recommended reading

Trying to Limit the Collection of Personal Data Would Be a Lost Cause


Preventing companies and government agencies from gathering embarrassing or damaging personal information about you may be a fool’s errand, a White House panel on privacy in the age of big data said on Thursday.

Instead, lawmakers and regulators should focus their efforts on preventing the dissemination or other use of damaging personal data, according to the report from the President’s Council of Advisers on Science and Technology Policy.

In some cases that damaging data may be as personal as an individuals’ genome that, if shown to a potential employer, could lead to job discrimination based on her likelihood of developing a degenerative disease. In other cases, organizations may collect the most common characteristics of terrorists or criminals, which could lead to discrimination against people who have those characteristics but are neither terrorists nor criminals.

The report follows a three-month study led by White House Counselor John Podesta on how the explosion of new data sources and new tools to gather intelligence from them will affect Americans’ privacy.

The term “big data” generally refers to data from Internet and smartphone activity, video and other sources that don’t fit neatly into a spreadsheet. Within the past decade, computer programmers have developed new tools to analyze those masses of data with positive and negative consequences.

“For example, large-scale analysis of research on disease, together with health data from electronic medical records and genomic information, might lead to better and timelier treatment for individuals but also to inappropriate disqualification for insurance or jobs,” the report found. “GPS tracking of individuals might lead to better community-based public transportation facilities, but also to inappropriate use of the whereabouts of individuals.”

Protecting individuals’ privacy by limiting data collection is likely impractical, first, because “the beneficial uses of near-ubiquitous data collection are large, and they fuel an increasingly important set of economic activities,” the report found.

Second, much of the data that companies collect -- either through the device you create the data on, such as a smartphone app, or through sensors that collect “born-analog data” -- is perfectly innocuous unless combined with other innocuous data to paint a larger picture. Government attempts to regulate the collection of any small grain of data that might one day form part of a larger privacy invasion would be impossible and impractical, the report said.

Technologies that anonymize data are “increasingly easily defeated by the very techniques that are being developed for many legitimate applications of big data,” the report found. “In general, as the size and diversity of available data grows, the likelihood of being able to re-identify (that is, re-associate their records with their names) grows substantially.”

Similarly, it’s impractical to expect citizens’ privacy rights to be protected by terms of service agreements with digital companies, the report found. This is, first, because very few people actually read those agreements and, second, because, in many cases, competition has not produced a viable but fully private competitor to services such as Google and Amazon.

“PCAST believes that the responsibility for using personal data in accordance with the user’s preferences should rest with the provider rather than the user,” the report said.

Consumer protection organizations or app stores might serve as intermediaries, rating companies on their privacy protections and allowing users to choose based on those ratings, the report suggests.

“The federal government could encourage the development of standards for electronic interfaces between the intermediaries and the app developers and vendors,” the report states.

The report also recommends that:

  • Policies and regulations aimed at addressing data privacy focus on what’s being exposed rather than the technology that’s exposing it which may be soon superseded or out of date.
  • Federal agencies increase research into both the ways personal data is being exposed and the social structures that are enabling or inhibiting that exposure.
  • The White House should work with universities and professional societies to encourage digital privacy.
  • The U.S. should “take the lead both in the international arena and at home by adopting policies that stimulate the use of practical privacy-protecting technologies.”

The report also urges Congress and the White House to:

  • Advance the administration’s Consumer Privacy Bill of Rights
  • Pass national data breach legislation along the lines of the administration's 2011 Cybersecurity legislative proposal.
  • Extend Privacy Protections to non-U.S. persons
  • Enhance protections for data collected about U.S. students
  • Use technical expertise to limit the ways big data can be used to discriminate against protected classes in employment, housing and other fields.
  • Update the Electronic Communications Privacy Act to reflect modern technology

TechAmerica, a leading coalition of government vendors, gave the report a mixed reception.

“We appreciate the report’s focus on the overall benefits that the effective use of big data can achieve but are somewhat confused as to why the administration has also focused on hypothetical concerns about the use of data,” Mike Hettinger, TechAmerica’s senior vice president for federal government affairs, said. “This creates uncertainty in the minds of Americans about a technology that has so much potential.”

The New America Foundation’s Open Technology Institute praised the report for focusing on the possible discriminatory effects of big data as more information about individuals is potentially exposed.

“The White House report highlights how more work must be done to ensure that big data does not lead to discrimination when it comes to key services and economic opportunities such as housing, employment, and credit,” the group said.

(Image via Genialbaron/

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.