regulation is to protect personally identifiable information form breach and misuse
  • you can identify people with very little information so keep in mind a lot of information is PII
  • Notice and consent: need to provide notice of how the data will be used, and then obtain consent – this is the core of the law related to privacy, you need to make sure the right practices were followed to do this
  • Where do we look for oversight? Right now, state attorney general, FTC, FCC, FDA
  • Fair information practice principle – only collect what you need to collect and only retain it for as long as is necessary to fulfill the specified purpose
  • FIPP – data quality and integrity – organizations should ensure that the PII is accurate, relevant, timely and complete and this is difficult if you’ve purchased the data, supplier should have a structure in place to ensure this
  • Consumer privacy protection bill of rights – google search this – things corporations should do to protect privacy, this area will become increasingly more regulated so think ahead
  • Fair Credit Reporting Act – example of what big data protection framework should look like, right to review your credit report and make sure it’s accurate and get it fixed if it’s not correct, this is where we’re headed, your digital dossier is being collected and you don’t know how decisions about you are being made, you can’t contest your big data points… right now
  • special considerations for health data – apple has stated that any app developers cannot use any of the health data for advertising, or data-mining except to help an individual manage their health or for medical research. but is apple responsible for developer compliance? what if a data broker got the data from someone who wasn’t supposed to have it in the first place?
  • considerations for researchers
    • where is the data being obtained, what are the sources
    • what practices are being used to obtain it and what is your confidence in your aggregator
    • how is the data being trained to arrive at conclusions? what algorithms? what human manipulation?
    • think about the vendor/subcontractor relationship, is the contractor independent? a substandard contractor impacts you
  • we need
    • use restrictions – can’t use big data to discriminate on age, race, etc
    • oversight – protect against unregulated digital dossiers
  • KNOW YOUR INFORMATION SOURCE
  • be intimately knowledgeable about your company’s data gathering practices – informed consent, opt-out, internal user access controls
  • be ready to evolve as the law is only beginning to be developed in this area

%d bloggers like this: