e-Records 2017: “Big Data vs. Information Security: Bringing Peace to Conflict”

This is the sixth post of a multi-part recap of the 2017 e-Records Conference. Presentation materials from the conference are available on the e-Records 2017 website.

  1. Information Governance: Take Control and Succeed
  2. The Public Information Act and Updates from 85th Legislative Session
  3. TSLAC Wants Your Electronic Records
  4. Establishing Information Governance for Local Governments in Microsoft SharePoint and Office 365
  5. Data Protection and Information Governance across Data Silos
  6. Big Data vs. Information Security: Bringing Peace to Conflict

As business operations within the private sector and state/local government offices become more complex, the requirement of more data increases. Big Data, an accumulation of data that is too large and complex for processing by traditional data management tools, becomes more of a challenge to manage and protect. In addition, Big Data demands new forms of Data Analytics, the analysis of data sets to identify and interpret meaningful patterns, trends, associations, and interactions. At the beginning of this presentation, Eric Stene, CRM, City of Austin, posed the following question to the audience, “Which came first, Big Data or Data Analytics?”

By applying Data Analytics to the sea of Big Data, we could soon see the following benefits:

  • Speech recognition through voice data
  • Early identification and intervention to improve high school and college graduation rates
  • The creation of smarter cities and highways

According to Mr. Stene, as the need for Big Data increase, the following risks occur:

  • Increased vulnerability due to longer retention of data
  • Increased threat to sensitive/confidential information
  • Possible loss of reputation/public trust

These risks could leave a business or state/local government office vulnerable to security breaches. Some examples that Mr. Stene used during presentation were breaches at Equifax and Yahoo. Through these examples, Mr. Stene illustrated how breaches can cost a business time, resources, and manpower. In addition, breaches of this magnitude may cause a business to lose public trust as well as their reputation.

At this point, the presentation transitions into reconciliation of Big Data and Information Security. Mr. Stene stressed the importance of working together as a team to resolve Big Data/Information Security concerns before the issues cause the loss of time and resources. The resolution of these concerns may result in a short-term or long-term project, depending on the severity of the concerns. According to Mr. Stene, the following needs to be considered when reconciling data:

  • Identify
    • The data
    • How the data will be used
    • The most applicable information
  • Are there alternatives?
    • Is all the information required?
    • Can the retained data be limited or sanitized?
  • How, if at all, would additional information help the project?
  • Identify potential concerns of data’s subjects
  • Risk review by independent panel

As Mr. Stene continued his discussion on reconciling Big Data/Information Security, he emphasized the need for a Privacy Impact Assessment (PIA) when taking on a Big Data Project. The goals of a PIA are:

  • To identify privacy risks
    • Tangible risks
    • Intangible Risks
    • Abstract Risks
  • Evaluate compliance obligations
  • Identify ways to mitigate risks

Basically, Mr. Stene illustrated the importance of a Big Data Project to reconcile the Big Data/Information Security concerns within an organization. In addition, Mr. Stene stressed the need of a PIA, used to identify privacy risks, evaluate compliance obligations, and identify ways to mitigate risks. At the close of this portion of the presentation, Mr. Stene showed how the reconciliation of Big Data/Information Security is a team effort, involving much consensus and compromise.

Mr. Stene closed his presentation with a discussion on Big Data Protection. At this stage of the presentation, Mr. Stene, highlighted two key points:

  • Responsibility to protect data falls on businesses and government
  • Know your data
    • Understand the risks and threats
    • Understand the potential impact

To summarize, you must take the following into consideration when managing Big Data:

  • Big Data does have benefits
  • Retaining Big Data puts sensitive information at risk
  • Alternatives for data analytics
  • Privacy Impact Assessment
  • Data Benefit Analysis
  • Consider your customers
  • Safeguard your sensitive data

As the need of Big Data within various organizations increases, know the need to protect this data also increases. As records and information management professionals, it is critical we take a proactive approach in mitigating potential Big Data management risks before they turn into major issues within the organization.

Leave a Reply

Your email address will not be published. Required fields are marked *