Understanding Data Ownership and Data Privacy
to Maximize Value of Big Data
Consumers love the convenience and capabilities of integrated devices, from door bells that notify them when packages have been delivered to robotic vacuum cleaners that send updates to their owner's phones about where in the house they have cleaned, which is great for companies in the Internet of Things, Artificial Intelligence, and Robotic spaces. But to make these wonderful gadgets work in increasingly useful ways, companies must collect and manage large volumes of user data that include sensitive personal information.
While consumers want a full feature set, they are simultaneously wary of unauthorized use of the information collected from their homes and about their preferences either by intentional sale of the collected information to third parties or unintentional leaking of that information through loose data security practices. Companies that have failed to adequately protect consumers' information have faced various forms of backlash, from loss of customers due to negative press coverage and government investigations to fines imposed by government agencies and large payouts to settle class-action lawsuits.
The best way to minimize risk of such negative ramifications is to understand the rights associated with the data sets collected. The most common mistake that companies have made is to assume the company has full rights to determine how to use, sell, market, and keep the user data it collects. The diagram below shows general categories of data collected from device users.
The company likely has some rights to each of these types of data. For instance, the company may have trade-secret rights to the non-public information in those data sets that would prevent competitors from freely using the data sets. In addition, the company may have copyrights to the formatting and display of the data and patents on data mining, correlation, or artificial intelligence techniques. However, users have rights to the personal information, like names associated with credit card or bank information (a.k.a. personally identifiable information (PII)), home addresses, photos and videos of inside homes, Wi-Fi passwords (shown in red); and that user information must be given protections. Personal information is protected by privacy laws (state, local, or national laws of foreign countries), and any manipulation, transfer, or disclosure of that personal information has liability ramifications.
To maximize the value of these rights, companies must know what type of information they are collecting and protect it accordingly. Minimizing the amount of personal information collected can lead to maximizing the value of the big data controlled by the company. Appropriately tailoring privacy notices to customers and obtaining customer consent can help minimize the liability risks and maximizing the value of the big data. Privacy and security of data should be considered starting in the early stages of project development. It's helpful to consult an intellectual property attorney knowledgeable about data privacy to figure out ways to minimize risk and maximize value.