Article

5 questions companies should ask about Big Data to avoid legal issues

Companies are buzzing with discussions around big data and for good reason. Data can provide valuable insights, predict outcomes, and help companies make better decisions. In the digital age, more than ever before, there is a vast amount of data available as well as a high demand to gain access to, analyze, and take action with such data. However, it’s important to consider the risk and legal obligations when handling sometimes sensitive customer information. We’ll highlight important questions companies should ask about their own Big Data assets and the legal issues to consider.

Everyone is talking about Big Data but do you really understand what it means? Essentially, Big Data is all the data that exists in your organization’s ecosystem. Even before computers, companies kept records of transactions and customer information. Computers have made it easier to store and organize this data while finding ways to capture new information. Today, nearly every digital action is recorded. Thanks to smartphones, social media, online shopping and smart technology in machines, there’s an overabundance of digital data. While previously, it was considered better to have an enormous volume and variety of data, companies are becoming aware that what really matters is actionable data and planning strategically about how to use their data to benefit their business.

There are legal obligations tied to certain types of data collected. HIPAA Privacy Rule provides federal protection to personal health information and is highly restricted in order to protect sensitive, personal information. Personal Identifiable Information (PII) – i.e., information that would be used to trace an individual’s identity, such as name, social security number, date of birth, mother’s maiden name, etc. – is also restricted to protect individuals. Collecting payment information also requires companies to meet certain protections in order to safeguard sensitive financial information.

It’s vital that companies have a clear understanding of all the types of data they’re collecting so they can meet the legal obligations tied to each type of data. These legal requirements are designed to protect consumers’ personal information, some of which may be highly sensitive. Keeping customers’ best interest in mind is important to companies’ values as well as their reputation.

Companies can source data in a number of ways, either directly or indirectly. Name and address are commonly directly asked for from customers. It allows companies not only to contact them but personalize communication they receive. Transaction history and loyalty programs indicate customer preferences and how valuable they are as a customer. Communication to and from customers provides insights about how effective communication is based on bounce and click-through rates. Tracking customer behavior through GPS, browsing history, heat maps, and social media can also provide a wealth of data that paints a clearer picture of their customer.

Data collection should be unobtrusive (filling out lengthy forms is off-putting to customers) but it should also be clear and transparent to customers that they’re sharing their information with a company. Collecting information can occur little by little, over time without irritating your customer. However companies choose to source and collect Big Data, it’s vital that they disclose the type of information being collected and how it will be used.

Traditionally, data has been stored in silos across organizations, with various information segmented and contained. However, as computing power increases, technology continues to advance with the ability to process vast amounts of data. Now, companies are moving towards storing data in a data lake model. A data lake is a repository where raw, native formatted data is stored. By storing data this way, Big Data analytics can be done in real time resulting in quickly implemented action plans.

Once data is collected and stored, it’s now the responsibility of the organization to protect that data by taking reasonable security measures. The information that organizations obtain from customers is not only a business asset but often valuable in itself which makes it a target for cyberattacks. It’s vital that companies adhere to mandatory regulations and strict security standards in order to avoid legal risks and protect sensitive customer information.

Having an enormous amount of information doesn’t benefit a company unless they have a strategic action plan. And there are many ways to make Big Data work for businesses. Big Data can be used to target customers in marketing, customize communications to customers, predict customer behavior, detect fraud, and much more. Sometimes the amount of data available can be overwhelming but if a company has clear goals and objectives, it is much easier to cut through the Big Data noise and focus on what’s important to the business.

It’s important to consider how collected data will be used because companies are required to disclose this information to customers before data is collected. Also, certain uses of Big Data have strict regulations that require thoughtful planning. For example, marketing communications such as email, phone calls, and push notifications must be easy to opt out of at any time, even if the user previously agreed to receive communications. It’s vital that companies have a plan in place to meet regulations and not be caught off guard.

While the actionable applications of Big Data is exciting, it’s important for companies to consider the legal obligations that go with such information to avoid unlawful practices. Asking questions about the type of data, how you will collect and use that information not only helps address legal risks but creates a strategic approach to Big Data assets as well. With a strategic approach and legal obligations addressed, companies can use Big Data to their advantage, making better and smarter choices for their business.