We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

White hat, black hat

31 December 2014

Just because you can, does not always mean you should!

The exponential growth of available data (big data) means that big analytics and big research projects are expected to lead to big knowledge and thus big opportunities - but who benefits and who loses?

The privacy conundrum, as I call it, raises a three way battle between Governments that want access to all data, Consumers that give away all data and Businesses that want to use all data.

Businesses can use available expertise and technology to mine vast amounts of data that they control and can gain access to, but in doing so should they be white hat or black hat?

Well just because you can, does not always mean you should, and when it comes to research and analytics of personal data, you cannot afford to be black hat as the increasingly global nature of protection of the rights of individuals as regards their human rights and personal data means that the principles of fair processing apply. To be white hat means to be legal and ethical in the use of big data. To be black hat means that at some point big law and big enforcement will come calling!

Black hat -what's the worst that can happen?

Most jurisdictions have data protection laws that incorporate the OECD Guidelines on Privacy and indeed many NGO and trade bodies like DMA and ESOMAR have codes of conduct that also incorporate those same principles. These principles are:

  • collection limitation
  • data quality
  • purpose specification
  • use limitation
  • security safeguards
  • openness
  • individual participation
  • accountability

All of these principles impact on research and analytics players be they white hat or black hat. They demand anonymisation, encryption, transparency and best practices. More than that, these principles are enshrined in the laws and regulations of most countries and we cannot afford to ignore them.

The powers and impetus on privacy regulators to enforce and fine those that do not comply with data protection laws increases month on month and whilst fines and regulatory actions should be a deterrent, it is the "naming and shaming" and the loss of trust that should make black hat want to be white hat!

So be white hat

Data is the oil of the internet and a major asset, if not the major asset, for most businesses. However if personal data has neither been obtained  nor processed fairly, transparently and lawfully, then it is toxic waste.

If personal data is oil, don't have a gusher. The more data you have, the more you have to lose and the more you may be robbed. If you process large volumes of personal data then you will be at risk of cyber- attacks or data breach incidents. Often we don't become white hat until we have been named and shamed as black hat!

Be white hat and apply not only the law to your practices but also privacy by design and ethics. Differentiate yourself from your competitors by being a trusted curator of personal data.