Recently a friend of mine told me that he had applied for a job. Everything was fine, and the only pending activity was that his potential employer had authorized a third-party company to search for information about the candidate in social media. The freely available information about each candidate’s habits, hobbies, photos, political opinions and activities, sexual orientation, trade union membership, and other sensitive personal information was collected and analyzed. At the end my friend’s job acceptance was rejected with no reason given.
Collecting and combining data from openly available resources provides a tremendous basis for all kinds of investigation, as well as opportunities for big businesses to make money. Various parties are interested in things like shopping preferences, political opinions or citizens’ attitudes about paying taxes. Obviously there’s a huge need in public/political administration and commercially to know as much as possible and derive the right conclusions. However, this may be in conflict with an individual’s need to protect his or her data.
The appetite for big data is also big. As an example, a market researcher could learn the shopping preferences of a young woman and access her profile on social networks. The shopping preferences of her friends may then be correlated with hers by analysis of their online conversation about products, colors, tastes, and “likes” and “dislikes.” A researcher may even correlate this data to testing of activated regions of the brain of persons of similar age and sex when they see a product or color, hear a voice or music, smell something amazing and so on. Through such data collection, marketers can learn to play specific music when this young woman goes shopping online or provide a specific offer when she enters a shop.
This example can extend to other important areas like family history or genetics. For example, a family with a genetic determination to have grey hair early in life might want to start to color their hair in their thirties and prefer brown color—information that market researches could use. Any additional information about a potential customer helps the seller to provide exactly what the customer is looking for.
Sensitive information data protection
It’s obvious that there is tremendous interest in all kind of information about customers. But there are some regulations and laws to limit the appetite of any administration or company to collect and analyze data. In Germany, for example, a data privacy law limits personal data collection, saying that it must
- be only for the intended, valid purpose
- be only what is absolutely necessary
- be anonymized if possible
- be deleted if no longer needed
- include providing information to the person whose data is being collected, and deleting it if asked to do so (if no other law prohibits this)
An independent governmental authority checks the adherence to this law. There are severe penalties if a company breaches it.
Valid information gathering
Protecting the personal rights of citizens is regulated by law in Germany and some other countries within the European Union. Some community and special institutions, however, are interested in information about their potential customers. As an example, a person asking for a huge credit at a bank needs to be checked before the bank can grant it. He may have unpaid debts in other banks, or may lack a regular income and therefore not be able to pay back the loan. In such cases it makes sense to contact a central, official place to ask for information about the credit readiness of a person. This may help to avoid banks granting too many loans to individuals not capable of paying back their credits. At the end it protects the taxpayer from rescuing large banks that have too many outstanding credits in their balances.
In a world where we are increasingly interconnected; where the technical possibilities for collecting and analyzing big data are growing rapidly; and where big data itself is exponentially increasing, the limitation and protection of personal information (especially sensitive personal information) is becoming more and more important. Institutions like banks will continue to have an interest in an individual’s credibility. And the taxpayer and investor will want to know about the financial situation of banks and other institutions or companies.
It’s essential to find a good balance between the need to protect the individual and the need to protect the community in general. Nobody who has applied for a job should be discriminated against because of gender, political opinions or race. On the other hand no taxpayer should be charged for claims resulting from insufficient information about credit consumers. And finally, governmental institutions and consumer product producers should be able to get the information they need on the basis of existing laws and with explicit agreement from the individual the data belongs to.
Have you ever searched for information about yourself from various publicly available resources and put it in a single place to see what all exists? How difficult would it be to collect any missing information to complete the picture?
Dr. Turgut Aslan is the Service Line Leader for Managed Security Services (Infrastructure Protection) and SCE+ Security Workstream Leader in Germany. He joined IBM in 1999 and has more than 12 years of in-depth experience in the IT security areas of networking infrastructure, systems management, service management, tools and software.
To effectively compete in today’s changing world, it is essential that companies leverage innovative technology to differentiate from competitors. Learn how you can do that and more in the Smarter Computing Analyst Paper from Hurwitz and Associates.