U.S. Mulling Big Data PolicyHow Privacy, Security Concerns Should Govern Use
The Obama administration is in the midst of a four-week effort to get the public to chime in on policies the federal government could develop regarding the privacy and security of big data.
In January, while addressing new limits placed on intelligence agencies in collecting telephone metadata, President Obama tapped his counselor, John Podesta, to lead a group that would seek to forge international norms for how to manage big data and how the government could promote the free flow of information in ways that are consistent with privacy and cybersecurity (see Obama Orders Review on Use of Big Data).
"The power of new technologies means that there are fewer and fewer technical constraints on what we can do," the president said at the time. "That places a special obligation on us to ask tough questions about what we should do."
On March 4, the White House Office of Science and Technology Policy issued a request for information seeking comment on a potential big data policy. The group, headed by Podesta, President Clinton's former chief of staff, includes the secretaries of commerce and energy and the president's science and economic advisers. A report, which is expected to be issued in mid-April, should address how big data might motivate changes in government policies across a range of sectors.
Profound Privacy Implications
"We are undergoing a revolution in the way that information about our purchases, our conversations, our social networks, our movements and even our physical identities are collected, stored, analyzed and used," Podesta writes in a White House blog. "The immense volume, diversity and potential value of data will have profound implications for privacy, the economy and public policy. The working group will consider all those issues, and specifically how the present and future state of these technologies might motivate changes in our policies across a range of sectors."
The exponential growth in data is, to some degree, redefining the meaning of privacy, and that's spurring the Obama administration to examine its impact on government and society.
"The definition of what privacy is will continue to evolve as we understand this information that big data is able to provide us," says Jeff Spivey, international vice president of ISACA, a professional association focused on IT governance. "The risks that we talk about today are going to be different than the risks we talk about in three or five years from now."
Here's a sampling of questions Podesta's panel seeks answers to:
- Do the current U.S. policy framework and privacy proposals for protecting consumer privacy and government use of data adequately address issues raised by big data analytics?
- What types of uses of big data raise the most public policy concerns?
- What specific sectors or types of uses should receive more government and/or public attention?
- Are there particularly promising technologies or new practices for safeguarding privacy while enabling effective uses of big data?
- What issues are raised by the use of big data across jurisdictions, such as the adequacy of current international laws, regulations or norms?
- How should the policy frameworks or regulations for handling big data differ between the government and the private sector?
Responses to the request for information can be e-mailed to email@example.com, with the subject line Big Data RFI by March 31.
Employing Smart-Grid Model
Rebecca Herold, who runs a consultancy focused on information security and privacy, says the federal government must recognize the need to establish security and privacy boundaries for big data analytics and the resulting data created through the analytics.
Herold suggests that the government create a public-private-sector forum to consider big data standards that's similar to the Smart Grid Interoperability Panel established in 2009 to help the National Institute of Standards and Technology develop smart-grid security and privacy standards. She says a group to establish big data standards should include IT experts, academicians, practitioners within commercial businesses and privacy engineering experts, as well as government and legal representatives. "The most practical and effective solutions will come from considering the perspectives of a wide range of key stakeholders," she says.