IT Compliance Advisor

Jan 21 2016   3:21PM GMT

FTC report: Big data analytics could prove harmful to consumers

Fran Sales Fran Sales Profile: Fran Sales

Tags:
Big Data
Big Data Analysts
Consumer data
FTC
FTC Act
Information security
Predictive Analytics
regulatory compliance

Big data analytics have proven extremely beneficial to both companies and consumers across a wide range of industries, producing valuable insight in fields like healthcare, education and transportation. There is also, however, the potential for this data to be used in a way that harms consumers, according to a Federal Trade Commission report published earlier this month. As I covered in Searchlight last week, the FTC report had a clear message: The federal agency will not hold back from investigating unethical big data analytics processes and bringing enforcement actions against businesses that employ them.

But which big data processes exactly does the FTC report say are potentially problematic, and which does it consider acceptable? Highlights include the following:

Problematic: Differentiating products based on population subsets. Any big data analytics practice that limits provision of products or services to certain population subsets based on statistical input is considered unfair by the FTC, “especially if any of the data can be a proxy for poor or minority or underserved populations,” said Brenda Sharton, head of law firm Goodwin Procter LLP’s business litigation division. She offered the following industry examples of such practices: withholding access to credit, housing or employment due to background checks or screenings; and offering different rates or prices on insurance or product delivery based on an individual’s address. The FTC considers collecting several types of data problematic, including zip codes, social media usage/membership, and shopping habits. Sharton also warned against differentiating products based on characteristics such as race, gender and marital status.

Problematic: Making false promises to customers about how data is analyzed. Another big data practice companies should be wary of is making promises to consumers about how their data will be used and whether it will be entered into predictive analytics platforms. “If you’re going to be using [the data] for any statistical analysis, and it’s either you or your third-party vendor, you want to make sure you don’t promise the consumer that you ‘won’t do that,’ or that you’re informing them that you will,” said Sharton, who also serves as co-chair of Goodwin Procter’s privacy and cybersecurity group.

Acceptable: Targeted advertising. In most cases, this practice is OK with the FTC, said Sharton. For example, “A company’s advertisement to a particular community for credit offers that are open for all to apply is unlikely to violate [equal opportunity credit laws],” she said.

Problematic: Failing to reasonably secure consumers’ data. The FTC acknowledges that in the era of big data, companies are justified when collecting more data than they need. This means their information security needs to be proportionally robust — leading to another practice the report’s authors say is unacceptable: failure to implement security measures that are sophisticated enough to secure data “commensurate with the amount and sensitivity of the data at issue, the size and complexity of the company’s operations, and the cost of available security measures.” For example, organizations that maintain sensitive data such as Social Security numbers or customers’ medical data must have stronger security safeguards than those that only maintain consumers’ names, they added.

The FTC recommends that companies look at three factors to determine whether their information security is strong enough in proportion to the types of data they manage:

  • The amount and sensitivity of data
  • The size and complexity of the company’s operations (“What’s right for a massive Fortune 100 company will be different than what’s right for a … small company,” said Sharton.)
  • What security measures are available and how much they cost

The bottom line for companies employing big data analytics? Full regulatory compliance will likely require some legal advice. “They should ensure they have the counsel to determine whether they are complying with things like FCRA, ECOA and other laws,” Sharton said.

What’s your take on the downside of big data analytics? Let us know at editor@searchcompliance.com.

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Kevin Beaver
    Great piece, Fran! I believe we, as a society, are woefully naive when it comes to believing that everything will be done in our best interests with big data analytics. I know, for a fact based on the work that I do, that these big data analytics companies are under-prepared security-wise (to say the least). Be it lack of software patching on internal systems that house the data to untested web applications that receive/process the data and a bevvy of other security flaws, this "big data" is at risk, especially to things like SQL injection, email phishing, and malware attacks. It's also somewhat ironic that such as study is coming from an agency of the federal government that performs these very types of studies/analyses on the population but I'm sure that's none of my business.
    24,640 pointsBadges:
    report
  • Fran Sales
    thanks for delving deeper into the information security portion of big data processes, kevin! this is very unnerving indeed. and good question on the FTC -- how transparent are they about the types of data they collect and how they analyze it...? something to look into.
    3,310 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: