It is estimated that, in 2015, humans are now generating as much as 2.5 quintillion bytes of data every day. Huge amounts of personal data are collected, the result of the digitization and ‘datafication’ of large parts of our lives. Smartphone use, for example, has doubled to two billion users since 2012. It is likely to double further, to four billion, by 2020.
The rise of the Internet of Things (IoT) is connecting more and more everyday objects that are sending and receiving data over the internet. All of these objects and phones and other devices are – of course – generating data.
The MIT Technology Review puts forward the argument that with such huge amounts of data being generated there is a struggle to properly maintain and manage it all. Neil Mendelson, a vice president at Oracle, tells us that “managing big data involves far more than just dealing with storage and retrieval challenges – it requires addressing a variety of privacy and security issues as well.”
For companies that are involved in any capacity with the collection of big data that could potentially jeopardize someone’s privacy, there are various pitfalls to be avoided. The type of information collected could “reflect an individual’s health concerns, browsing history, purchasing habits, social, religious and political preferences, financial data, and more,” said Edith Ramirez, Federal Trade Commission chairwoman, in a talk at the 2013 Aspen Forum. Pitfalls can include:
- indiscriminate collection of data from many devices
- data used in a spurious fashion, especially without consent
- unintended data breach consequences
It is clear that big responsibilities come with big data. The more data that is concentrated in any one place, the more attractive that data becomes to criminals. The risk invariably grows as the volume and sensitivity of the data grows.
Ramirez, who is head of the governmental entity for protecting US customers, argues that stronger incentives are needed to ensure companies better safeguard any sensitive data they are holding. “The FTC has urged Congress to give … [them] civil penalty authority” to be used against companies who fail to maintain proper security. As consumer data grows, the need for this legislation is only bolstered.
Companies already face significant brand damage in the event of a serious data breach. The proposed legislation means organizations could face regulatory consequences as well, should they fail to secure the life cycles of their big data environments.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”