This is the sixth post in a series on privacy by Andrew Pery. You might also be interested in:

• The Privacy and Security Dichotomy
• GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law
• Privacy by Design: The Intersection of Law and Technology
• What Do the GDPR and new Privacy Laws Mean for U.S. Companies?  
• Balancing Privacy Rights with Social Utility in the Age of the Internet of Things.

Minimizing data breaches and privacy compliance are now top strategic and operational priorities for organizations given increasingly onerous data privacy regulatory requirements.

Consider the facts:

• The Identity Theft Resource Center found that data breaches have increased 40% from 2015 to 2016, an all-time high of 1,093 breaches in the US alone;
• The average cost per breach in 2016 is pegged at $4 million per breach, up 29% from the year prior;
• Regulatory agencies have more teeth in enforcement actions in the form of penalties as evidenced by the Federal Communications Commission levying a fine of $25 million against AT&T for the unauthorized disclosure of 280,000 customer Fines under the GDPR for non-compliance could be as high as €20 million or 4% of annual revenue; and
• The 2016 Telstra Cybersecurity Report found that nearly 60% of organizations surveyed lack sufficient cyber security and privacy staff to handle the increasing demands to address legal compliance and supporting robust information security best

Machine learning technologies are not new. Technologies such as document capture, pattern recognition and knowledge management are widely used to automate the digitization of documents.

With the advent of big data and cloud computing machine learning is gaining mainstream adoption. Referred to as deep learning, a more advanced form of machine learning, is designed to process and analyze “high volume, high velocity and high-variety information assets that demand cost effective, innovative forms of information processing for enhanced insight and decision making’”

Applications of deep learning such as fraud detection and recommendation engines deliver significant commercial benefits by empowering organizations such as banks and e-commerce providers such as Amazon and Netflix to gain granular and contextual insight to customer sentiments and buying preferences.

While these advances in machine learning technologies do benefit consumers they may also potentially compromise their privacy rights. For example, profiling based on consumer’s social media likes and preferences, while deliver value in the form of more targeted advertising, may expose personally identifiable information by combining such information with other metadata such as GPS information.

A recent decision by the US Supreme Court in Riley recognized the potentially adverse consequences of profiling based on the collection of metadata: “An Internet search and browsing history, for example, could reveal an individual’s private interests or concerns”. Moreover, GDPR recognizes the importance of protecting privacy rights relating to “any form of automated processing of personal data consisting of data to evaluate personal preferences, interests, behavior, location and movements.” 

About the author:  Andrew Pery is a marketing executive with over 25 years of experience in the high technology sector focusing on content management and business process automation.  Currenly Andrew is CMO of Top Image Systems.  Andrew holds a Masters of Law degree with Distinction from Northwestern University is a Certified Information Privacy Professional (CIPP/C) and a Certified Information Professional (CIP/AIIM).

[Note from JM:  All this has me thinking about privacy challenges of managing increasing volumes of data, and particularly compliance challenges looming with the pending new European privacy rules - the GDPR. Andrew and I wrote a new eBook on the topic -- Information Privacy and Data Protection Regulation --The EU GDPR is Just the Tip of the Iceberg. Check it out.