866.254.0000
Talk with a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
View All Services
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

«  View All Posts

Big Data - An Airing of Grievances Blog Feature
AVANI DESAI

By: AVANI DESAI

Print/Save as PDF

Big Data - An Airing of Grievances

Cybersecurity Assessments | Privacy Assessments

Scientia potentia est”.  “Knowledge is power”.

For centuries this has been an axiom across all cultures, yet never before has it so truly manifested itself as it has in what we are calling big data today.  Through the effective aggregation and management of information, advanced analytics, and predictive modeling have driven unprecedented strides in science, healthcare, technology, business, and government.  Big data steadily charges forward carrying the banner of innovation, but like any momentous undertaking, it too has its problems.  It seems like for every article you read heralding big data as the lodestar of progress, a countering article is written warning of its wantonness.  The term is now ubiquitous in both discussion and writing almost ad nauseam.  To be perfectly (and maybe pleasingly) forward, this will not be another conceptual or theoretical piece on big data and its potential for good or bad; rather, consider this simply to be a litany of the major faults and concerns voiced about the topic since its birth.  Consider this a conspectus.  Consider this, an airing of the grievances.

Data and Analytical Inaccuracy

I used to imagine big data as being the fuel that drove an organization down the track to new and exciting insights.  Just put it in the tank and go.  I now believe, however, that big data would be better depicted as the thousands of different gas stations an organization fills up at to get down that same track - different sources, different octanes, different grades, different qualities, some not always compatible with others, some not right for the vehicle itself.  There are so many kinds information, modes of inputting, and ways to digest and analyze that, in combination, can lead you to sputter or drive astray.  The risk of data and analytical inaccuracy lies within each of the multiple steps involved in information ingestion and interpretation.

People are human and data entry errors are inevitable.  Mistyping, inverting numbers, selecting incorrect menu items in drop-downs, populating fields with unassociated data, labeling improperly, and failing to completely fill out forms can all lead to data veracity, which is the presence of uncertain or imprecise information.  Beyond inputting, when collecting data from many sources, terminology standardization can be rather difficult even when the collected information relates to the same things with the same attributes.  Common data elements may be called by different names and different data elements may be classified the same.  Consider electronic health records (“EHRs”) for example, where multiple terms may be used to describe a physician’s role in caring for a patient: attending physician, primary care provider, consultant, surgeon, specialist, etc.  Let’s say even if all data is input correctly and is perfectly standardized across all sources, software defects driven by faulty program source code or design can negatively affect data quality.  Furthermore, if the various information sources are not using interoperable systems, records can be fragmented and data could be displaced.  Keep in mind that for every data set added, the likelihood of the aforementioned risks increases.  And practically speaking, even if there’s full confidence in the integrity of the information gathered, analysis can fall flat on its face if the algorithms and formulas used are broken or unaligned with the endgame.  When outlined like this, the pursuit of big data really seems to be more like a mine field.

Spaghetti Soup

Apart from the struggle to collect sound data, controlling a wealth of information can be quite a headache as well.  I once heard a large organization refer to their data management framework (or lack thereof) as spaghetti soup, where they were hopelessly trying to sift through and make meaning of their own poorly structured goulash of accumulated information.  The situation I refer to was attributed to the most common issues in handling data, these being:

  • Employing siloed big data strategies that are blind to the interdependencies across business functions
  • Neglecting to invest in technology that allows for large-scale, highly adaptive, fault-tolerant storage and processing and substantiated analytic decisioning
  • Lacking the data scientists, architects, and supporting tactical players needed for mobilization
  • Failing to earn leadership’s endorsement and ultimately the enterprise’s embrace

The Mosaic Effect and the Gravity of Breaches

The “mosaic effect”, a term coined at the turn of the century and later spotlighted in the White House’s Open Data Policy, defines the challenge big data presents to privacy.  Best articulated by Adam Mazmanian of FCW, the mosaic effect occurs when “disparate threads [of data] can be pieced together in a way that yields information that is supposed to be private”.  As more and more organizations and agencies ride on the big data bandwagon, gross amounts of information continue to be stashed (often without reason).  As more data is discoverable and machine readable, it is likelier that individual datasets, discreet when in isolation, can be combined with other available and public information to identify or expose data subjects, even debilitating the best anonymization and data masking efforts.  Moreover, another reality is that as more information is collected, the worse breaches are going to be.  Stockpiling data makes you a larger target for hacktivity, and when incidents occur, correlatingly more data subjects are laid open to harm, data subjects will have more to lose, legal ramifications will generally be heavier, and will ultimately leave organizations scraping more tarnish off of their reputations.

Unethical Data Interpretation

Prejudice has long sullied our history, but unlike the lurid Bull Connor streets of Birmingham in the 1960’s, there is now serious concern over the subtilization and elaboration of discrimination in this age.  The information in reach today allows for the most exorbitant and covert profiling imaginable.  The protected classes of American federal law are now more than ever vulnerable to underhanded assault at a lancer’s distance.  When discussing the topic, I always think of Andrew Niccol’s film Gattaca - a movie set in the “not so distant future” that explores the unavoidable inequities of eugenics.  The following excerpt summarizes it best:

“My father was right.  It didn't matter how much I lied on my resume.  My real resume was in my cells.  Why should anybody invest all that money to train me when there were a thousand other applicants with a far cleaner profile?  Of course, it's illegal to discriminate, 'genoism' it's called. But no one takes the law seriously.  If you refuse to disclose, they can always take a sample from a door handle or a handshake, even the saliva on your application form.  If in doubt, a legal drug test can just as easily become an illegal peek at your future in the company.”

- Vincent Freeman (Ethan Hawke), Gattaca

The concept of discrimination based on genetic predisposition was once thought of as only the makings of science fiction, but in time became a reality, perpetrated by employers and insurers and in turn contended by the Genetic Information Nondiscrimination Act (GINA) of 2008.  Like these past transgressions, the injustices of the future will come in unfathomable forms and will be greased by advancement and the accessibility of data.

Beyond outright discrimination, what is more confounding is the (often accidental) unethical interpretation of big data, particularly as it relates to marketing.  Where do the benefits of segmentation and personalization end and disparate impact begin?  If a certain race, gender, or age is statistically more or less profitable or costly than another, will the demographic segments you select not to cater to be adversely affected to the point of substantiating discrimination?  Or is that just good business?  As it stands now, the law is quite unclear, and navigating through the gray may prove to be a long and trying journey.

Big data has undeniably armed organizations with the ability to make better decisions faster, reduce costs, and develop new products and services; however, it also seems to have fathered degrees of trepidation.  The amassing of information is inevitable both micro- and macrocosmically, but in light of the associated potential for blunder and societal detriment, parameters, safeguards, and counterbalances need to be affixed fundamentally.  Furthermore, beyond the fray, we need to be farsighted enough to prepare ourselves for the tomorrow that is on the door step.

About AVANI DESAI

Avani Desai is the CEO at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more. Avani also sits on the board of Catalist, a not for profit that empowers women by supporting the creation, development and expansion of collective giving through informed grantmaking. In addition, she is co-chair of 100 Women Strong, a female only venture philanthropic fund to solve problems related to women and children in the community.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Ready delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.