Big Data, IoT, the Law and What You Need To Know. Kelly Friedman, CIO Peer Forum 2017

By: Jalen Chin, Guest Contributor, CIO Peer Forum 2017 Volunteer

With the rise of technology and the ease at which data can be collected, there comes many opportunities to analyze information through Big Data. However, with the prevalence of such data, there comes the risk of the security and privacy of individual’s collected data being infringed upon. Kelly Friedman addressed these risks, and led us through a discussion of regulatory frameworks, the distinction between security and privacy, as well as the tools to be utilized when moving forward with the trend of Big Data. 

The current privacy legislation currently in place in regards to the collection of personal information. Friedman emphasizes that there has been increased regulatory focus on Internet of Things (IoT) and Big Data. Furthermore, Federal Trade Commissions have been extremely active in tackling security. A definition of personal information is provided, stating that it is any information available about an identifiable individual. Some information is more sensitive than others, whether it be eye color, age or social insurance numbers. The main idea is that “personal information should not be collected, used or disclosed without consent or in contravention of the individual’s reasonable expectations”. Although a company stores this confidential data, the decision about what to do with the data is ultimately in the hands of the individual’s preferences and consent.

Friedman then distinguishes the differences between privacy and security, as they are often interlinked. She declares that privacy is the choice of what happens to data about you, whereas security is the protocol or tools in place that serve to protect the data. Moreover, security is considered to be a subset of privacy. Subsequently, Friedman leaves the audience with a thought provoking question: 

Can we make data completely anonymous,

or is technology so advanced that people can still be identified?

Friedman then transitions to describe each of the Fair Information Principles in detail. These principles act as the foundation of all Canadian privacy legislation. The first principle is accountability. Accountability is described as an organization’s accepting the responsibility for any personal information they collect. Every company has to designate someone that can be identified publicly to take responsibility. The second principle is identifying purposes. This means that information is only used for the reasons disclosed by an organization at the time of collection and not for unrelated purposes. The next principle is consent, which means an organization shouldn’t be able to collect information unless they have the person of interest’s consent. However, Friedman states that there are exceptions to this, such as in the event of an emergency regarding health situations. Limited collection is another principle which means that organizations should only collect information that is absolutely necessary. This principle ties in with the principle of limiting use, disclosure and retention, as a company should only keep personal information for as long as the purpose is still being fulfilled. The principle of accuracy believes that personal information being stored should be accurate and up to the individual’s standard. Safeguards build on the security principle by further protecting personal information according to the information’s degree of sensitivity. The openness principle believes that companies should be open about data use in terms of why they collect data. Friedman then describes the individual access principle as an individual’s right to any company and ask if they have any private information about them. Additionally, the individual has the right to collect any errors in the data. Lastly, Friedman discusses the principle of challenging compliance. This principle alludes to an individual’s right to question an organization on any concerns regarding whether or not that organization is adhering to the Fair Information Principles.

Friedman ends by emphasizing that organizations should adhere to privacy, security and ethical standards as much as possible in order to reduce the risk of confidential information being exploited.



For a recap of Kelly Friedman’s presentation, she has given permission to share her slide deck with CIOCAN members. It can be accessed when you are logged in to the CIOCAN website, under Rescources – Presentations from Past Events. If you attended the CIO Peer Forum, are not a member of CIOCAN and would like to access the presentation, please contact

Jalen Chin is a student at University of Alblerta and we are grateful to have had him with us at the CIO Peer Forum 2017 in Edmonton as a volunteer. We thank him for his time and commitment.