Emerging Issues in Data Privacy and Protection

Privacy – “the state of being free from intrusion or disturbance in one’s private life and affairs” – was awarded the honourable “2013 Word of the Year” by Dictionary.com. The impressive list of events invoking privacy last year including Snowden and NSA, Google Glass and innumerable data breaches, contribute to the increasingly blurred lines between public and private spheres and question the validity of the definition. Will the definition stand the test of time in our digital age? How will privacy change in 2014? We consider emerging issues that may well re-define the privacy landscape in the coming year.

Big Data

Yes, this term also found its place on the front page of newspapers in 2013, yet do you really know what it means? Big Data refers to the storage and analysis of large and/or complex data sets using a series of analytical techniques and is defined by volume, velocity and variety. Big Data is not data that can be handled on an Excel spreadsheet; it is an array of multi-sector, highly variable, unstructured and sometimes real-time, pieces of information that challenge current data protection and access paradigms and practices. Netflix uses big data to personalize customer preferences and the Obama campaign applied big data to analyze voter’s preferences, their likelihood to vote and to provide individualized reminders.

The real value of Big Data lies in the fact that it can be harvested for the public good especially in the research sphere: IBM has teamed up with researchers in the US to predict outbreaks of dengue and malaria, Mount Sinai Hospital is teaming up with data scientists formerly with Facebook to use big data to predict when people will get sick, prevent hospitalization and lower healthcare costs.

Big Data comes with big responsibilities, especially on the data privacy and protection front. We predict that this year will see the extension of the use of Big Data with companies being required to adhere to additional legislative requirements.

Do Not Track

Have you ever wondered why advertisements for engagement rings all of the sudden start popping up in the billboards displayed on your Facebook mini-feed? How did they read your mind? The term “Do Not Track” is often noted as the online version of last decade”s international push for “Do Not Call” lists. The focus has shifted from over dinner interruptions by telemarketers to advertising network and social media platforms that secretly gathering individual’s online behaviour and information when they browsing the web. California recently passed a “Do Not Track” law requiring websites that collect personal information:

• to inform browsers if third parties can collect information from their site; and
• provide individuals with a choice of “do not track” mechanisms that can be used to opt-out of collection of their online activities over time.

We predict that others will follow in California’s footsteps in the coming year, though push-back from advertising agencies and social networking platforms will challenge further legislation.

Bring Your Own Device (BYOD)

Many organizations, including UBC, allow individuals to use their own mobile device for work purposes. BYOD expands the number of networks, applications and backdoors through which data can be disclosed, accessed and stored. Concern for both employees’ individual privacy rights along with the employer’s need to protect corporate data in accordance with institution policies and legislative frameworks is a growing dilemma. One item is clear: employees must give explicit and informed consent to an employer in order to access personal information on their device. The level of user monitoring, tracking and remote features that an employer can implement remains vague, as well as the technological division between personal data and corporate data. UBC will be releasing a BYOD policy in the coming months – keep your eyes – and devices – peeled for the announcement.

Changing times, challenging laws

On the legislative horizon there is a growing consensus that national privacy legislation must match the digital era. Canada’s Privacy Act and British Columbia’s Freedom of Information and Protection of Privacy Act (FIPPA) both received assent during the era of the fax machine and the photocopier. Even a review of Canada’s Personal Information and Protection of Electronic Documents Act (PIPEDA) is long overdue and is not adequately effective against multinational corporate giants¹. Given these murmurs, we wonder… will the call to modernize legislation come through? Will harder penalties be enforced for inappropriate access, use and disclosure of personal information? Will increased access to data for purposes within the public interest, including research on health and well-being, result from changes? Most importantly, will a balance between the privacy and the public good be struck with the potential amendments? Only time and technology will tell.

More information:

• International Data Privacy Day 2014
• UBC University Counsel – Access and Privacy page
• Data privacy and information security checklist by Population Data BC