Big Data Rules and Regulations – Part II

Big data rules and regulations should be enhanced and updated by state and federal legislators simply because big data analytics across all industry sectors is important to improve efficiency. In general, big data analytics is used to predict consumer behaviors so they can be targeted by commercial organizations. This information can be gathered when, for example, the consumer visits an e-commerce website and purchases items. Also, information can be obtained when a consumer applies for a loan through a mortgage lender or financial institution.

Information security is important because in most cases the consumer is not aware that his or her information has been shared, transferred, or sold to another company. Again, the information is used to predict a consumer’s future behavior. The third-party that has access to the consumer’s information can use it to predict that person’s financial capabilities.

First, confidentiality of the information, whether it’s at rest, transit, or use, is crucial. Financial institutions have been targeted by hackers for misconfiguring and mismanaging network vulnerabilities over the years. The failure of using preventive measures such as data encryption plays a key role in this discrepancy. It is challenging to protect large amounts of information that’s in use because it depends on shared computing environments – i.e., wide-area-network that can go across cities or countries. Also, big data is processed on a continuous level that requires a tremendous amount of resources.

Second, privacy of the information is crucial. Consumers have the right to control their personal information. The companies that gain access to this information may share, transfer, or sell the consumer’s information for profitability purposes. The information can be used to directly or indirectly identify the consumer during the process of data aggregation. There are readily-available technologies such as confidential computing, cryptography or data-based applications that can implement confidentiality safeguards. There are state and federal rules and regulations that are designed to promote privacy and security of personal information such as HIPAA, ECPA, FCRA, or GLBA. Also, the European Union’s General Data Protection Regulation (“GDPR”) is designed for the same reasons but is more restrictive than its U.S.-based counterparts.

The California Consumer Privacy Act (“CCPA”) grants consumers control over the personal information that businesses collect about them. Its regulations provide guidance on how to implement the law and secures new privacy rights for California consumers such as: (1) right to know about the personal information a business collects about them and how it’s used and shared; (2) right to delete personal information collected from them with exceptions; (3) right to opt-out of the sale of their personal information; and (4) right to non-discrimination for exercising their legal rights.

We regularly prosecute lawsuits that are related to the lack of infrastructure security and management that led the parties into legal action. In general, companies that have access to personal or confidential information should implement and manage their network infrastructure’s security. This process can be done by installing the right hardware and software applications such as intrusion detection software, malware protection software, and resource management software. Information technology experts know that identification, authentication, authorization, and accountability is important for granting the right user a suitable level of access. The improper handling of this process can lead to a network security breach. Our law firm has handled cases where there was a misconfiguration of these protocols and procedures. In addition, companies that use artificial intelligence should be careful about how to implement these procedures.

Our law firm has managed legal actions related to big data rules or regulations in state and federal courts. We are ready to assist our clients in matters related to internet, technology, and cyberspace laws. Please contact our law firm to speak with an internet attorney at your earliest convenience.