“Apps” and Big Data and Privacy – An Oxymoron?

December 10, 2012 Sheila Mackay

Last week’s annual Georgetown Law Advanced E-Discovery Institute in McLean, Va. opened with a keynote address from J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals, who addressed the exponential rise of privacy issues in the digital age. Through numerous examples, he described how the Big Data explosion has brought forth myriad of challenges related to privacy that affect our communications in a multitude of ways – many of which we are not even aware.

It’s clear that Big Data is driving and blurring how we think about data privacy and what we do to protect our data. In the legal realm – and specifically electronic discovery – data privacy compliance and protection can be particularly complex and can have unexpected, if not devastating, consequences for an organization, both monetary and reputational.

In Law Technology News coverage of Hughes keynote, “Big Data Privacy? What?” it reported that Hughes aptly noted that there is no “’app for privacy. It’s not fixed, and it’s incredibly complex.”

There is no cure-all solution for the explosion of data and its effect on data privacy considerations, but organizations can take proactive steps to mitigate risk associated with their and their clients’ confidential data. My colleague Gabriela Baron at Conduent wrote about this topic last week in American Banker, “How to Manage Confidential Information in the Era of Big Data.”

While the article focuses specifically on the challenges the financial services industry faces in complying with regulatory standards governing information and security, key principles can be extrapolated and applied to nearly every type of organization:

  1. Implement an information governance program that is thoughtfully designed and implemented, and includes privacy and security policies that protect information about consumers and employees as well as retention procedures that ensure personally identifiable information (PII) is retained no longer than required.
  2. Perform period privacy audits to identify vulnerabilities in security procedures.
  3. Know how data is managed in the cloud, especially if you outsource data processing and related functions to third-party cloud providers.
  4. Implement employee policies that limited access to PII and its counterpart, non-public information (NPI) – particularly important when companies allow employees to store company data on smart phones and like devices.
  5. Develop a litigation readiness plan that includes policies and protocols to manage confidential data.
  6. In the event that discovery associated with meeting litigation or compliance obligations is required, utilize document review technology that can automate the identification and protection of confidential information, such as automated and inverse redaction tools that allow an organization’s legal team and its outside counsel to search across large data sets for user-defined confidential terms and automatically redact those terms.

Big Data and privacy issues won’t go away anytime soon, and the risks are significant. But addressing the challenges head-on now can help “insulate against potential liabilities.”

Sheila Mackay is Senior Director, E-Discovery Consulting at Conduent. She can be reached at smackay@conduent.com.

About the Author


Previous Article
Culling and Keywords: Going Broad Without Going Astray

Picture this: in a matter involving undisclosed side effects of a popular prescription drug called Zonovir,...

Next Article
Hooters! You’re Ordered to Use Technology-Assisted Review

In a first for the use of technology-assisted review as an e-discovery method, the Delaware Court of Chance...