Is data security more than just the security of data?
It's a strange question but when we think about data, we usually focus on a two-pronged approach
- Keeping data secure
- Preventing hackers from breaking into systems and stealing that data.
There is however a more worrying use of data that has attracted considerable media attention in recent weeks surrounding gathering and, critically, combining data from various sources to gain a far more insightful picture.
The recent press surrounding Facebook and Cambridge Analytica exposed the fact that if you can pull together data from different systems and use this data to help target voters with the ultimate aim of influencing elections, you can probably equally gather and use data to achieve a range of outcomes. Of course, influencing people to vote one way or another is nothing new - the media have been doing it for hundreds of years, however technology allows you to identify and target individuals far more precisely, with messaging that resonates with their specific circumstances.
Data combined becomes greater than the sum of its parts
Volcanic was invited along with other web developers to a Hackathon event, at which all teams were challenged to use data that the Police Authority made public and build an app that demonstrated an interesting use of this data. The objective of the challenge was to help the police better understand its data, but, in fact, we demonstrated that when the public police data was combined with other readily accessible data sources (such as events and social feeds), it became far greater than the sum of its parts.
Volcanic demonstrated to the police that in this dummy scenario based on real, live data, we had found a way to identify what type of crime to commit for the greatest success, as well as where and when to commit it. Our app helped the authorities to better understand the risk they take when making data freely available through APIs without having the right legal checks and balances that are clearly required.
Of course we were not surprised that other smart companies were looking at how to merge data to achieve better outcomes. Facebook is looking to enable face recognition on its app so that friends can find other friends. It got me thinking again about all the data that is now collected and stored in the cloud. It also made me consider how by using APIs this data could be combined for commercial gain.
Here's a scenario - data for life insurance
I use a smart phone and add an app. This app collects all my location information. It also records all my health metrics, exercise habits, spending habits, all my photos are made available and all the people I take photos of can be identified. It records who I meet and when I meet them. It records when I’m in the pub and it records all the people in the pub who have devices. In isolation it’s quite boring because to be honest I don’t have a very exciting life. However when all this data is merged together with everyone else's data it gains new momentum.
Let's say I try take out life insurance, but without my knowledge the insurance company has already bought all the data from the app company. They decline my application for insurance.
Why? Because they now know that I drink every night in the same pub, I pay using my android device and on average I drink 20 pints a week. My device indicates that I also have a curry every night on my way home, I drive everywhere and I never exercise. The data predicts that I’ll be lucky to live past 50 and that my life expectancy is 60. The insurance company has determined that I'm a high risk individual but they haven’t ever asked me to take a medical nor sought my approval to use the data. Somewhere hidden in the depths of the T&Cs of the original app, however, is the right to sell this data to a third party such as the insurance company.
The new data protection laws will bring a new dimension to data capture and, particularly, to data sharing. At Volcanic, we take data protection very seriously. For advice on data security and how your recruitment website can support your GDPR compliance, get in touch.