HKU Big Data and Privacy Workshop. Privacy Risks of Big Data Analytics From a Regulator s Point of View

Similar documents
Big Data + Smart City = Weak Privacy + Weak Security?

Romans 13:8 is an often misunderstood verse because it says, Owe nothing to anyone.

ADVISORY GUIDELINES ON THE PERSONAL DATA PROTECTION ACT FOR SELECTED TOPICS ISSUED BY THE PERSONAL DATA PROTECTION COMMISSION ISSUED 24 SEPTEMBER 2013

Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "

Which flu vaccine should you or your child

Application for Health Coverage & Help Paying Costs (Short Form)

Application for Health Coverage & Help Paying Costs

HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS

HIPAA-Compliant Research Access to PHI

Application for Health Coverage & Help Paying Costs

Application for Health Coverage & Help Paying Costs

Apply faster online at Compass.ga.gov.

Guide to Legal Costs the mystery explained

A Q&A with the Commissioner: Big Data and Privacy Health Research: Big Data, Health Research Yes! Personal Data No!

Grandparent Custody and Visitation Issues

Application for Health Coverage and Help Paying Costs

Guidance on Personal Data Erasure and Anonymisation 1

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University

Credit Reports and How to Dispute Credit Report Errors

Colorado s 2005 Tobacco Tax Increase, Cigarette Consumption, and Tax Revenues

privacy and credit reporting policy.

1) Medical Website Design ~ Medical Website Design would also be the main keyword phrase to target. 500 Words.

Privacy: Legal Aspects of Big Data and Information Security

Taking Care of Both of You

Do you drink or use other drugs? You could be harming more than just your health.

our Health Your Rights Your Health, Your Rights

De-identification Koans. ICTR Data Managers Darren Lacey January 15, 2013

Estuardo R. Ponciano, J.D. Assistant Director of Admissions UCIrvine SchoolofLawof

The U.K. Information Commissioner s Office Report on Big Data and Data Protection

Have you ever accessed

How to Dispute Credit Report Errors Y

Challenges of Data Privacy in the Era of Big Data. Rebecca C. Steorts, Vishesh Karwa Carnegie Mellon University November 18, 2014

The Top Five. FMLA Compliance Mistakes That Could Land You in Court

Si Ud. no entiende esto, llame a su oficina local del Michigan Department of Health and Human Services.

How to complain to your claims management company

I C C R. Cigarettes: Stress Relief Or Just A Bunch Of Smoke? Gain Attention/Interest: Think & Write #1. Goals: Basic Idea:

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin

HEALTH CARE R E F O R M

Privacy Committee. Privacy and Open Data Guideline. Guideline. Of South Australia. Version 1

You will need to mail or fax us copies of items that apply to your case. See the next page for a list of these items.

Health Insurance Coverage

Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010

Big Data Big Security Problems? Ivan Damgård, Aarhus University

(Big) Data Anonymization Claude Castelluccia Inria, Privatics

5. MY RIGHTS IN THE FAMILY

How to Dispute Credit Report Errors

Lesson Seventeen: Uncovering the Facts about Adoption, Abortion and Teen Parenthood

Unit One: The Basics of Investing

De-Identification 101

Oregon Department of Human Services (DHS) Vocational Rehabilitation (VR)

Generating Leads While You Sleep

PUBLIC CONSULTATION ISSUED BY THE PERSONAL DATA PROTECTION COMMISSION

Frequently asked questions about whooping cough (pertussis)

In order to adjudicate an appeal, OPM requires claimants or their authorized representatives to submit the following information:

CORSISTA (COGNOME NOME) LUOGO E DATA DI NASCITA SEDE DI SERVIZIO TELEFONO SCUOLA RECAPITI TELEFONICI PERSONALI

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

Introduction to Big Data! with Apache Spark" UC#BERKELEY#

Scottish Parliament Health and Sport Committee s Inquiry into Teenage Pregnancy in Scotland Evidence from CHILDREN 1 ST

GOT TAX PROBLEMS? THINGS THE IRS DOESN T WANT YOU TO KNOW (BUT YOU WILL LEARN BY READING THIS!)

Dartmouth College Information About the Family and Medical Leave Act

Where s my real ROI? White Paper #1 February expert Services

How To Get A Better Home Loan Rate In Australia

role of independent assessor

Transcription:

HKU Big Data and Privacy Workshop Privacy Risks of Big Data Analytics From a Regulator s Point of View 30 November 2015 Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong Kong

Big Data Analytics and Mobile Apps 1. Data protection principles 2. Big data analytics and privacy 1

Collection OECD Privacy Framework Principles Personal Data Flow Storage, Use or Processing Retention/ Erasure IT System Collection Limitation Data Quality Purpose Specifications Use Limitation Security Safeguards Openness Individual Participation Accountability 2

Big Data Analytics and Mobile Apps 1. Data protection principles 2. Big data analytics and privacy 3

Big Data and Privacy Failures of Big Data Analytics 4

Failures of Big Data Analytics Google Flu Prediction It does not always work Underestimated by half in 2009 when comparing with CDC data Overestimated by half in 2012 when comparing with CDC data Predictor of flu or predictor of winter? A black-box approach makes it hard for people to judge 5

Failures of Big Data Analytics US Presidential Election Past performance does not guarantee future results Colorado professors built a data model that correctly backward predicted the eight US presidential election results since 1980 It failed to forward predict the 2012 election 6

Big Data and Privacy Privacy risks of big data analytics 7

Privacy Risks of Big Data Analytics 1. Sense of rights violation or surprise 2. Re-identification 3. Negative impact/discrimination 8

Privacy Risks of Big Data Analytics 1. Sense of rights violation or surprise 2. Re-identification 3. Negative impact/discrimination 9

Big Data and Privacy Correct predication can still be creepy 10

The Surprise of Big Data Analytics Target s Pregnancy Prediction If it works in this way 11

The Surprise of Big Data Analytics Target s Pregnancy Prediction Target learnt this lesson: Then we started, in the same mailer, mixing baby items with other things we know they would never buy, like lawn mower as long as the pregnant woman doesn t know she has been spied on, it works and she would use the coupons 12

Privacy Risks of Big Data Analytics 1. Sense of rights violation or surprise 2. Re-identification 3. Negative impact/discrimination 13

Big Data and Privacy The myth of anonymisation 14

The Myth of Anonymisation AOL released anonymised search records of 650,000 people over a three-month period User 4417749 was found to be Ms Arnold of Lilburn of Georgia through the keywords she entered Her searches also included nicotine effect, dry mouth, hand tremors, bipolar disorder do we need to worry about Ms Arnold s physical and mental health? 15

The Myth of Anonymisation Anonymised Massachusetts state employee hospital records State employee hospital records released for research Governor reassured the public that the data was deidentified Governor s own record reidentified by a researcher by matching date of birth, gender and ZIP code with a voter database that costed US$20. 16

The Myth of Anonymisation How much data do you need to identify someone? 87% US population can be identified by using Zip code, gender and date of birth; 53% by place, gender and date of birth; and 18% by county, gender and date of birth. 17

The Myth of Anonymisation The only way to make data anonymous is to make it useless Professor Paul Ohm (University of Colorado Law School) 18

Privacy Risks of Big Data Analytics 1. Sense of rights violation or surprise 2. Re-identification 3. Negative impact/discrimination 19

Big Data and Privacy Before we look at discrimination, let s look at the reality of big data analytics 20

The Reality of Big Data Analytics Big data analytics: Correlation Causation 21

The (Academic) Reality of Big Data Analytics US spending on science, space, and technology reveals Suicides by hanging, strangulation and suffocation? 22

The (Academic) Reality of Big Data Analytics Number of Nicolas Cage films reveals swimming-pool drowning? 23

The (Academic) Reality of Big Data Analytics Divorce rate in Maine reveals Per capita consumption of margarine? 24

The Reality of Big Data Analytics But, do we really care about the difference between correlation and causation? 25

The (Commercial) Reality of Big Data Analytics Do you care about correlation or causation if you were the Samaritans at this point? 26

The (Commercial) Reality of Big Data Analytics Do you care about correlation or causation if you were a pool-side lifeguard at this time? 27

The (Commercial) Reality of Big Data Analytics What would you do if you are a margarine producer in the US and learn about the divorce rate in Maine at this time? 28

The Reality of Big Data Analytics 29

The Reality of Big Data Analytics Marketers are not interested in theories, they are interested in results. So if it works, what s the problem? So if users of table feet protectors pay back their loans promptly, what s wrong in lending to them? The problem lies with the have not, those that you are not targeted. You ve denied them of things that they may otherwise entitle to 30

The Reality of Big Data Analytics Is there a solution to this? Need to know what big data is and isn t good at IS Pattern matcher Gives recommendations ISN T Substitutes for proper data collection and analysis, and theory generation (big data hubris) Hand-free predictor 31

Privacy Challenge of Big Data Analytics Risks recap: 1. The (unintended) impacts on people when it is working; 2. The risks of re-identifying people from anonymised sensitive data; and 3. The targeted not. There is a human being behind all those data analytics and decisionmaking. Can things be redressed when something goes wrong? 32

Big Data Analytics 33

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information