In today’s economic climate, organisations have more access to data. The substantial amount of data collected by organisations becomes valuable for predictive purposes, operational efficiency, improving customer experience, just to mention these three. However, organisations tend to miss the governance elements when using big data.
For example, an organisation aims to increase customer lifetime value. It creates a data lake of all her existing customers to monitor customer behaviour and spending patterns to identify her best customers. The organisation then proceeds to focus more on the value creation methodology and forgets the principle of purpose limitation, clear notification to customers and the concept of minimising data.
The organisation above continues to “mine” these data sets for a new purpose without paying attention to key data protection principles or asking the right questions. As such, organisations fall into that loop of treating data protection as an afterthought and exposing their processes to vulnerabilities. It would behove of companies to ensure that there is consideration for these elements of data protection in: (a) creating a data lake and (b) in teasing out the exact purpose these data sets will be used for (c) and, most importantly, creating a notification methodology to help data subjects understand the implications of this process (d) creating and maintaining a clear access process.
Big data is a welcomed ideology and data protection shouldn’t be seen as a barrier. Another instance is worth mentioning here. A health organisation can use big data for improving profitability to help save lives, help health researchers with creating new medical solutions to existing diseases, and highlight trends and threats in medicare patterns.
However, because of the sensitivity of data processed in the health space, it is important that security becomes paramount when managing the data sets used for improvement in this space.
It goes without saying that as companies begin to see the importance of maintaining a data lake and the benefits that can be generated from collecting data. But I’d argue that “collecting—as—much” is not the best approach towards reaping the positive benefits. The best approach is to ask the critical questions: (a)what sets of data do we need (b) how will data be used and is the purpose clearly defined (c) what kind of security do we have in place (d) is there any plan for deletion (e) will there be any need for anonymisation and will an anonymised data set allow the organisation gain the traction needed for the required developments or projects?
Big data is here to stay. It’s not going to be phased out at any time and it would be used for many purposes including, building smart cities, ensuring security is increased in certain areas, helping businesses to grow and divest their working patterns and structures.
However, the question of data protection still rears its head, and organisations need to structure their governance as they tap into the potentials that big data tends to present.
