Page 37 - Cyber Defense eMagazine June 2020 Edition
P. 37
What is the Justification for This Threat?
Data gathered from sensors and cameras in the physical world will supplement data already captured by
digital platforms to build consumer profiles of unprecedented detail. The gathering and monetization of
data from social media has already faced widespread condemnation, with regulators determining that
some organizations’ practices are unethical. For example, Facebook’s role in using behavioral data to
affect political advertising for the European Referendum resulted in the UK's Information Commissioner’s
Office fining the organization the maximum penalty in late 2019 – citing a lack of protection of personal
information and privacy and failing to preserve a strong democracy.
Many organizations and governments will become increasingly dependent on behavioral analytics to
underpin business models, as well as for monitoring the workforce and citizens. The development of
‘smart cities’ will only serve to amplify the production and gathering of behavioral data, with people
interacting with digital ecosystems and technologies throughout the day in both private and public spaces.
Data will be harvested, repurposed, and sold to third parties, while the analysis will provide insights about
individuals that they didn’t even know themselves.
An increasing number of individuals and consumer-rights groups are realizing how invasive behavioral
analytics can be. An example of an associated backlash involved New York’s Hudson Yard in 2019,
where the management required visitors to sign away the rights to their own photos taken of a specific
building. However, this obligation was hidden within the small print of the contract signed by visitors upon
entry. These visitors boycotted the building and sent thousands of complaints, resulting in the
organization backtracking and rewriting the contracts. Another substantial backlash surrounding invasive
data collection occurred in London when Argent, a biometrics vendor, used facial recognition software to
track individuals across a 67-acre site surrounding King's Cross Station without consent.
Attackers will also see this swathe of highly personal data as a key target. For example, data relating to
individuals’ personal habits, medical and insurance details, will present an enticing prospect.
Organizations that do not secure this information will face further scrutiny and potential fines from
regulators.
How Should Your Organization Prepare?
Organizations that have invested in a range of sensors, cameras and applications for data gathering and
behavioral analysis should ensure that current technical infrastructure is secure by design and is
compliant with regulatory requirements.
In the short term, organizations should build and incorporate data gathering principles into a corporate
policy. Additionally, they need to create transparency over data gathering practices and use and fully
understand the legal and contractual exposure on harvesting, repurposing and selling data.
In the long term, implement privacy by design across the organization and identify the use of data in
supply chain relationships. Finally, ensure that algorithms used in behavioral analytical systems are not
skewed or biased towards particular demographics.
Cyber Defense eMagazine –June 2020 Edition 37
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
