Hoarders and Data Collectors
In our physical world, hoarders are deemed “out of control” when they collect too much. Surely the same analogy applies in our online world. When providers collect realms of data from us, it seems they lose control of that too? In the last months it’s not just the frequency of data breaches that has increased, it is the sheer volumes of personal data that are being breached that has reached new heights of “out of control”. This article explores the connections between the physical world of hoarders and the online world of data collectors and proposes ways to reign in control of our data.
Big Data Bloat
In our digital world, providers of all kinds of services can’t seem to collect enough data on us. Whether the use case is marketing, sales or simply for providing improved services, we have become the guinea pigs for today’s Big Data analysis. And, the more services we sign up for the more data that is processed on us and stored or transacted on back end clouds. It’s not just that the data that is being collected on us, it’s being used to profile us in ways we might not have intended. And, as today’s data-centric world has suddenly crept up on us, there seems to be a lack of due process and corresponding toolsets for securely managing user data.
Hoarding is considered a disorder in our society. It is characterized by a pattern of excessive acquisition and inability to let go of large quantities of objects. Hoarding behaviors are associated with health risks, impaired functioning and economic as well as social burden. Data collectors are hoarders of information. And, like their physical hoarder counterparts their data collection is characterized too by excessive gathering and acquisition. Data collectors may have algorithms and processes for assembling profiles of individuals and in that sense may create more order than the disorder that typically characterizes a hoarder’s physical world. However, as in the physical world, it is hard to manage increasing volumes of things, so too in the digital world realms and realms of data are very challenging to secure. Similar to the physical world where hoarding results in impaired function, the volumes of information that are exposed in data breaches are also symptomatic of impaired function and processing.
So, what’s to be done about it?
Organizations with a data-collecting model need to be proactive. They need to anticipate privacy and security risks in their environment before collecting individuals’ information. While it might sound basic advice, all too often organizations do not take into enough consideration the expectations of consumers that they are collecting information from. Consumers have a right to expect that the organizations they are providing their personal data to take the very necessary precautions, such as auditing and logging, data protection measures such as encryption in its various forms for highly sensitive and confidential data and put into place appropriate consent management and access control mechanisms.
It may run contrary to what many BigData scientists and marketers believe, but taking a minimalist approach might be the single best thing that their organization might do from a security and a privacy standpoint. While marketers may believe that collecting more data improves the accuracy of marketing, if it can’t be handled securely or transacted in in a way that is privacy-preserving the impact to company reputation and brand and not to mention to the individuals whose data may be exposed will far outweigh marketing benefits.
(Image Source: Neonsms)
The real challenge with data minimization will be to decide what information to collect and what to keep as no one single blueprint will apply equally to businesses. And, for data minimization practices to be successful it will require collaboration not just between privacy and security practitioners but also a company’s legal, marketing and Human Resources functions.
I believe that data collectors will end up shedding their current packrat practices as community outrage around the massive exposure of today’s data breaches is only set to increase. And, who knows, a more minimalist approach may also result in just as accurate marketing forecasting and more up-to-date customer profiles.
By Evelyn de Souza
Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW’s Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry’s first blueprint for making data protection “business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.