Gerald Naidoo, CEO of Logikal Consulting, says in terms of compliance, many laws have not taken into account the challenges presented by big data warehousing. "Regulations don't always address rules around protecting data from different customers at different levels."
Much in the same way, social media sites, such as Facebook, LinkedIn and Twitter, which gather massive amounts of unregulated yet possibly sensitive information, are a growing concern, and need to be addressed to avoid compliance and security issues in the future. However, Naidoo says that big data deployments fall under the same principles that govern general data, so existing data security policies can be extended to cover these as well.
"The first step is a clear understanding of where the data resides. Many of today's data warehousing solutions include features that automate and monitor compliance and security. This will lower compliance and security costs, and provide assurance that you know where your data is stored, how it is being accessed, and where it is going."
Over and above the issue of data residency, businesses must find ways to segregate their big data, and to facilitate the smooth deployment of security measures, such as monitoring or data encryption.
"Data should be classified and segregated according to its importance and sensitivity, which makes it far easier to control and protect," explains Naidoo.
He adds that problems of data protection and privacy can also be alleviated by ensuring that data is anonymous, which eliminates the need for consent from the data's subject or owner. "The UK Information Commissioners Office (ICO) recently unveiled a framework aimed at assisting organisations to assess the risks of anonymisation in terms of data and identity protection. The framework illustrates how to anonymise personal data for medical research purposes, market researchers' analysis and so on."
Naidoo says another step in ensuring compliance is to examine the source of the data. "Questions such as whether the data is free to use or not, are important. The majority of data sets will have some controls pertaining to the use of that data, and companies must be cognisant of any licence terms etc., as they will increasingly need to integrate data from multiple sources, often from third parties."
Should the data being gathered be intended for use in a commercial service delivered to users by the organisation, then those customers will need assurances too. "Any business using big data must be absolutely clear on the extent to which the data can be re-used, or it will be unable to provide assurances. These issues must be ironed out as soon as possible."
The very scale of big data, and the multiple sources it comes from, translates into companies having to multi-task, as they weigh the consequences of using data from myriad sources. Naidoo says most countries have their own legal frameworks regulating privacy, compliance and information, and these will mostly be interlinked with existing laws governing contract law, data protection, intellectual property and the like. "Due to these existing regulations, often licencing arrangements that can be used with these other elements can extend to big data too."
"Transparency is also a vital element, so organisations should ensure that individuals are fully informed as to whether their data may be used, or disclosed to others, even when in an anonymous form. This is just good practice, and adds to the credibility of any data set."
