Home     Big Data       Big Data, Data Breaches, and the GDPR: We’ve Hit a Tipping Point

Big Data, Data Breaches, and the GDPR: We’ve Hit a Tipping Point

In business, your biggest commodity is your company data. And in your personal life, your biggest commodity is your personal data – although the average person on the street is only just beginning to realise this. We’ve now reached a tipping point in time. A time when the amount of data that’s being stored and transmitted is exploding, and what we are now able to discern from the resulting big data is staggering.

According to Statistica, in 2017, there were 8190 exabytes (that’s 1 billion gigabytes) of cloud centre IP traffic, along with 897 exabytes of traditional data centre traffic. It’s expected that by 2021 cloud centre traffic will reach 19,509 exabytes. That’s per year.

Data vs metadata vs big data

Just what is all this data going across networks? There’s plenty of business content, videos, and social networking traffic – that’s regular data.

But there’s also data such as your GPS location from your phone for Google Maps, how long you hovered over that ‘BUY’ button on the David Jones website, how often you search for medical conditions, and whether you share political posts on Facebook. The extrapolation of meaning behind each of these data points is a piece of metadata – it explains your daily movements, your buyer behaviours, if you’re a possible hypochondriac, and your political leanings.

Big data refers to finding patterns across all of these pieces of metadata. This can be used to classify you as an X type of person, in simple terms, although it’s far more complex than that. If you’re known as an X type of person, you’ll be able to be subtly influenced according to the rules of behaviour and thought that an X type of person generally follows.

The Cambridge Analytica scandal is just the tip of the iceberg

The Cambridge Analytica scandal involved harvesting of around 87 million users’ personal data from Facebook via an initial quiz app given to approximately 270,000 people, which was then used to create psychological profiles of each user and all their friend networks (and theirs, and theirs…), then on-sold to politicians, who were able to create advertising based on what would appeal to voters. In essence, they determined the X, Y, and Z people, and then could create advertising based on each of these personas.

Cambridge Analytica was able to determine key personality traits such as openness, neuroticism, political views, sensational interests, IQ, and more (according to leaked emails). What’s worse is that the firm’s behaviour was not illegal, it was within the terms of Facebook at the time, and participants agreed to the conditions – albeit without realising the underlying reason behind the collection of the information they were providing.

While it’s not a typical data breach, where sensitive data is stolen by hackers through exploiting vulnerabilities in organizational web applications, it amounts to treading in very murky waters – highly unethical, but scraping by on a technicality.

It’s issues like this that are starting to be addressed in new privacy regulations like the GDPR.

The GDPR and what it means for the way personal data is handled

The General Data Protection Regulation comes into effect on May 25th, a legally binding requirement ensuring European citizens are protected from data breaches and privacy concerns online.

The regulations set out a number of conditions which all companies collecting data must adhere to if they have European customers or visitors to their site/app and violators can be fined “up to 4% of annual global turnover or €20 Million (whichever is greater)”.

  •        Must ask for expressed permission to collect data
  •        Must store data securely, notifying people within 72 hours if there has been a data breach

[Note: We already have the Australian Mandatory Data Breach Notification regime in effect here, however, one of the conditions to trigger a mandatory breach notification (within 30 days) is “The breach is likely to result in serious harm to one or more of the affected individuals”]

  •        Must inform the person what the company is doing with the collected data
  •        Must give a person access to the data if requested
  •        People may request erasure of the data

This regulation, while extremely important, will be difficult to police for companies residing outside the EU. However, companies doing regular trade with the EU, have offices in the EU, or process data from individuals in the EU need to ensure compliance to avoid trade, travel, or other disrupted services, and warning or fine notices.

How can Australian SMBs adopt rigorous customer data protection principles?

Whether you’re a B2B sales organisation, a small accounting firm, or run a nationwide chain of gyms, you need to be ensuring that your customer data is kept safe, private, and only used within the guidelines set out under Australian policy.

If you are collecting customer data, whether that be their address, how many calls they logged with you that quarter, or profiling each one for a new product you’re launching, then you need to have a Privacy Policy. Your Privacy Policy outlines what you are doing with your customers’ data and each customer must agree to it. Ensure you have a good understanding of the Australian Privacy Principles guidelines or seek the assistance of someone who does for further clarification.

Keeping data safe from breaches involves sophisticated systems and infrastructure setup. Unless you have a dedicated and experienced team on site, then this can be almost impossible to manage internally. That’s why Australian businesses are choosing to use Managed Service Providers, much like us here at A1 Technologies. Managed Service Providers take care of your infrastructure and IT management remotely, so you can concentrate on your core business, without having to spin up and manage a dedicated IT team.

With secure data storage solutions and management, safe networking configuration, monitoring and optimization, let us help your business grow and thrive.

As for your personal data, be aware that it is being collected. Little quizzes like the ones you see on Facebook could well be a data harvester and big data consumer profiler masquerading as innocuous fun.

Subscribe to our newsletter

Enter your email and stay in touch with the latest updates from A1.

Call us now