The widespread use of generative AI brings a range of ethical considerations that need to be carefully addressed to ensure responsible and fair deployment. Here are some key ethical considerations:

1. Bias and Fairness:

• Data Bias: Generative AI systems can inherit biases present in their training data, leading to biased outputs that may reinforce stereotypes or discriminate against certain groups.
• Fairness: Ensuring that AI systems treat all individuals and groups fairly and do not perpetuate or amplify existing inequalities.

2. Privacy and Security:

• Data Privacy: Generative AI models often require large amounts of data, raising concerns about the privacy of the individuals whose data is used.
• Security Risks: There is a risk of sensitive information being inadvertently generated or exposed, as well as potential misuse of AI for malicious purposes such as generating fake news or deepfakes.

3. Accountability and Transparency:

• Accountability: Determining who is responsible for the actions and outputs of generative AI systems, particularly in cases of harm or unintended consequences.
• Transparency: Making AI systems understandable and transparent to users, including how they work and how decisions are made, to build trust and allow for scrutiny.

4. Intellectual Property and Ownership:

• Content Ownership: Questions about who owns the content generated by AI, particularly when it is created using data from various sources.
• Intellectual Property: Ensuring that the use of data and content respects existing intellectual property laws and the rights of original creators.

5. Social and Economic Impact:

• Job Displacement: The potential for generative AI to automate tasks and displace jobs, leading to economic disruption and the need for new forms of employment and training.
• Societal Impact: The broader impact on society, including the way information is created and consumed, and the potential for AI to influence public opinion and behavior.

6. Misinformation and Manipulation:

• Fake Content: The ability of generative AI to create realistic but fake content, such as deepfakes, which can be used to spread misinformation and manipulate public perception.
• Trust in Information: The challenge of distinguishing between real and AI-generated content, potentially eroding trust in information sources.

7. Ethical Use and Regulation:

• Ethical Guidelines: Developing and adhering to ethical guidelines for the development and use of generative AI to ensure it is used responsibly and for the benefit of society.
• Regulation: Implementing appropriate regulations to oversee the use of generative AI, ensuring it aligns with societal values and legal standards.

8. Autonomy and Human Agency:

• Human Control: Ensuring that humans remain in control of AI systems and that AI does not undermine human autonomy or decision-making capabilities.
• Consent and Participation: Respecting the consent and participation of individuals in the data used to train AI models and in the deployment of AI systems that affect them.

Addressing these ethical considerations requires collaboration between AI developers, policymakers, ethicists, and society at large to create frameworks and guidelines that ensure the responsible use of generative AI.

The post What are the ethical considerations for the widespread use of generative AI? appeared first on Artificial Intelligence.

Back in 2019, Healthcare IT News reported on a unique privacy case involving Google and the University of Chicago Medical Center – which had been named as defendants in a class action suit alleging that they’d failed to properly de-identify data used for machine learning research and predictive analytics projects.

The suit’s plaintiff, Daniel Dinerstein, who was a patient at UChicago in 2015, alleged that, while Google and UCMC claimed the medical records used were de-identified, such a claim was “misleading.”

Given that the data provided to Google by the university “included detailed datestamps and copious free-text notes,” he alleged, the tech giant’s expertise in data mining and artificial intelligence made it “uniquely able to determine the identity of almost every medical record the university released.”

On September 4, Judge Rebecca R. Pallmeyer of the U.S. District Court for the Northern District of Illinois granted the University of Chicago and Google’s motions to dismiss the suit.

“Plaintiff suggests that the risk of re-identification was in fact substantial because of the information Google already possesses about individuals through the other services it provides,” Pallmeyer writes in her decision.

“Specifically, the amended complaint refers to Google as ‘one of the largest and most comprehensive data mining companies in the world, drawing data from thousands of sources and compiling information about individuals’ personal traits (gender, age, sexuality, race), personal habits, purchases, and associations.’ Google has ‘create[d] detailed profiles of millions of Americans,’ including public and nonpublic information, and ‘possess[es] detailed geolocation information that it can use to pinpoint and match exactly when certain people entered and visited the University’s hospital,’ according to the amended complaint,” she explained.

“In fact, for a user of Google applications like Mr. Dinerstein, Google can track the specific University hospital buildings or departments he visited and the time of his visits. Plaintiff alleges that the combination of such geolocation information and the EHRs, which include the date and time of hospital services, ‘creates a perfect formulation of data points for Google to identify who the patients in those records really are.’ The amended complaint does not allege, however, that Google has in fact used its extensive data to re-identify any EHRs.”

De-identification, re-identification

The use of de-identified data has been common for years, of course. But so have challenges around keeping it that way. As far back as 2010, the Office of the National Coordinator for Health IT was studying how to manage the privacy risks presented by health information that had been stripped of personal identifiers – the potential for “re-identification.”

The contours of this University of Chicago case are similar in some respects to the so-called “Project Nightingale” initiative between Google and Ascension, which got lots of mainstream media attention this past November, amid concerns over how the Mountain View, California, company was using patient data to help inform its design of new AI and machine learning software for Ascension.

In many respects, the collaboration “is not unlike arrangements that happen every day in America between hospitals and other covered entities and contractors performing services on their behalf,” Deven McGraw, former deputy director for health information privacy at the HHS Office for Civil Rights and now chief regulatory officer at health data startup Ciitizen, said at the time. “Many hospitals have hundreds of business associates, all with extensive access to PHI.

But Google isn’t just any vendor, McGraw acknowledged. It “has access to so much other data about individuals,” she said, and therefore understood concerns that “it may not be possible for data to be truly de-identified in their hands, given all of the data to which they have access.”

As long as Google “fulfills its privacy and security obligations under HIPAA with regard to the protected health information provided by Ascension, there is no HIPAA issue on the face of things,” added healthcare attorney Matthew Fisher, partner at Westborough, Massachusetts-based Mirick, O’Connell, DeMallie & Lougee. “However, given the enormous amount of data held by Google, a maybe not so academic question exists of whether data can be de-identified when in Google’s possession.”

The post Judge dismisses data privacy suit against University of Chicago and Google appeared first on Artificial Intelligence.

Patient safety, data privacy, and health equity are key considerations for the use of chatbots powered by artificial intelligence in healthcare, according to a viewpoint piece published in JAMA.

With the emergence of COVID-19 and social distancing guidelines, more healthcare systems are exploring and deploying automated chatbots, the authors noted. However, there are several key considerations organizations should keep in mind before implementing these tools.

“We need to recognize that this is relatively new technology and even for the older systems that were in place, the data are limited,” said the viewpoint’s lead author, John D. McGreevey III, MD, an associate professor of Medicine in the Perelman School of Medicine at the University of Pennsylvania.

“Any efforts also need to realize that much of the data we have comes from research, not widespread clinical implementation. Knowing that, evaluation of these systems must be robust when they enter the clinical space, and those operating them should be nimble enough to adapt quickly to feedback.”

The authors outlined 12 different focus areas that leaders should consider when planning to implement a chatbot or conversational agent (CA) in clinical care. For chatbots that use natural language processing, the messages these agents send to patients are extremely significant, as are patient’s reactions to them.

“It is important to recognize the potential, as noted in the NAM report, that CAs will raise questions of trust and may change patient-clinician relationships. A most basic question is to what extent CAs should extend the capabilities of clinicians (augmented intelligence) or replace them (artificial intelligence),” the authors said.

“Likewise, determining the scope of the authority of CAs requires examination of appropriate clinical scenarios and the latitude for patient engagement.”

The authors considered the example of someone telling a chatbot something as serious as “I want to hurt myself.” In this case, the patient safety element is brought to the forefront, as someone would need to be monitoring the chatbot often.

This hypothetical situation also raises the question of whether patients would take a response from a chatbot seriously, as well as who is responsible if the chatbot fails in its task.

“Even though technologies to determine mood, tone, and intent are becoming more sophisticated, they are not yet universally deployed in CAs nor validated for most populations,” the authors said.

“Moreover, there is no mention of CAs in the US Food and Drug Administration’s (FDA) proposed regulatory framework for AI or machine learning for software as a medical device nor is there a user’s guide for deploying these platforms in clinical settings.”

The authors also noted that regulatory organizations like the FDA should develop frameworks for appropriate classification and oversight of CAs in healthcare. For example, policymakers could classify CAs as low risk versus higher risk.

“Low-risk CAs might be less automated, structured for a specialized task, and have relatively minor consequences if they fail. A CA that guides patients to appointments might be one such example,” the authors wrote.

“In contrast, higher-risk CAs would involve more automation (natural language processing, machine learning), unstructured, open-ended dialogue with patients, and have potentially serious patient consequences in the event of system failure. Examples of higher-risk CAs might be those that advise patients after hospital discharge or offer recommendations to patients about titrating medications.”

Additionally, the authors noted that in partnerships between vendors and healthcare organizations to use CAs, all should be mindful of converging incentives and work to balance these goals with attention to each of the domains.

“Given the potential of CAs to benefit patients and clinicians, continued innovation should be supported. However, hacking of CA systems (as with other medical systems) represents a cybersecurity threat, perhaps allowing individuals with malicious intent to manipulate patient-CA interactions and even offer harmful recommendations, such as quadrupling an anticoagulant dose,” the authors stated.

The authors stated that ultimately, the successful and effective deployment of chatbots in healthcare will depend on the industry’s ability to assess these tools.

“Conversational agents are just beginning in clinical practice settings, with COVID-19 spurring greater interest in this field. The use of CAs may improve health outcomes and lower costs. Researchers and developers, in partnership with patients and clinicians, should rigorously evaluate these programs,” the authors concluded.

“Further consideration and investigation involving CAs and related technologies will be necessary, not only to determine their potential benefits but also to establish transparency, appropriate oversight, and safety.”

Healthcare leaders will need to ensure they continually evaluate the capacity of these tools to improve care delivery.

“It’s our belief that the work is not done when the conversational agent is deployed,” McGreevey said. “These are going to be increasingly impactful technologies that deserve to be monitored not just before they are launched, but continuously throughout the life cycle of their work with patients.”

The post Patient Safety, Data Privacy Key for Use of AI-Powered Chatbots appeared first on Artificial Intelligence.

March 19, 2020 – Sentara Healthcare, one of the nation’s oldest not-for-profit health systems, recently announced that it partnered with CitiusTech to implement a next-gen enterprise data platform (EDP).

Using Microsoft Partner Citius’s H-Scale solution, Sentara completed the deployment of the EDP to provide a single, consolidated view of provider, payer, and enterprise information from Sentara and Optima Health Plan, a wholly-owned subsidiary.

“Sentara is committed to delivering high-quality healthcare and innovative services that meet the unique needs of the communities we serve,” Michael Reagin, Sentara Healthcare senior vice president and chief information and innovation officer, said in the announcement.

“We collaborated with CitiusTech to develop an EDP that provides us more flexibility and scale to continue meeting the changing demands of our patients, care teams, and partners across the care continuum.”

The end-to-end data management solution will ingest, curate, transform, and reconcile data from five different sources and create a 360-degree view of the patient record. Sentra ensured that the EDP leverages HIPAA compliant PaaS service offerings of Azure, which can scale large data volume to save nearly $1.5 million annually by moving away from an on-premise model, the announcement stated.

“Next-gen interoperability and real-time data access have become imperative for healthcare organizations to enhance quality of care and align with value-based models,” said Rizwan Koita, CEO of CitiusTech. “Sentra Healthcare with its cloud-first strategy has built an industry-leading data platform using CitiusTech’s H-Scale on Microsoft Azure to support its data-driven performance.”

Sentra is now able to aggregate information and generate insights by implementing artificial intelligence (AI) and machine learning models, which may save $3 million a year through efficiency improvements across the organization.

“Microsoft Azure enabled CitiusTech to deliver a cloud-based enterprise-wide healthcare data management solution. This enabled Sentara to get a holistic view of patient information across their enterprise,” said Gareth Hall, director of business strategy for Worldwide Healthcare at Microsoft. “CitiusTech H-Scale, combined with Azure, helps customers achieve scale in the healthcare data management.”

Artificial intelligence and blockchain have become increasingly prominent in the healthcare space to improve data storage and interoperability.

Last year, Sentara partnered with Cigna Health to build, share, and deploy solutions using blockchain technology. The collaboration also involved Aetna, Anthem, Health Care ServiceCorporation (HCSC), PNC Bank, and IBM.

“We came together to create the health utility network realizing the need to improve transparency and interoperability in the industry in order to improve healthcare for all Americans,” said Rajeev Ronanki, chief digital officer of Anthem Inc. “Engaging additional members across partner levels and industry perspectives will increase the network’s reach and ability to deliver high-value solutions.”

Experts believe blockchain can transform healthcare by improving data access across networks and implement new patient-centered delivery models.

“By working together and joining health utility networks as a founding member, we have a significant opportunity to create new efficiencies that will lead to improved whole-person health and wellness outcomes for our customers and clients,” Mark Boxer, executive vice president and chief information officer at Cigna concluded.

The post Sentara Makes Moves to Deploy Data Platform on Microsoft Azure appeared first on Artificial Intelligence.

February 14, 2020 – Artificial Intelligence (AI) adoption is gradually becoming more prominent in health systems, but 75 percent of healthcare insiders are concerned that AI could threaten the security and privacy of patient data, according to a recent survey from KPMG.  

Although 91 percent of healthcare respondents believe that AI implementation is increasing patient access to care, the survey of 751 US business decision makers uncovered. The survey explored the barriers and challenges that have the potential to hamper the integration of AI technologies in healthcare organizations.

Healthcare security is a top concern for insiders with 75 percent responding that they believe AI could threaten patient data privacy. But 86 percent of respondents said their organizations are taking steps to protect patient privacy as it implements AI. 

Organizations believe that a broad understanding of AI and talent in the space are musts to ensure success, but many insiders reported major challenges in these areas. 

Despite this, only 47 percent of healthcare insiders responded that their organizations offer AI training courses to employees. While only 67 percent said their employees support AI adoption, the lowest ranking of any industry. 

“Comprehending the full range of AI technology, and how best to apply it in a healthcare setting, is a learned skill that grows out of pilots and tests. Building an AI-ready workforce requires a wholesale change in the approach to training and how to acquire talent. Having people who understand how AI can solve big, complex problems is critical,” Melissa Edwards, managing director and digital enablement at KPMG said in the survey. 

Cost is a major barrier for organizations as well. Successful AI implementation requires a large investment, which means that organizations who are already feeling budget-burned may be slower to fund AI. 

Thirty-seven percent of healthcare industry executives reported that the pace in which they are implementing AI is too slow. 

But Edwards highlighted that the pace has actually greatly increased in the past few years. 

“The pace with which hospital systems have adopted AI and automation programs has dramatically increased since 2017,” she said.” Virtually, all major healthcare providers are moving ahead with pilots or programs in these areas. The medical literature is showing support of AI’s power as a tool to help clinicians.”

Fifty-four percent of executives voiced that to date, AI has increased the overall cost of healthcare. “The question is, ‘Where do I put my AI efforts to get the greatest gain for the business? Trying to assess what ROI will look like is a very relevant point as they embark on their AI journey,” Edward said. 

Last year, The White House called for more transparency and “explainability” in healthcare AI through the National Artificial Intelligence Research and Development Strategic Plan: 2019 Update. 

The plan identified eight strategic priorities for federally-funded AI research including to prioritize investments in the next generation of AI that will drive discovery and insight and enable the US to remain a leader in AI and develop effective methods for human-AI collaboration. 

The plan also included:  

• Addressing the ethical, legal, and societal implications of AI
• Ensuring the safety and security of AI systems
• Developing shared public datasets and environments for AI training and testing
• Evaluating AI technologies using standards and benchmarks
• Understanding the national AI R&D workforce needs
• Expanding public-private partnerships to accelerate advances in AI

“AI technologies are critical for addressing a range of long-term challenges, such as constructing advanced healthcare systems, a robust intelligent transportation system, and resilient energy and telecommunication networks,” the plan concluded.

The post Challenges of Artificial Intelligence Adoption in Healthcare appeared first on Artificial Intelligence.

Newark, New Jersey-based Duality Technologies, a provider of privacy-enhancing data science solutions, today announced that it’s raised $16 million in a series A round led by Intel Capital, with participation from Hearst Ventures and existing investor Team 8. Duality previously raised $4 million in a November 2018 round, which together with this latest tranche brings its total raised to about $20 million.

Cofounder and CEO Alon Kaufman said that Duality will leverage the fresh funding to continue developing its secure computing platform and to expand into new segments. To this end, it recently collaborated with Intel to explore the challenges of AI workloads using encryption, which informed efforts like the open source HE-Transformer backend for Intel’s n Graph neural network compiler.

“AI and Machine Learning are transforming countless industries, but they have also created new privacy challenges that regulation alone can’t solve,” said Kaufman. “We are excited by the investment of Intel Capital, Hearst Ventures. and Team8 in Duality, and look forward to collaborating with these industry leaders in delivering innovative privacy-enhanced solutions to the market. Our mission is to reconcile data utility and privacy while unlocking a whole new world of secure collaborative business opportunities for our customers.”

Duality keeps a low profile but deals principally in homomorphic encryption, a form of cryptography that enables computation on plaintext (file contents) encrypted using an algorithm (also known as ciphertexts). It generates an encrypted result that when decrypted exactly matches the result of operations that would have been performed on unencrypted text.

Duality’s Secure Plus offering enables multiple parties to collaborate without exposing their data or analytics models. Data remains protected end-to-end even when analyzed in untrusted cloud environments, courtesy “quantum-resistant” technologies that conform to the standards laid out by the homomorphic encryption industry consortium.

Duality pitches the platform as a privacy-preserving solution for “numerous” enterprises, particularly those in regulated industries. Banks using SecurePlus can conduct privacy-enhanced financial crime investigations across institutions, the company says, while scientists can tap it to collaborate on research involving patient records. Even retailers stand to benefit with privacy-preserving data supply chain schemes enabled by homomorphic encryption.

“Intel Capital has been following the space closely, and we are excited to see secure computing and homomorphic encryption becoming practical and broadly applicable,” said Intel Capital vice president and senior managing director Anthony Lin. “We believe privacy-preservation in AI and ML represents a huge market need, and we’re investing in Duality because of its unique founding team and world-leading expertise in both advanced cryptography and data science.”

Hearst Ventures senior managing director Kenneth Bronfin added, “As a leading global, diversified media, information and services company with more than 360 businesses across industries, we are acutely aware of the increasing importance of data and data collaboration in companies across many market segments. Sensitive data is constantly being generated by both individuals and businesses; there needs to be technology available that protects such data while allowing us to extract insights.”

Duality was confounded in 2016 by Kaufman, chairwoman Rina Shainski, Turing Award-winning professor Shafi Goldwasser, MIT professor Vinod Vaikuntanathan, and open source pioneer Dr. Kurt Rohloff. Vaikuntanathan is the co-inventor of the foundation BGV homomorphic encryption scheme, and Rohloff is the founder of the PALISADE homomorphic encryption open source library on which Duality’s platform is based.

The post Duality Technologies raises $16 million for privacy-preserving data science solutions appeared first on Artificial Intelligence.

The fallout from the Cambridge Analytica controversy has triggered Facebook to cancel an advertising tool that pulled data from people’s backgrounds, like whether you own a home or what products you like to buy.

“We want to let advertisers know that we will be shutting down Partner Categories,” Facebook said on Wednesday. “This product enables third party data providers to offer their targeting directly on Facebook.”

These third-party providers include Acxiom and Experian, which specialize in mining data on US consumers that can be rented out for marketing purposes. Information about your ethnicity, marital status, whether you own a car, the kinds of purchases you make, and how much you spend on them can all be logged.

The data mining certainly sounds creepy, but it’s also legal and standard practice in the marketing world. Acxiom, for instance, pulls the information from public records, consumer surveys, and other commercial entities that managed to collect your information with your consent.

Facebook decided to let its own advertisers harness the power of these data brokers with its Partner Categories over on its ad platform. But no more. The company is phasing out the tool, amid the growing backlash over the social media giant’s privacy practices.

“We believe this step, winding down over the next six months, will help improve people’s privacy on Facebook,” the company said.

The social media giant’s privacy practices have been under the microscope ever since news emerged that a UK political consultancy called Cambridge Analytica managed to pull the personal data from 50 million Facebook users. It did so with the help of a third-party app that surveyed Facebook users, by not only collecting their data, but also vacuuming information on their Facebook friends.

In response, Facebook is revamping its privacy practices, and Wednesday’s move to end the advertising tool represents another step. Marketers might not like the decision, even as the platform still offers a variety of tools to create targeted ads. But the social networking service is facing a growing #Deletefacebook movement, along with the threat of possible government regulation on data privacy, both of which could derail Facebook’s business.

The post Facebook to End Targeted Ads Built with Third-Party Data Mining appeared first on Artificial Intelligence.

Artificial intelligence (AI) is no longer going to remain the secret sauce of giant tech companies. Microsoft said that it was betting big on ‘democratising’ artificial intelligence and making it ‘available to all’ to help improve lives and transform businesses.

Detecting deadly diseases, reducing accident risks, predicting consumer behaviour and helping farmers increase crop yields were some of the AI-based innovations that the world’s largest software maker showcased along with its partners at an event here. “Is AI a product? Is it something that would be really harnessed by some of the biggest companies in the world? Who is AI for?,” said Anant Maheshwari, president, Microsoft India, in his keynote address at the company’s ‘AI for All’ conference here. “And one of the core perspectives we have had as a company is to democratise AI and really bring it for everyone,” he said.

650 India partners

The Redmond, Washington-based firm said it was helping 650 India-based partners use the Microsoft cognitive services, Internet of Things (IoT), AI and machine learning platforms to build solutions for India. Over the last year, Microsoft and its partners have deployed AI solutions in areas such as healthcare, education, agriculture, retail, e-commerce, manufacturing and financial services.

For instance, homegrown online retail giant Flipkart is leveraging AI and analytics capabilities in Microsoft’s cloud computing platform Azure. It is able to deliver increasingly relevant and personalized experiences to its customers.

“We have to be proactive and these millions of users coming to our platform is giving us information to predict. We can actually predict demand,” said Amar Nagaram, vice-president, engineering, Flipkart, which competes with Amazon, the world’s largest online retailer. He also said the company does not dump everything in the search results of the consumers but provides them with the products that they would like and actually buy.

Homegrown ride-hailing firm Ola’s connected car platform Ola Play would also leverage Microsoft AI and IoT technology to improve the driver and passenger experiences. The telematics platform will transform the car into a high-performing, intelligent vehicle, capable of assessing fuel efficiency, engine performance, and driver performance. It will also enable smarter navigation and predict breakdowns, enhancing safety and security. “We know every single street at least in tier one cities and every time a pothole opens up we know that as well,” said Kaushik Mukherjee, senior director, engineering, Ola. “That data is hugely useful when we talk about infrastructure, road conditions and accident-prone [and] dimly lit areas,” he said.

Avoid blindness

Microsoft also unveiled a partnership with Forus Health, a Bengaluru-based start-up focussed on retinal imaging devices. It would leverage AI capabilities for early detection of eye diseases such as diabetic retinopathy, glaucoma and macular degeneration, and help reduce avoidable blindness.

“AI is going to be very important because when you can give the response to somebody [patient] immediately, the chances of he taking the whole thing more seriously is very high,” said K. Chandrasekhar, co-founder and CEO of Forus. He said that India had only 20,000 ophthalmologists for a population of 1.3 billion.

Data privacy

Microsoft said though we are entering into the AI-world with all the ingredients like computing power, cloud and big data coming together, the company takes very seriously the consequences that introducing AI can have. “We don’t want to just unleash it, we want to be very mindful of it,” said Peggy Johnson, executive vice president, business development, Microsoft. Referring to the set of principles introduced by Microsoft CEO Satya Nadella, she said while developing AI, one must ensure there is no bias in the data sets and if there is any, it should be removed. “Otherwise you are going to get an answer that is not really based on truth,” she said. Ms. Johnson said the AI-based technology has to be reliable, safe and most importantly provide transparency and data privacy to the users.

“As AI is introduced in our daily lives, we want people to know what is going on with their data,” said Ms. Johnson. “If anything should go wrong, you can’t say ‘oh the machine did it’ that just is not an acceptable answer. You really have to take accountability for it.”

The post Microsoft to make artificial intelligence ‘available to all’ appeared first on Artificial Intelligence.

Issues surrounding data privacy are as legally unresolved today as they were two years ago, but the recent Equifax breach now puts a clear focus on them that strikes fear into the hearts of CIOs.

The Equifax data that was breached was not big data. However, big data is a major privacy concern for IT because so much of it is coming into enterprise data repositories from so many sources; and it comes in many shapes and sizes.

After Equifax, CIOs can rest assured that their CEOs and boards will be following their work in data privacy closely—and big data is one of the areas they’ll be most concerned about.

What operational steps can IT take to assure at a grass root level that sound data privacy practices are employed for their big data?

1. Continuously vet your big data cloud-based vendors for data privacy

Many cloud vendors can provide the levels of privacy and security that you want for your big data—but you have to demand and be willing to pay for it. Never assume that by default your cloud vendor will automatically apply best practices. Your staff should carefully evaluate the privacy protections that each of your big data cloud vendors offers and determine whether these data protection levels meet your own internal governance standards. If a cloud vendor’s data privacy practices don’t meet your own governance standards, pass on the vendor. Also ask your external IT auditors to review all cloud-based vendor data protection and security practices as part of the IT audits that the auditors perform for your company. Vendor data protection and security levels should minimally be checked on an annual basis.

2. Use private clouds

Most public cloud vendors offer private cloud services, too. Placing your data in a private cloud is more expensive than being a multi-tenant customer in a public cloud, but the private cloud deployment better separates your organization’s data from that of others. Cloud-wise, it is the next best thing to keeping your data on premises.

3. Anonymize data

You can the protect the data privacy of your customers and still perform critical trends analysis. One way that this anonymizationcan be accomplished is by encrypting data elements that personally identify someone. Another way is by identifying data from individuals with similar values (let’s say that the value you are are measuring is income) and then averaging them into a composite income value that gets pulled into a larger data analysis. Other methods are data redaction or masking.

4. Locate all the big data enclaves in your company and vet these for data privacy

As organizations distribute big data throughout departments and business units, there is always a risk that the data held within departments is changed so that data privacy levels are no longer met. The department responsible for big data governance and administration should regularly identify and track the big data marts that are distributed throughout the company. These localized big data marts should also be periodically audited by external IT auditors for data privacy compliance. If business units and other non-IT departments are using cloud-based services, the data privacy practices of their vendors should be verified for compliance to corporate standards. Cases of non-compliance should be immediately documented and mitigated.

5. Set your sights on GDPR

If you’re a North American company and you aren’t doing business internationally, you might not immediately have to concern yourself with the European Union’s General Data Protection Regulation (GDPR).

The GDPR, which aims for more stringent protections of individuals’ data, goes into effect in May 2018. According to a Gartner prediction, over 50% of companies affected by GDPR will not have met its requirements by 2018. The fines for non-compliance are hefty – up to 4% of annual revenue.

Keeping GDPR in sight matters because even if your company doesn’t do business in Europe today, it might in the future; and GDPR is where data privacy practices are headed in the future. If you comply with it now, you’re ahead of the game.

6. Perform social engineering audits

It’s the dark side of IT, but the reality is: employee sabotage of critical data happens, as does inadvertent and sometimes purposeful inappropriate data sharing between employees and with individuals outside of the organization. All are reasons to include a social engineering audit along with your annual IT audit when your external auditor arrives. A social engineering audit looks for phishing attacks, phone and physical entry attacks and other types of technical and social deception that can often be traced back to your own employees. You can uncover potential areas of vulnerability, and also use the audit as means of identifying the types of employee training that could be helpful.

The post 6 big data privacy practices every company should adopt in 2018 appeared first on Artificial Intelligence.