From the Experts: The Risks and Rewards of 'Big Data'

If you have ever waved off a clipboard-wielding survey-taker at the mall, you understand the inherent data-collection challenges faced by shopping center landlords. After all, who has the time to undergo some demographer’s version of the third degree? Thanks to the rapid rise of geo-location technology, however, more mall owners and retailers have been tinkering with data-collection techniques that promise to let customers go about their business undisturbed—at least on the surface.

The idea is to quietly gather shoppers’ location data—for example, where they went in the mall and how long they spent at each location—by tracking the automatic transmissions of their cell phones.

On paper, it sounds ideal: Forget about traffic-counting gadgets and teenage survey-takers; just put up some antennas and let each vendor’s software solution turn those transmissions into actionable intelligence for the sponsoring company.

In practice, however, this promising technique can create significant legal and public relations problems. In one such instance at the end of last year, a series of media reports about cell-tracking by malls and stores created a PR nightmare for one mall owner, which shelved its program amid the complaints of privacy advocates.

The landlord in question had taken pains to tell its customers about this rather innocuous program, but the backlash happened anyway. This is not so surprising. While the likes of the iPhone, Android, and Blackberry are nearly ubiquitous in the United States today, Americans have yet to engage in a robust dialogue about the evolving meaning of privacy in the age of location-based data. More importantly, we have scarcely begun to discuss the sweeping implications of a phenomenon best known in the IT world as “Big Data.”

“Big” is the operative word here. According to IBM, each day humans create about 2.5 quintillion bytes of data globally. This massive volume of information encompasses just about anything you can think of—from Kim Kardashian’s Twitter feed and climate sensors in Antarctica, to the cell phone signal of a suburban mom strolling through a Nordstrom in Atlanta.

Increasingly, companies are seeking to gain an edge by tapping into as many streams of Big Data as possible. As IBM puts it, Big Data amounts to “an opportunity to find insight in new and emerging types of data, to make your business more agile, and to answer questions that, in the past, were beyond reach.”

But as in-house counsel know all too well, a corporation’s assets can quickly become liabilities. And when it comes to Big Data, therein lies the trouble. Today, even old-school companies collect and purchase geo-location, demographic, and credit card information, often passing this to multiple vendors to be parsed, analyzed, and combined with existing stores of customer information acquired through other methods.

Today’s widespread use of GPS technology, moreover, means companies have more location-based data than ever sitting on their servers. But uncertainty about the privacy rights associated with location-based data is just the beginning. The intellectual property, liability, and security issues associated with data of all types are no less significant: Who owns it, and how is the company to keep such-and-such vendor from inadvertently or deliberately compromising the security of its customers and/or employees? Should a data breach occur, what is the company’s liability?

The stakes here are high. Today, Big Data drives entire business models—vendors market “customer relationship management” (CRM) as integral to a successful sales strategy. And yet, as the aforementioned mall owner recently discovered, the uncertainties are such that a public relations problem can develop even if a company does all it can to be aboveboard.

What, then, are some suggestions that in-house counsel can follow to manage these risks without sacrificing their potential benefits?

For many organizations, a logical first step is to conduct a comprehensive data audit.
The idea is to take a close look at the various types of data the company is collecting (sometimes inadvertently) and to analyze exactly how all of this information is being used internally and externally. If the data is being sold or processed with the help of vendors, for example, then these relationships, and any related contracts and licenses, should be closely scrutinized so that potential risks are properly allocated between the parties.

Alternatively, if the data is being used to provide critical or timely decisions, the quality of the data for such applications must be assessed. In addition, the company must understand whether the data it collects is actually being used—as many companies increase their exposure by collecting and maintaining data that they simply do not need.

In any case, the goal is to take a comprehensive look at the role of Big Data at the company—from the standpoint of information security, liability, public relations, intellectual property, e-discovery, employment, and more. By bringing together a multidisciplinary team that likely includes legal experts in such areas—and possibly even highly experienced IT and security consultant partners—companies can start to get a realistic idea of their risk profile vis-à-vis Big Data.

All too often today, the potential risks associated with companies’ use of customer and employee data are the focus of the IT department, rather than the companies’ top lawyers; and in many cases, decisions are made and contracts are entered into without the general counsel having the opportunity to analyze and get in front of the issues. This is likely true, in part, because the technological landscape is evolving so quickly that substantial legal uncertainties remain.

With so many different types of technologies and so much information out there—all of it being deployed at lower and lower levels within the organization—putting out an easy-to-follow HR handbook on Big Data or instituting an effective and timely flow of communications between IT and the legal department is not an easy task. And yet these questions do need to be faced.

Employees need to understand data-related sensitivities, and of course the GC and external counsel need to have these issues on their radar screens as well. On the regulatory front, a host of bills have been introduced over the past couple of years that promise to affect companies’ data-usage responsibilities. Companies need to be informed and have a seat at the table.

Over and above conducting a comprehensive data audit, corporate counsel can also look to put in place common-sense policies that might mitigate risk. Whenever technology is used to collect data from customers or employees, for example, providing clear notice is always a good idea. This might not prevent a backlash such as the aforementioned flap at the mall, but telling people exactly what your company is doing and getting their consent at least gives them the ability to make an effective choice—and is something that the Federal Trade Commission and other agencies focus on when determining whether a company’s practices are reasonable and fair.

Taking care with data usage is also important. Historically, regulators have drawn bright lines between personally identifiable information and aggregated, anonymous information; however, recent developments indicate that those bright lines are becoming blurred and, in some cases, disappearing altogether. This change is driven by the fact that today’s technological capabilities enable a few initially anonymous data points to be combined to yield very targeted and, in some cases, personally identifiable information.

Already, Americans are growing wary of, essentially, being followed by companies of all types. When web advertisers appear to know your ZIP code and demographic profile, and e-commerce sites seem to know exactly what your purchasing preferences are, it can get creepy. Last year, the FTC noted that it was looking into privacy issues related to the increasingly blurry lines between anonymous and personally identifiable information. Companies should do the same. Is selling that customer data actually worth it if some vendor a few steps down the line uses that data improperly?

Today, if you are an in-house counsel at any company that takes advantage of Big Data, you are dealing with a phenomenon that you never had to think about in law school. As of yet, no Continuing Legal Education programs comprehensively address the implications of “Big Data.” Even if a GC wanted to contact a law firm to talk to experts about these issues, she might not know whom to call first within the firm. After all, the laws governing these issues are piecemeal, at best, and do not provide clear-cut guidance as to how to address these issues.

Companies that make the most intensive use of customer and employee data sometimes employ a chief privacy officer, but privacy is only one of several risk areas related to the Big Data phenomenon. From the standpoint of an individual GC, the key is to start asking some specific questions, such as:

What data are we collecting?
How are we and our vendors using it?
What do our customers and employees think?
What does the regulatory picture look like and how is it evolving?
What policies and training do we have in place internally to make sure we do not end up tripping over ourselves in the future?

Clearer answers to such questions will emerge once American consumers, policymakers and business leaders have carefully weighed the pros and cons of the various ways in which Big Data might best be used by public and private interests. Until that happens, GCs will simply need to do their best to track this trend. While Big Data does indeed represent a significant opportunity, it could also turn into a Big Problem for those who fail to manage its potential risks.

Kevin Pomfret is executive director of the Centre for Spatial Law and Policy. Leslie Spasser is a shareholder in LeClairRyan’s Norfolk, Va., office, and leader of the national law firm’s media, Internet and e-commerce industry Team.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Featured Firms

Law Offices of Gary Martin Hays & Associates P.C.

75 Ponce De Leon Ave NE Ste 101

Atlanta, GA 30308

(470) 294-1674

www.garymartinhays.com

Law Offices of Mark E. Salomone

2 Oliver St #608

Boston, MA 02109

(857) 444-6468

www.marksalomone.com

Smith & Hassler

1225 N Loop W #525

Houston, TX 77008

(713) 739-1250

www.smithandhassler.com

Presented by BigVoodoo

More From ALM

What are your legal peers thinking about AI? Are they comfortable using it? What are their biggest fears, and how are they approaching its regulation? Download this report, which illustrates the perspectives that will inform and offer you a competitive edge.

2024 Report: State of AI in Legal

Brought to you by Ironclad
Download Now

Generative AI will transform the eDiscovery landscape. However, enterprises must carefully select their partners or risk falling into the many traps of generative AI. Download this brief to learn more.

Will Generative AIs Transform Legal Services? Defensibility and Security Must Be a Focus

Brought to you by HaystackID
Download Now

Discover how in-house counsel can effectively manage employment issues using advanced legal technology. This white paper explores the benefits of handling employment matters internally, reducing costs, and mitigating risks. Learn from survey data and expert insights on improving your legal department's efficiency and protecting your company's reputation.

Good Legal Technology is Good Business: A Case for Bringing Employment Issues In-House

Brought to you by LexisNexis®
Download Now

Premium Subscription

With this subscription you will receive unlimited access to high quality, online, on-demand premium content from well-respected faculty in the legal industry. This is perfect for attorneys licensed in multiple jurisdictions or for attorneys that have fulfilled their CLE requirement but need to access resourceful information for their practice areas.
View Now

Team Accounts

Our Team Account subscription service is for legal teams of four or more attorneys. Each attorney is granted unlimited access to high quality, on-demand premium content from well-respected faculty in the legal industry along with administrative access to easily manage CLE for the entire team.
View Now

Bundle Subscriptions

Gain access to some of the most knowledgeable and experienced attorneys with our 2 bundle options! Our Compliance bundles are curated by CLE Counselors and include current legal topics and challenges within the industry. Our second option allows you to build your bundle and strategically select the content that pertains to your needs. Both options are priced the same.
View Now

From Data to Decisions

Dynamically explore and compare data on law firms, companies, individual lawyers, and industry trends.

Exclusive Depth and Reach.

Law.com Compass includes access to our exclusive industry reports, combining the unmatched expertise of our analyst team with ALM’s deep bench of proprietary information to provide insights that can’t be found anywhere else.

Big Pictures and Fine Details

Law.com Compass delivers you the full scope of information, from the rankings of the Am Law 200 and NLJ 500 to intricate details and comparisons of firms’ financials, staffing, clients, news and events.

General Counsel Conference Southwest 2024

September 18, 2024 - September 19, 2024
Dallas, TX

Join General Counsel and Senior Legal Leaders at the Premier Forum Designed For and by General Counsel from Fortune 1000 Companies

Learn More

Women, Influence & Power in Law (WIPL) 2024

September 23, 2024 - September 24, 2024
Chicago, IL

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Learn More

Women, Influence & Power in Law US Awards 2024

September 24, 2024
Chicago, IL

Women, Influence & Power in Law Awards honors women lawyers who have made a remarkable difference in the legal profession.

Learn More