In its recently published report Big Data and Data Protection, ICO has outlined a raft of considerations and recommendations to provide guidance and good principles to anyone interested in harvesting or using Big Data for analytical purposes.

Simultaneously, ICO is also seeking feedback on the report from all public and private sector stakeholders, by 12th September 2014.

The 50-page report has been a year-long research and policy undertaking by ICO to specifically define and explore the data protection and privacy risks posed by big data.

The report includes suggestions for strategies and tools that organisations, individuals and society should consider in order to comply with the Data Protection Act (the DPA).

Overall there are a number of key highlights of the ICO report. These can be summarised as:

• ICO’s current adoption of the Gartner’s definition of Big Data, with particular reference to the ‘three Vs’ of volume, variety and velocity considerations and specialised technology necessary for processing ‘big data’ datasets.
• Data anonymisation to ensure that individually identifiable information is untraceable.
• Fairness and transparency in processing of personal data.
• Need to specifically ensure consent when repurposing data.
• Duration and volume of data stored must be justifiable for long-term use or retention.
• Going beyond the call of duty and considering ethical as well as lawful and consensual processing of data in trust-based contexts.
• Certain key exemptions for big data repurposed and retained for research purposes.
• Security principles, data controller/processor obligations, and restrictions on overseas transfer of personal data.
• Need for regulators and organisations to adapt to a rapid evolution of policies for data and privacy protection.

The report also cites real-life scenarios of how some organisations are already embarking on their big data projects and the tools such as ‘Privacy Impact Assessment’ and ‘Privacy by Design’ that are being proactively used to ensure foresight and compliance in the big data protection arena.

The guidelines of the report also have significant implications for social networking platforms when utilising individual and private data for advertising and marketing purposes. Since, an individual’s information is accessible internally to social network systems, staff and advertising engines even when a given individual’s profile is set to private mode, or even if they have shared something privately with others.

Moreover, with the advent of Internet of Things (IoT) and more ubiquitous use of wearable technologies ^[1], the big data sets are likely to grow even bigger - to become hyper data sets. Hence, Excellis Business Consulting believes that, in future, the DPA and the proposed EU General Data Protection Regulation may well have to be extended further to include hyper data considerations.

A copy of the "Big Data and Data Protection" report can be found on the ICO's website.

---

[1] According to industry forecasts, there will between 26-30 billion IoT enabled devices by 2020.

Related resources:

- Read Part 1 of Good, Not Big, Data series of articles »

- Customer service first, Social networks second »

---

The above article is copyright protected. Permission to cite or quote it in whole or part is hereby granted on the express condition that the author and Excellis Business Consulting are explicitly credited for each and every citation. Note that any views or opinions expressed above are those of the author and do not necessarily represent those of Excellis Business Consulting.

™ Foresight Leader, Foresight Leaders, and Foresight Leadership are trade marks of Excellis Business Consulting.