This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.
Improved decision making, faster time to market, better customer service and increased profits are just some of the benefits contributing to the explosion of big data implementation across enterprises of all sizes. The World Economic Forum describes the personal information garnered by big data as “the new ‘oil’—a valuable resource of the 21st century.”
And while big data analytics is the “new engine of economic and social value creation,” enterprises eager to reap the benefits of big data and its vast potential are recognising their responsibility to protect the privacy of the personal data gathered and analysed with big data.
Privacy breaches of big data can result in costly legal consequences for enterprises. Risk and maintaining adequate mechanisms to govern and protect privacy need to be major areas of focus in any big data initiative. Privacy is entering a time of flux, and social norms and legal systems are trying to catch up with the changes that digital technology has brought about. Privacy is a complex construct, influenced by many factors, and it can be difficult to future-proof business plans so they keep up with evolving technological developments and consumer expectations about the topic.
To streamline the governance, risk management and effective delivery of big data implementation projects, many enterprises are implementing COBIT, a customisable framework developed by global subject matter experts. By using COBIT, enterprises can more easily identify sensitive data, ensure that the data is secured, demonstrate compliance with applicable laws and regulations, proactively monitor the data, and react or respond faster to data or privacy breaches.
According to Privacy and Big Data, a whitepaper by ISACA, enterprises must ask and answer 16 important questions, including these five that are key, which—if ignored—expose the enterprise to greater risk and damage:
Can we trust our sources of big data?
What information are we collecting without exposing the enterprise to legal and regulatory battles?
How will we protect our sources, our processes and our decisions from theft and corruption?
What policies are in place to ensure that employees keep stakeholder information confidential during and after employment?
What actions are we taking that create trends that can be exploited by our rivals?
As big data grows, enterprises need a robust data privacy solution to help prevent breaches and enforce security in a complex IT environment. ISACA notes that enterprises eager to reap the benefits of big data and its vast potential must also recognise their responsibility to protect the privacy of the personal data gathered and analysed with big data. Risk management and maintaining adequate mechanisms to govern and protect privacy need to be major areas of focus in any big data initiative; and this should fall to IT and network teams to deliver.
The lengthy privacy policies, thick with legalese that most services use now will never go away, but better controls will, and must, emerge. CIOs under pressure from the board and senior leadership to implement big data before proper risk management and controls are in place should act now because, although big data provides an important opportunity to deliver value from information, an enterprise will be more successful in the long run if policies and frameworks are put into place first.
The COBIT 5 framework can be downloaded free of charge at www.isaca.org/cobit. Privacy and Big Data is available freely at www.isaca.org/privacy-and-big-data. Additional privacy and big data discussions, links and resources can be found in ISACA’s Knowledge Center in the Privacy/Data Protection and Big Data communities.
Yves LeRoux, CISM, CISSP, is chair of ISACA’s Data Privacy Task Force and technology strategist at CA Technologies