2014 was filled with news of cyber security attacks. Home Depot, Sony, Affinity Gaming, JP Morgan Chase, Michaels, Sally Beauty, Dairy Queen and many others fell victim to cybercrime. No one was safe – gamblers, beauty queens, ice cream lovers, and artists included. 2015 will see a rise in cybersecurity attacks, yes, but that is stating the obvious. The new threat to watch is a rise in data misuse, resulting in the exposure of sensitive data.
What is the difference between data security and data misuse? Data security is mainly concerned with keeping outsiders (cybercriminals, foreign governments, hacktavists, etc.) from accessing data and stopping proprietary data from walking out the door. Of course, if security controls fail and customer data is accessed by outsiders, privacy may be violated.
Data misuse is concerned with making sure data is used appropriately, i.e. as defined and consented to when the data was initially collected. Laws and company policies may also define acceptable and unacceptable uses. Data may be secure, but authorized users can potentially misuse it. Think of the Uber example where an executive is reported to have violated the company’s policy by using its “God View” tool. Or of a pharmaceutical company using patient data for marketing purposes, without the patient’s consent. These examples are not cyber security violations, but rather a violation of data privacy.
Back to our data use prediction. Companies are gathering personal data at an exponential rate. With large sets of data and more powerful tools, it is possible to blend shopping data and medical history to make health decisions. What other decisions are made about you when your app knows you missed your 10,000 steps?
This is the data misuse risk: tools to ensure appropriate data usage have not kept up with big data’s growing tools. Access control prevents unauthorized persons from acquiring sensitive data, but does not provide visibility into how the data is being used. Compliance solutions can validate whether a company has taken actions mandated by government regulations, but provide no visibility into the ongoing effectiveness of these actions. What is needed is a real-time, data use protection solution that continuously monitors and analyzes how data is being used as validated against the policies. In the absence of such a solution and the continued growth of big data collection and analytics, we will certainly see more inappropriate data usage in 2015.