UK privacy watchdog the Information Commissioner’s Office (ICO) has released a new report warning firms they must be transparent and abide by data protection principles when embarking on big data projects.
The lengthy report, Big data and data protection, aims to give UK organizations timely advice on how to deal with the major privacy risks that arise from this fast growing technology industry.
“We do not accept the argument that data protection principles are not fit for purpose in the context of big data. Big data is not a game that is played by different rules,” the report warns.
“There is some flexibility inherent in the data protection principles. They should not be seen as a barrier to progress, but as the framework to promote privacy rights and as a stimulus to developing innovative approaches to informing and engaging the public.”
Firms must therefore be as transparent as possible when collecting data, especially personal information – letting their customers know exactly how it will be used. This is especially important if that data is being reused for a different purpose, the ICO said.
The idea of big data also flies in the face of the principle of “minimization”, so firms need to be particularly clear about how much they need to collect and for what purpose.
The ICO warned that any personal data must be processed in accordance with the Data Protection Act, and urged organizations to look into whether it could be anonymized.
Privacy impact assessments were also recommended to understand how a big data project could affect those concerned.
Finally, the ICO recommended firms design systems that allow simple online subject access requests – which are guaranteed by law.
"The key is to consider the legal data protection repercussions of any big data project from the very beginning," ICO senior policy officer, Carl Wiper wrote in a blog post.
“We’ve spoken of privacy impact assessments and ‘privacy by design’ before, but it is crucial here,” he added.
“By thinking about data protection issues sooner, areas like whether to get people’s consent, using data fairly and keeping information secure become far simpler.”
Those keen to give feedback on the document are urged to email the ICO by 12 September.