Fresh Data Blog
Fresh Data Archive
With Big Data Comes Great Responsibility
Date: June, 2015 --
It can be a risky and ugly world out there when it comes to the reaction of the public, the government, and law-makers to data acquisition, sale, management and loss. The rapid increase of interest in big data is also a potential source of legal risk. In its May issue, the Harvard Business Review noted that 97% of people are concerned about the misuse of their data.
If acquisition and use of big data is part of your company’s business plan, be it for marketing, planning, future visualization or any other purpose, it is critical to be aware of the potential pitfalls and dangers of this brave new digital universe. Not all big data is free for the picking, and sometimes the cost can be very high. So it’s very useful to develop an awareness of what can go wrong, and to plan to avoid the negative repercussions.
Basic lesson number one.
Big data attributes should be handled and protected with as much care as you do your clients’ individual data. These elements/attributes might be about your customers, or about another population you are studying for analytical purposes. Perhaps you are capturing browsing patterns of non-customer visitors to your website. If the data is traceable to a personally identifiable human being, the non-customer data must be treated with as much care as the customer data.
The Big One – being a breach.
Perhaps the largest and most significant risk for data managers and companies is the data breach, when data is lost, disclosed inadvertently, or stolen. Maintaining a secure environment which makes use of appropriate data protection software and in-house protocols are critical. 47 States and possessions have adopted legislation on data breaches which specify when and to whom a breach must be disclosed, and the steps a company must take with respect to the individuals whose data has been compromised. And of course the States proceeded more quickly than Congress and their notification thresholds and remediation protocols differ, making effective and responsive remediation a complicated and potentially very expensive exercise.
Do not underestimate the possibility of having to respond to a data breach, they are remarkably common. A “short list” of breaches in 2014 include: Neiman Marcus, Michaels, 11 individual casinos, Albertsons, White Lodging (implicating numerous famous chains), UPS, Goodwill, Home Depot, Kmart, Staples, Bebe, Sony, and the venerable JP Morgan. And these are just the ones involving publically listed companies.
Risks are substantial. According to the law firm Bryan Cave, a specialist in this area, last year 110 class action cases were filed regarding data breaches. The favorite targets of the class action bar are retailers, whose breaches are often quickly in the news. Last year, 14.5% of publically reported breaches occurred in the retail world, but 80% of class actions were against retailers.
In addition, the cases against retailers have most frequently been based on credit card data breaches, which obviously imply disclosure of private information about consumers’ purchases. However, many beaches include other sensitive information, such as Social Security numbers and other data, and yet no lawsuits follow. This is puzzling. One suspects that this is because retail community breaches generally involve very large companies with massive numbers of customers, and these events become front page news quickly. Retailers also are inclined to settle quickly for the sake of the company’s reputation.
This is not to suggest that your mid-sized or small company might not be the object of investigation or litigation, from the public or a State or Federal prosecutor. The Federal Trade Commission (FTC) has been very vigilant in investigating companies who suffer breaches and it undertakes protective steps in sometimes unforeseeable ways. Recently it intervened in the RadioShack bankruptcy to request that customers’ personal data be protected and be sold only to a company in the same line of business as RadioShack and that the buyer agree to adopt RadioShack’s privacy promises to its customers.
The Federal Communications Commission (FCC) have been very severe recently and have issued substantial fines to companies within their jurisdiction who failed to protect customer information. AT&T was fined $25 million for charges relating to non-US workers stealing information of 280,000 customers. The failure to protect the data was deemed a violation of a carrier’s statutory duty under the Communications Act to protect that data.
Other companies fined by the FCC have included T-Mobile, Marriott Hotels and Verizon for a variety of denials of service or dishonest billing, all of which implicated personal information. The FCC has even bragged about its new aggressive enforcement, noting that since March 2014, the FCC, working with other agencies, has collected more than $365 million in fines, settlements, and refunds for consumers.
Could it get more complicated?
Finally, as a closing thought and to come full circle, the “biggest” Big Data of which your company might be the guardian could well be derived from the Internet of things and its related issues and exercises. Much of the concern and immediacy in this area derives from the record-breaking merger and acquisition activity in this area.
According to 451 Research, so far this year 39 IoT-focused companies have been sold for a total of $US14.8 billion. In 2014 there were 62 transactions for a total of “only” $14.3 billion.
Much of this activity relates to semiconductor-related companies, not the data itself or the tools to collect, transmit and analyze it. But those transistors obviously will be used as the “things” that will collect and transmit and analyze information about what human beings, as well as the connected products they buy, are doing, and are likely to do in recurring cases.
According to a recent survey, the most frequent reasons for this explosion of data collection and analysis are (i) to improve customer service using activity in accounts (63%); (ii) generate insights for new products and services (52%), and (iii) to improve marketing impact based on detectable patterns, preferences, demographics, time of day and location data, etc. (50%).
Those exercises will result in more personal data for you to protect. Will your customers and the regulatory agencies trust you? The Harvard Business Review published in May the results of a survey whose results are set out below.
Doctors and payment card companies are the most trusted with personal data; governments, media/entertainment and social media companies are the least trusted. In the marketing world, shouldn’t we strive to be up there at the top?
At Data Services, Inc. we have learned during our long history as a trusted guardian of the customer and prospect records of our clients, that the winners in the trust-building exercise have a 3-part secret to success. It is to fully inform, teach even, your customers and prospects what you do with their information, give them control of what you may do with their information and deliver fair value in exchange for their trust.