How AI impacts privacy and security implementaiton
Big Data analytics is transforming all industries including healthcare-based research and innovation, offering tremendous potential to organizations able to leverage their data assets. However, as a new species of data – massive in volume, velocity, variability, and variety – Big Data also creates the challenge of compliance with federal and provincial privacy laws, and with data protection best practices.
Stemming from internationally-recognized Privacy Principles, data protection regulations tend to follow a specific format, focusing particularly on the collection, retention, use, and disclosure of personal information or personal health information, provided there is a specified purpose and explicit consent from the individual.
From a conceptual standpoint, the evolution of Big Data brings in a new element of analytical functions: Inference
– the extraction of new knowledge from parameters in mathematical models fitted to data – captures commonly-known functions such as data linking, predictive analytics, artificial intelligence (AI), and data mining. Inference allows analysts to create new data based on reasoning and extrapolation, which adds a greater dimensionality to the information already in their possession.
From a corporate governance perspective, the addition of inference will impact how an organization complies with the above-mentioned Privacy Principles, and how it meets its legal obligations regarding consent, access, auditing, and reporting.
In terms of privacy practices, inference can be understood as both a collection and a use of data. For organizations to be compliant with data protection principles, inferences gleaned from data analysis must meet the requirements of applicable privacy laws. This means that new data created from the inference process must be collected and used for a specified reason and with the consent of the individual; it must be accurate; the data collector must disclose all collected information on an individual should they request it; and the data’s use, disclosure, and retention must be limited to the specified reason of collection.
If inference is used to generate new data outside the original data’s specified purpose, the collecting organization will not be complying with privacy laws and could become subject to individual complaints and auditing from the Office of the Privacy Commissioner. So while inference can seem like the dawn of a new age in Big Data analytics, it is still restricted by privacy laws, and must be used only within the present data collection and use principles.