June 11, 2013 – In the background of ongoing revelations and fallout from a federal contractor leaking what are reportedly U.S. government scans of loads of private citizen phone data are enterprise lessons on approaching advanced analytics, big data and public information projects, according to industry experts.

The personal data privacy concerns nor the government safety intentions with this unfolding data surveillance story are not to be taken lightly. But, as massive data volumes are increasingly sold on the business side as a silver bullet to find competitive advantage, there are takeaways for business uses of huge, nebulous data sets, according to the EIM and enterprise security experts we reached out to over the last few days.

Dr. Larry Ponemon, chairman and founder of Ponemon Institute, says such a massive dragnet of information is, ethics aside, the “perfect big data use” because of the volume and variety of data, but also the wide-reaching and sometimes tangential connections. In research done by his advisory, issues of privacy remain a top consumer concern over the last eight years, Ponemon says. However, over that same time period, the notion of personal data being totally secure and outside of the government or business view – particularly with so much sharing over social networks – has eroded toward a “fatalistic” consumer perspective on their own data.

Ponemon says that businesses should be taking note of the importance of governance and process issues related to this particular use of huge, unstructured data volumes.

“No organization wants to be viewed as a bad guy in the eyes of their customers. It’s not just an embarrassment, but there’s a cost associated with reputation, with data stewardship. If you think about the government scenario that’s unfolding now, there’s a natural story about governance, too. If the government decides to use all of the information that’s available, you’d expect that, basically, they’d have a process in place where leakage about the program would be in place for people who are stepping out of the [program’s] bounds. What we’re learning about the whistleblower is that the government didn’t necessarily have a good internal process because they allowed a 29-year-old ... contactor doing, according to him, wiretapping and accessing this data,” Ponemon says. “It shows that governance can be such an important element to anything that presents a risk. Maybe this could be a wake-up call toward processes of handling big data, securing data sources, minimizing data risks for even organization’s dealing with consumer information.”

Derek Brink, Aberdeen VP and research fellow for IT security and GRC, said the data leaks came up in separate conversations with CISOs in the U.S. and U.K. over the last week, most everyone agreed and “absorbed” the fact that the information flowing on social and external networks is at risk.

“Most of them are monitoring data flows on their own networks, as well as posts on social media as part of protecting and managing their brand,” says Brink. However, “the one thing that did come up is that most individuals are not aware of how connected and correlated this kind of data can sometimes be. For example, the geolocation tags that are embedded in most posted photos, which can be used to pinpoint and track the user’s physical location. This has many implications, ranging from social engineering to physical safety,” says Brink, who has written on his hopes of development of such social network and data sharing capabilities as user-directed encryption or "shredded tweets."

Brink added that smaller companies often resign themselves to having fewer resources and skills to handle security and connection challenges, though the federal leaks may – and should – lead them to act on shoring up their data sources. 

Dr. Bruce Abramson, an intellectual property partner at Rimon, P.C., says that from a technical perspective, “the key thing to remember is that there is nothing new here.”

“Multinational Internet companies have long had to cope with governments seeking access to their data; Google's conflicts with [the government of] China were a high profile example,” Abramson says. “The ‘secret’ was thus not that governments spy on their citizens, but, rather, that our government does so. Looking forward, this issue will not go away. How will companies cope? With the same combination of compliance and technical resistance they have always employed as part of the cost of doing business around the world.”

At IDC, Security Products and Services division Research Leader Chris Christiansen says: “The impact on business will be minimal. It could make information interchange between private and public sources more difficult, slightly complicate life for companies that rely on managed security service providers, drive complicated privacy regulation in Europe and Asia that will make doing business in those areas more expensive.”

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access