Big Data Privacy Risks And The Role Of The GDPR: Part 1

Evelyne Salie

Part 1 of a 2-part series. Read Part 2.

Data privacy concerns anyone using the intra- and internets of our global Big Data community. But many social media and web shop customers, employees, and global organizations aren’t fully aware of the privacy risks their online activity poses. Likewise, many individuals and businesses don’t realize there are actions they can take to guard themselves against the most hazardous risks.

There are two parties prompted to take protective actions by the General Data Protection Regulation (GDPR) —individuals and organizations with global customers coming from the European Union and other countries.

Major privacy threats and their impacts

There are multiple ways that Big Data analytics can invade personal privacy. The inherent risks are:

1. Discrimination: Use predictive analytics for determination on individuals

The use of predictive analytics by the public and private sector can be used by the government and companies to make determinations about our ability to fly, find a job, obtain a clearance, or get a credit card. The use of our associations in predictive analytics to make decisions that have a negative impact on individuals can lead to discrimination.

2. Embarrassment of breaches: Create public awareness by exposing personal information – identity theft

Examples include data breaches at multiple well-known retailers, restaurant chains, online marketplaces, government agencies, universities, online media corporations, and the recent hack that not only put unreleased movies on the web but exposed the personal information of thousands of employees. Also, public awareness about credit card fraud and identity theft is at an all-time high.

3. Abolishment of anonymity: Removing only a few data sets can lead to re-identification

Without rules for anonymized data files, it’s possible to combine data sets. Without first determining if any other data items should be removed prior to combining to protect anonymity, it’s possible that individuals could be re-identified.

4. Government exemptions: Collecting and adding more and more personal information to government databases

As an example, Americans are in more government databases than ever, including that of the FBI, which collects Personally Identifiable Information (PII) including name, any aliases, race, sex, date and place of birth, Social Security number, passport and driver’s license numbers, address, telephone numbers, photographs, fingerprints, financial information like bank accounts, employment and business information, and more. And who guarantees AAA quality of that data?

5. Data brokerage: Selling of unprotected and incorrect data profiles

Numerous companies collect and sell consumer profiles that are not clearly protected under current legal frameworks. The data files used for Big Data analysis can often contain inaccurate data about individuals, use data models that are incorrect as they relate to individuals, or simply be flawed algorithms.

6. Data misinterpretation: Having more data is no substitute for having high-quality data

While one can find countless political opinions on social media, these aren’t reliably representative of voters. A substantial share of tweets and Facebook posts about politics are computer-generated.

Conclusion

The role and importance of information management and governance in data privacy will be a key success factor for all organizations with European Union customers. In my next blog, I’ll break down the fundamentals of the required changes that will go into effect with GDPR.

This article, GRC Tuesdays: Part One – Big Data Privacy Risks and the Role of the GDPR, originally appeared on the SAP BusinessObjects Analytics blog and has been republished with permission.

Sources

Follow SAP Finance online: @SAPFinance (Twitter)|LinkedIn|Facebook|YouTube


Evelyne Salie

About Evelyne Salie

Evelyne is a highly experienced IT-Solution Principal, Business Developer and Project Manager with over 10 years IT- industry experience within the Governance Risk and Compliance and Finance area of expertise. She currently works as a Senior Director in Business Development at SAP Finance and GRC solutions. In her business development role she is working on concepts and realization for new generation of Finance solutions, running in real time, integrating predictive, Big Data, and mobile, which will change how offices of the CFO work, how the business is run, and how information is consumed.