Big Data Risk Management

By Johannes Scholtes posted 06-25-2013 03:15


Big Data is the New, New Thing (Lewis, 1999)! In Moneyball (Lewis, 2004), Michael Lewis described how Big Data analytics can be used to create an optimal baseball team with limited resources. The futuristic The Singularity is Near (2005) from Ray Kurzweil argues how Moore’s Law will eventually lead to computers so powerful, that man and machine will become equal. In his own words: “this will lead to a technological singularity in the year 2045, a point where progress is so rapid it outstrips humans' ability to comprehend it”. Competing on Analytics (Davenport, 2007) opened up many more eyes and created tremendous interest from the fields of business intelligence and business development from Big Data analytics.  Ever since, the use of Big Data has become a key method for leading companies to outperform their peers. In almost every industry data-driven strategies are leveraged to innovate, compete, and capture value with the ultimate goal to become the best in class. Big Data is hot and we are all creating Big Data collections!

But, Big Data does not only have a good side, there is also a Dark Side to Big Data collections (Scholtes, 2012).

Many of today’s risks are in all the electronic data we accumulate. 30 years ago, all our communication was volatile; it was hard to capture (paper letters, paper financial documentation, analogue phone conversations, paper travel and payment trails, etc.). This has all changed: these days almost everything we do leaves some form of electronic evidence somewhere. We key in everything we communicate, think, feel, believe and expect and store it as electronic information. We share large parts of this information with others by email and social networks.  Again, they may store copies of your information in their personal electronic archives as well. We keep all information for ever, as storage costs get cheaper every year.

Then, the regulator comes in … or you are suddenly involved in civil litigation and all our thoughts, intentions, objectives, conversations from the last 20 years are suddenly subject to search, review and in worst case, public disclosure. That is what we call the Dark Side of you Big Data!

To be more concrete, for today’s companies, risks are in regulatory investigations and subsequent civil litigation related to export control, fraud, competition violations, bribery, privacy & data protection errors, human rights, , employee treatment, environmental damages, information security, intellectual property theft, etc.

All these risks are captured or hidden in your Big Data collections which can be anywhere (cloud, out-sourced, on-site, laptops, backups, servers, virtual machines, smart phones, tablets, …) in any electronic format (email, database, files shares, SharePoint, audio, video, pictures, legacy databases and formats, …) and in any language you can imagine.

You will have to deal with this risk, which is what we call big data risk management. Therefore, ask yourself if your organization:

  • Can handle Big Data effectively in case of litigation.
  • Has the ability to deal with remote, cloud and legacy Big data collections as well.
  • Regularly reduces volume and orders big data collections to lower risk and cost in case of litigation & regulatory investigations.

Implement ongoing efforts to make your Big Data defensible, know what you have and enforce policies and regulations:

  • Identify Personal Identifiable Information (PII), Intellectual Property and other personal and corporate assets in Big Data.
  • Audit security & access policies. Prevent data leakage.
  • Identify potential fraud, bribery, anti-trust and other data risks.
  • Intelligent data migration from legacy to new (cloud) platforms.
  • Use long term, open en sustainable enterprise archiving.

As companies and government organizations define various goals, targets and a strategy to archive these in time. Along the way, all kinds of terrible events can happen which may jeopardize our strategy and prevent us from reaching our goals and targets. As we cannot prevent or foresee all possible risks, Big Data risk management and regular data audits are essential components to determine where one can expect the biggest and most treat full risks having the largest potential impact and damage on strategy, goals and targets and take preemptive actions!

Further Reading:

  • Lewis, Michael (1999), The New New Thing : A Silicon Valley Story.
  • Lewis, Michael (April 2004). Moneyball: The Art of Winning an Unfair Game. W.W. Norton & Co.
  • Kurzweil, Ray (2005), The Singularity is Near, New York: Viking Books.
  • Davenport, Thomas H.; Jeanne G. Harris (2007). Competing on Analytics: The New Science of Winning. Harvard Business School Press.
  • Scholtes, J.C. (2012). The Dark Side of Big Data. Solicitors Journal, 03-10-2012. United Kingdom.


#RiskManagement #BigData #e-discovery #information governance #privacy #InformationGovernance #PII