The group today issued a 51-page report which covers how big data should be compliant with existing data protection laws, including the 1998 Data Protection Act, especially when dealing with personal information.
The report includes a brief description of big data and advises on the collection and repurposing of personal data, as well as how companies can ‘fair' and ‘transparent' in what details they retain. Furthermore, it looks at the benefits of big data security analytics and how this all meshes with the incoming EU General Data Protection Regulation, which could stipulate fines of up to five percent of global turnover for data breaches.
The watchdog admits that it's difficult to produce a ‘watertight' definition of big data and instead plumps for the one issued by research outfit Gartner that big data is “high volume, high-velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making.”
The report – which was based on year-long research - notes that both the public and private sectors have been using big data analytics to collect data such as climate and weather information, and says that such schemes have often anonymised information so that the user is not identified.
However, the ICO says that loyalty card and social media campaigns are examples where personal information is used, and adds that in these cases firms must ensure that they are ‘fair' and ‘transparent' in the collection of this data, in particular in relation to data protection law.
It advises companies to consider whether it needs to collect and repurpose personal data, and asks if companies should carry out privacy impact assessments and data ‘minimisation'.
“Big data is not a game that is played by different rules,” reads the report on page four. “There is some flexibility inherent in the data protection principles. They should not be seen as a barrier to progress, but as the framework to promote privacy rights and as a stimulus to developing innovative approaches to informing and engaging the public.”
On page 27, the ICO looks at how security ties in with big data, detailing how much such data is often held across several servers or in the cloud. Citing an ENISA report which warned of the “uncontrolled” collection and usage, the watchdog said that this shouldn't be the case if abiding by existing data protection practices.
“If responsible organisations apply their normal risk management policies and procedures when they acquire new datasets or use existing one for big data analytics, then this should not be considered “uncontrolled”.
It added: “The ability of big data analytics to analyse very large volumes of data very quickly means that it can be used to analyse network traffic, transactions and log files that are too big to handle with other technologies in order to detect patterns and anomalies to rapidly identify security threats.