Did you miss the keynote address given by FTC Commissioner Ramirez at the Aspen Forum? No worries, you can find the full text here, and it will make good iPad reading while you’re at the beach. Titled “The Privacy Challenges of Big Data: A View from the Lifeguard’s Chair”, the Commissioner’s speech turned into a quick lesson on how companies should be governing their big data.
In the first part of her speech, Ramirez effectively makes the case that big data brings big privacy risks, with breach risk near the top of her list. As she notes, firms must be “responsible stewards” of their big data. And yes, the FTC can and has gone after companies with poor security practices that lead to data exposure.
So what can companies do? For now, the FTC has offered voluntary guidelines that are discussed in more detail in their 2012 report, Protecting Consumer Privacy in an Era of Rapid Change.
If you want a crash course and don’t have time to read the full report, I’ve conveniently put together a short cheat-sheet based on the Commissioner’s Aspen remarks:
- On privacy by design — “Privacy by design means building privacy in as products and services are being developed. To do that, companies need to perform risk assessments to lay bare vulnerabilities by asking tough questions: [for example] are security measures appropriate given the volume and sensitivity of the data? ”
- On choice and opt-in – “Consumers must be told who is collecting their data and what the data will be used for. And choice mechanisms must be simple and easy-to-use.”
- On transparency — “For too long, the way personal information is collected and used has been at best an enigma enshrouded in considerable smog. We need to clear the air. … Transparency is an essential part of the solution.”
- On de-identification – “There is also one risk mitigation technique that is uniquely applicable to the rise of big data—de-identification. De-identification encourages firms to … pay attention to stripping out unique identifiers to render that data anonymous.”