• Palaute
  • Yhteystiedot
  • Rekisteröidy

Sum of all fears - data analytics and privacy


I have been recently working with data analystsanalysts while some of them were building their big washing machine of data. It has been great in many ways but especially so because I have had a chance to peek into the challenges these professionalsencounter daily. It got philosophical once one of them mentioned how she feels like standing small and looking up in the vastness of data, like the child in the cover of a book called Little Prince staring at the vastness of space. I am a security guy and not a data analyst at all. But I admit having the same feeling. But as it often is with complex things, finding answers begins with finding the right question. Mine turned out to be this one: Can you reasonably prove that you cannot easily combine datasets to identify an individual where inappropriate?

Data breaches are of course bad. But it's not people working with data I am worried about. What if we accidentally call couple of APIs and end up combining data in a way we don’t have approval to? We have already entered the world of obscurity of integrations where there is fever and fever human eyes watching what kind of data is actually being collected and where it is combined.

So, how to get away from there? The answer seems almost too simple. Have a predefined reason to collect data and re-combine existing data. Evaluate the reason carefully and understand if the new dataset is more than sum of its parts. And be prepared to underdtand all the possible places data flows. Even the ones you are not expecting.

One might argue that this is impossible. It is not possible to know at all times what we might want to ask about our data in the future. That might be true. I am rather suggesting that you might want to get the big picture drawn. Know your data.

Getting the big picture isn't always easy, I give you that. Let's take the marketing tool SDKs as an example. These tools may work so that those require you to include a 3rd party SDK in your mobile app. This is sometimes needed to get the relevant profile or behavioural data out of the device and particular app user. And of course, the intent is to use this data to target relevant marketing and understand better if the money spent on marketing is actually giving anything back. Now, getting to the point, these SDKs don't necessarily reveal their data model easily. All I am saying is that if you consider respecting privacy and data protection important as company, it is worth trying to open 3rd party black boxes as well since those black boxes might hold keys to you company's privacy message.

Understand what the tools, SDKs and services you use actually do. Look at how the services, integrations between your services and partners’ services and SDKs have been coded. Above all, you should work based on thought security models and require software security practices to be in place at home base and at your partner.

This brings us to design principles. Privacy by design is a good thing. Diverse integration architectures can and should be privacy aware, too. Not only because privacy and data protection are noble ideas but also because it is rational to try to keep your big data as usable as possible. It is probably costly to clean huge data masses afterwards of personal data. This is not to say that personal data is always an obstacle but there usually must be a acceptable reason to process it. Quite often the personal data isn't needed at all to get the analysis results wanted out of a data set.

Create privacy supporting design principles for your system architecture. And remember: If you cannot plausibly prove that a dataset can be properly erased don’t put it in that sort of a data store in the first place. And finally, create such system architectures that make people want to keep them. System Architecture should feel well functioning and simple to plug in. The design principles help in evolving the system architecture.


Ei kommentteja!

Rekisteröidy ja verkostoidu toisten yrittäjien kanssa!