May 1 has long been known as May Day or International Worker’s Day. In 2014, it could just as well have been dubbed Big Data Security Day. It was on May 1 that the white house released an 85-page report on big data called Seizing Opportunities, Preserving Values, discussing big data applications such as transparency into government spending (waste), helping the US economic recovery, as well as improving education and healthcare: all topics near and dear to our hearts.
The report encouraged the current administration to take expedited action with regard to pending legislation and detailed big data’s failures in protecting privacy.
Some of the pressing privacy issues as they relate to the big data report:
1. Ownership of personal data
Who owns personal information? Who is trusted with personal information?
Is there a way to make sure the personal information a company has been entrusted with remains under the sole ownership of said company?
2. De-identifying data is an imperfect proposition.
The report mentions the “mosaic effect, whereby personally identifiable information can be derived or inferred from datasets that do not even include personal identifiers.”
So, how can big data applications gather personal information without others being able to re-identify the de-identified?
3. Don’t forget small data
Though all the buzz is around big data, the report identifies small data as the culprit for the most common privacy risks, a la defrauding personal banking information, which may not require big data, but causes big damage.
Is there a way to limit (or, dare we say: prevent) breaches like the Target credit card disaster or the Heartbleed bug?
4. ePHI must be protected
Though the healthcare industry has much to gain from big data, it also has many concerns. Protected Health Information must remain private. The report claims "the privacy frameworks that currently cover information now used in health may not be well suited to address these developments or facilitate the research that drives them.”
Is there a way to reap the benefits of big data and maintain HIPAA compliance and ePHI privacy?
5. What about the NSA and other snoopers?
Actually, President Obama commissioned the report in response to outrage over the NSA snooping scandal, but the report itself didn’t explore much of the agency’s protocols. It also didn’t investigate Google, Facebook, Verizon, or other possible corporates with privacy challenges.
Is there a way to limit the snooping capabilities of the NSA and others?
A Cloud Security Solution for Big Data Applications
What would report writer White House counselor, John Podesta say to a solution that addresses all five of these concerns? With homomorphic split key encryption:
- The company that owns the data owns the encryption key. That way, no one else can access personal data. If you consent to your medical insurance company, for example, to have your medical records, only they have access to your medical records. This technology ensures it.
- A big data application can gather vast amounts of information, yet its owner can easily control the encryption (and decryption) of that information as only they have the Master encryption key.
- Malicious hackers and unwitting insider accomplices alike are stopped when the encryption key is, itself, under lock and key.
- HIPAA compliance can be maintained in the cloud for big data applications.
- No one: not the NSA, not Google, not even a cloud provider, can access data that is encrypted with homomorphic split key encryption without the legitimate owner providing their master key.
Big data has many challenges ahead, but privacy and cloud security are solvable with new technology. Small and big organizations alike can step up to deal with the challenges big data presents and to reap the opportunities it provides.
