Privacy | Information Security | Machine Learning
Minimizing data breaches and privacy compliance are now top strategic and operational priorities for organizations given increasingly onerous data privacy regulatory requirements.
Consider the facts:
- The Identity Theft Resource Center found that data breaches have increased 40% from 2015 to 2016, an all-time high of 1,093 breaches in the US alone;
- The average cost per breach in 2016 is pegged at $4 million per breach, up 29% from the year prior;
- Regulatory agencies have more teeth in enforcement actions in the form of penalties as evidenced by the Federal Communications Commission levying a fine of $25 million against AT&T for the unauthorized disclosure of 280,000 customer Fines under the GDPR for non-compliance could be as high as €20 million or 4% of annual revenue; and
- The 2016 Telstra Cybersecurity Report found that nearly 60% of organizations surveyed lack sufficient cyber security and privacy staff to handle the increasing demands to address legal compliance and supporting robust information security best
What is Machine Learning?
Machine learning technologies are not new. Technologies such as document capture, pattern recognition, and knowledge management are widely used to automate the digitization of documents.
With the advent of big data and cloud computing, machine learning is gaining mainstream adoption. Referred to as deep learning, a more advanced form of machine learning, is designed to process and analyze "high volume, high velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making.”
Applications of deep learning such as fraud detection and recommendation engines deliver significant commercial benefits by empowering organizations such as banks and e-commerce providers such as Amazon and Netflix to gain granular and contextual insight into customer sentiments and buying preferences.
While these advances in machine learning technologies do benefit consumers, they may also potentially compromise their privacy rights. For example, profiling based on consumer’s social media likes and preferences, while delivering value in the form of more targeted advertising, may expose personally identifiable information by combining such information with other metadata such as GPS information.
A recent decision by the US Supreme Court in Riley recognized the potentially adverse consequences of profiling based on the collection of metadata: “An Internet search and browsing history, for example, could reveal an individual’s private interests or concerns”. Moreover, GDPR recognizes the importance of protecting privacy rights relating to “any form of automated processing of personal data consisting of data to evaluate personal preferences, interests, behavior, location, and movements.”
