We’ve been doing it for years, decades for some. How many websites have you created accounts on? Your bank, your credit card companies, social media sites, hotels and travel sites, online shopping sites, and that’s just the start. We do it often without even thinking about it, quickly entering our personal information, our data, in a plethora of systems. Sometimes we are not even aware of the information we are providing. It could be very personal information (think of the security questions you provide answers to for protecting your information on these systems), to information about your behavior, your interests (websites visited, internet search topics). While possibly concerning from a privacy perspective, you had some level of control. For the back-end systems involved, the volume and variety of the data was a manageable situation. The tradeoff between privacy and convenience is something we, for the most part, found acceptable.
Not Just About Personal Data
This is not a situation unique to consumers and personal data — businesses do the same thing. In order to conduct business with each other, businesses must share key information about themselves and their operations with their partners, such as key contacts within the organization, purchasing trends, locations, and shipping patterns of products. All the information that is needed by the business partners yet is also an asset subject to privacy concerns within the business. As with our personal data, it is always a delicate balancing act of tradeoffs in order to be able to conduct business.
Then Came Mobile and Internet of Things
The game changed when the mobile revolution started and continued with the explosion of the Internet of Things. Your mobile apps, along with all your ‘smart’ devices that you wear (e.g. fitbit), are in your home (e.g. smart tv’s, nest, smart appliances), or even your car, are sending massive amounts of disparate information out into the cloud. While the data packets for most devices tend to be small, there are a lot of devices. Gartner estimates that there will be over 20 billion ‘things’ by 2020. To the sheer volume of devices, now add in the velocity of the data. These devices can be streaming a large variety information constantly. Your GPS location, house temperature, car speed, even your blood pressure. Sometimes we are aware, many times not.
The business-to-business side is not without impacts as well. RFID chips in inventory that is shipping between and through partners, smart manufacturing facilities, like smart homes, are providing huge volumes of information about their operation without even potentially realizing it.
Privacy & Ownership vs. the World
This is not a ‘the sky is falling’ or the ‘world has my data’ rant. I raise it to point out the impact of our data usage and consumption is in today’s world of the ‘Internet of Everything’. I am reminded of a presentation I attended at a Gartner Symposium entitled ‘Privacy vs the World’ presented by Heidi Wachs, a research director at Gartner. She raised the point that “the lines between social culture, corporate culture and regulation are blurred when it comes to privacy’.” She asked the attendees, “How can organizations truly define privacy so that it is appropriately preserved?” The discussion revolved around the constant struggle and balancing of the business needs, convenience, and addressing privacy and security concerns of the users (or business partners) of the system. As many of you know, one of my favorite sayings is ‘Everything is a tradeoff.’ The phrase was never truer than in our new world of Big Data and the Internet of Things. New uses and the data that is being collected appear at breakneck speeds, sometimes before we even understand the implications and tradeoffs involved.
Information Is an Asset
An added twist to this conundrum was raised in a recent article in The Atlantic. In the piece, the author raises the additional question, what happens to that data if the company storing it goes bust? Your personal information could be considered an asset of value that can be sold off, as what happened with Radio Shack.
While not discussed in the article, it raised another thought for me from a business to business perspective. What if my business partner is acquired by one of my competitors? Would it provide them insights into my operations, and help them possibly derive a competitive advantage with that information?
If Data Passes Through Your System, You Have a Responsibility
As technologists, we have a responsibility to help the business understand the tradeoffs and risks involved in this rapidly changing environment. We as humans, by nature, love to hoard things, and data is no different. We are accumulating large amounts of data as it passes through our systems. If it is in or passes through your system, you have a responsibility for ensuring the rules are followed. What level of privacy is needed/required/desired is fully dependent on the data itself. Not all data is created equal, some require more privacy than others. Privacy and the security mechanisms needed to implement that privacy is not a once and done kind of thing, it's constantly evolving and changing. In the Gartner presentation I mentioned, Heidi asked a challenging question. “When a law enforcement agency comes asking for all that data you have been hoarding, what will you do?” It is better to be proactive and plan ahead than reactive when the situation occurs.
In this fast paced, rapidly changing technology environment we live in today, we are providing and collecting huge amounts of data from an ever increasing number of potential sources, whether they be mobiles, wearables, our vehicles, or any other of a myriad of sources we haven’t even thought about. This data is traveling through the nebulous cloud environment we all love to talk about and traveling through the ether to its final destination. Our challenge as technologists is to understand the implications, challenges, and tradeoffs involved in that world and be able to articulate those to the business so that the proper balance between business needs, data ownership & privacy, convenience, et al can be achieved.
It’s a difficult and delicate balance. There is no one right answer, no one size fits all as to which tradeoffs are acceptable. Ultimately, that is a business decision, based on the goals and needs of the organization, and could change over time. It’s walking a tightrope over a shark invested tank of water. Our job as technologists is to try and help the business understand the risks and tradeoffs so they can traverse that tightrope and get to the other side safely.