A Lawyer’s Perspective on Big Data and IoT Challenges By Kelly Friedman, DLA Piper (Canada) LLP

Kelly Friedman, Partner at DLA Piper (Canada) LLP will be presenting one of the most talked about workships at the upcoming CIO Peer Forum in Edmonton April 26-27, 2017.

Big Data and the Internet of Things have arrived, and technology will continue to advance. At the same time, our needs for personal privacy and individual respect remain fundamental to who we are as human beings.  And then there is the law.  While there are no laws created specifically to deal with Big Data and the IoT, that doesn’t mean that the law has nothing to say about them.  

In this session, Kelly Friedman will discuss Big Data and the IoT from a legal perspective.  She will address “big picture” concerns about Big Data and consumer IoT, the current legal and regulatory framework to be applied, the distinction between privacy and security, and tools to move forward with Big Data and IoT projects with an acceptable level of risk.

Below, Kelly gives us a sneak peak at what she’ll be sharing with us at the #CIOPeerForum in April.

An information-based economy presents a real challenge for privacy law.  The law requires the protection of personal privacy, while economic and other social imperatives push us to work to reap the economic and social benefits of a fully-connected, Big Data world.  We cannot ignore privacy law, and we cannot stop the Big Data revolution.  We must find a way to reconcile the tenets of privacy law with technological innovation.

Big Data Benefits

I use the term Big Data is to describe the large quantities and varieties of data that are available to be processed and to be analyzed to draw inferences and conclusions.  Big Data analytics requires data, algorithms, and physical platforms, such as data centres, where the data is stored and analyzed.  But Big Data stores can be hacked, and their contents used for inappropriate or nefarious purposes. Security services are an essential component of the Big Data infrastructure.

The sources of information for Big Data are everywhere – internet use, social media, mobile applications, government and commercial databases, the many internet connected devices that collect data from the physical environment (the Internet of Things or IoT), GPS chips, in-person payment transactions, and so on.

There are some truly remarkable benefits that can be derived from Big Data.  For example, in 2013, Toronto’s Hospital for Sick Children, the University of Ontario Institute of Technology (UOIT), and IBM Canada synthesized millions of data samples from monitors in neonatal intensive care units and were able to identify factors that serve as early warning signs of life-threatening infections for newborns.

Privacy in the Age of Big Data

Canadian privacy law is based on the principle that, even while a company may have physical control of an individual’s personal information, the decisions about how to collect, use and disclose the personal information should reflect the individual’s consent and personal preferences.

Big Data also raises privacy concerns beyond smaller collections of personal information because one can never know what information may be extracted from a particular collection of Big Data.  Through data mining and other analytics, data which seemed innocuous when collected can bring out personal information, directly identifiable to individuals.   One privacy-intruding example which received lots of media attention in 2012 occurred when a retail outlet followed the data trail, for marketing purposes, and mailed coupons for baby items to a teenager who had not yet told her father she was pregnant.

Big Data and Security

Privacy and cybersecurity are not the same thing, but are intimately related.  Cybersecurity is a discipline that enforces policies related to different aspects of computer use and electronic communication.  Privacy, on the other hand, speaks to an individual’s control over the use of his or her personal information.  Poor cybersecurity is a threat to privacy.

Securing Big Data is not fundamentally different than securing smaller stores of data, but it is more difficult.   Traditional security mechanisms tailored to securing small, static data sets on firewalled networks are inadequate.  We know that anonymization does not always work with Big Data.  Some experts argue that, with enough data and powerful analytics, individuals can always be re-identified.  In addition, the privacy concept of data minimization (if you hold less information, there is less to lose) is antithetical to the Big Data business model.  Entities choose to hold data indefinitely because Big Data is frequently able to find economic and social value in masses of data that were otherwise considered worthless.

Harmonizing Big Data and IoT with Privacy and Security

Big Data is cheaply and easily accessible to large and small organizations through public cloud infrastructure, often using tiered storage and computing, such that chucks of data are separated onto different hardware and software, resulting in multiple attack surfaces.  We also have to worry about the data collection points.   Can individual consent be assured for every data collection at every collection point?  How can we trust that the data which is collected from countless end-point devices is not used maliciously?  A malicious insider or untrusted user can abuse the data sets and extract personal information and use it in inappropriate contexts.  These are just some of the concerns.  There is no stopping Big Data.  But we need to use the brilliance of Big Data to secure it.  We need data scientists that specialize in security to use Big Data technologies for network monitoring, authenticating and authorizing users, identity management, and fraud detection.  Neither the promise and nor the problems with Big Data can be overstated.  Technology has created a problem, we must use technology to solve it.

Kelly Friedman is a partner in DLA Piper (Canada) LLP’s Toronto office. Kelly is an experienced commercial litigator with unique expertise in electronic information issues, including electronic discovery, data security and privacy.  Kelly is known for her efficient, no-nonsense approach to problem solving and dispute resolution. In 2011, Kelly was named as one of Canadian Lawyer’s “Top 25 Most Influential Lawyers in Canada”, and in 2015 and 2016 Kelly was recognized by Who’s Who Legal as a most highly regarded electronic discovery lawyer.

Check out Kelly’s website: www.kellyfriedman.com or www.the-d-drive.com

Follow Kelly on Twitter:@kellyddrive