Click to learn more about author Cathy Nolan.
Americans have long been divided in their views about the trade-off between security needs and personal privacy including data privacy. Much of the attention has been on how government collects data or uses surveillance, though there are also significant concerns about how businesses use data. When a terrorist attack happens, people tend to favor more surveillance by the government but at the same time some people are becoming increasingly concerned about their privacy and protecting their civil liberties.
New information about the extent that digital technologies have captured and sold a wide array of data about individual’s habits, preferences, prejudices, and personalities have alerted people to the amount of data they have provided, either willingly or unwittingly, to data brokers.
People may ask “what is the difference between someone monitoring, surveilling or spying on me?” A simplified explanation is that monitoring refers to the active or passive observation of people for commercial reasons or to perform activities authorized by law. Most monitoring is not secret and can be observed. Surveillance is a targeted form of monitoring, usually conducted to obtain specific data or evidence and usually occurs without the person knowing they are being watched such as data being collected from apps without a person’s knowledge.
Spying combines monitoring and surveillance with active intelligence gathering and data analysis to discover what is occurring relative to government or corporate interests. Spying can be used in the interest of national security, by unscrupulous corporations to discover trade secrets, or has the media discovered, to sway individual’s opinions about political candidates, high-profile individuals, or national interests.
Not all surveillance is negative, a constructive way surveillance is being used is by a company named PLANET which was profiled in a recent National Geographic article. PLANET has only been around for a few years but they have found a way to map and monitor the entire planet by sending roughly 200 satellites into orbit that constantly take pictures of the entire globe. Their mission is to provide scientists with up-to-date information about things like deforestation, ice melt in the Arctic and the illegal expansion of palm oil plantations in Africa.
To do this they track changes daily so that these problems can be addressed. They are not tracking individuals but can spot trends and deliver insights into how populations are behaving.
Meanwhile governments are using surveillance drones for everything from tracking their security forces, monitoring weather patterns, surveilling their borders and yes–watching us. Local police departments initially used drones for traffic control but their usefulness has expanded to search and rescue operations and to tracking criminal activity in high-crime areas. This all sounds great but what about when a drone flies over your neighborhood and captures images of your backyard or looks into your windows?
Would gathered images be subjected to facial recognition software or studied for evidence of criminal activity? Would any video be subject to the same disclosure as a video collected by officer body cams or patrol car dash cams? These are all privacy issues we need to think about before we wholeheartedly endorse drones and government security cameras. For example, in London there are over 500,000 CCTV cameras, or 1 for every 14 people. Are American’s willing to give up that much privacy for security?
As privacy and data security issues increasingly permeate the activities of companies, we data people need to think about how the data we handle and manage affects our companies and our customers. Data is being closely studied as something organizations can monetize but with these opportunities comes risk.
Are we positive that the ways our corporations want to sell personal data meet current privacy laws and regulations? Are there security practices in place to guard against unauthorized use of the data? As data is sold, companies must consider their customers desire for data privacy and what it would mean to a company’s stock value if there was a loss of good-will.
As companies sell their customer’s personal data, breach litigation will become a necessary cost of doing business. Any loss of data could result in an expansion of what is considered injury in those cases. A relatively modest litigation cost can become a huge expenditure for companies with a breach where “stolen” data was used to obtain false mortgages, open bank accounts or file fraudulent tax returns.
Data Modelers and Data Governance experts need to work with the company’s security experts to create policies and procedures designed to handle confidential data within the organization and to decide which data can be safely exposed to vendors and others outside the firm. No one has asked you to participate? Volunteer.
Who better to know the organization’s data elements and when they appear in conjunction with confidential data such as driver’s license number, date of birth, credit card information, health records, social security number and other private data. If GDPR wasn’t a wake-up call, read the headlines or tune into a news channel to get the message. Whether your company’s confidential data has the potential to be leaked due to monitoring, surveillance, or spying, it’s up to the data management professionals to protect it.