Making sense of Dark Data

By: Sonny Zulhuda

BIG-DATAWhile big data is by now a commonly heard term, dark data is not. Some participants in the recently-held Singapore Symposium whispered to me that they had never heard about the term – so you can say they were in dark about Dark Data.

The term is new to me as well! Except that I have had a little earlier opportunity than those guys to read about it and to finally make sense of it.

It all rooted from the fact that we have had an abundance of data around us, and how much those abundant data are capable of being sourced as information. Yes, it is about Big Data. As we know, Big Data is about quantifying everything possible to be a data. A person’s identity is no longer depending on what is printed on documents (ID, passport, certificates) about him. A person is now identifiable from his mumbling words, his movement, his location, his mood and even the pattern of what he will do every day. All those data are being quantified and measured due to their availability from myriads of media, devices, and interactions (both human and artificial). What makes it possible? You name it: Mobile gadgets, Social media, CCTVs and commercial transactions you have been making, to name a few.

In organisational life, the same is happening. More and more data are collected and stored by organisations, manually and electronically. Data of employees (and their mumbling words, movements, location, mood, etc.), of visitors, of business transactions, of internal meetings, of vendor’s works, of all reports, records and repositories, etc. are increasingly collected, stored…. but not necessarily used. In many occasions those data are no longer usable after their first collection, and yet they still fill up the organisation’s storage (recent research indicates that these unusable data may stack up to 70% of oganisations’ data).

Those are dark data. Untapped, untagged and sometimes unknown data.

Now is this: the fact that they remain unused does not mean they are valueless. You can run this simple test: Should you dump all these data to your competitor or any third party, would there be a loss to suffer? What about a competitive loss, breach of secrets, infringement of privacy, reputation loss, legal liability? If yes, then such Dark Data should be urgently managed.

That is the first message that I delivered in my 1-hour talk in Singapore yesterday.

Information Governance and Dark Data Management

By: Sonny Zulhuda

Next week on 7th July 2015. Carlton Hotel, Singapore. The event’s name is Innoxcell Asia Symposium 2015 on Legal Risk, Compliance, e-Discovery, Financial Crime, Corporate Governance and Data Privacy.

I will be speaking on one compelling issue concerning the information governance, namely dark data management.

Dark Data (credit: http://www.cio.in)
Dark Data (credit: http://www.cio.in)

Techopedia defines “dark data” as “a type of unstructured, untagged and untapped data that is found in data repositories and has not been analyzed or processed. It is similar to big data but differs in how it is mostly neglected by business and IT administrators in terms of its value.”

Dark data is operational data that is not being used. Consulting and market research company Gartner Inc. describes dark data as “information assets that organizations collect, process and store in the course of their regular business activity, but generally fail to use for other purposes.” (Citation from TechTarget).

It was reported in Forbes that these class of data, similar to dark matter in physics, cannot be seen directly, yet it is the bulk of the organizational universe.

The background of this talk is the fact that the amount of operational information —both structured and unstructured— that companies create and store are drastically increasing due to digitisation and mobility. Dark data management emerged as another challenge for corporate information governance. Under the increasing pressure from new regulatory regime and consumer expectation, corporate data must be well managed if companies wish to survive in today’s information age.

In this session I will explore the nature of corporate information legal risks in the context the Big Data and offers insights on information governance to transform data from a liability into an asset.

For more on the event: Innoxcell Asia Symposium 2015 on Legal Risk, Compliance, e-Discovery, Financial Crime, Corporate Governance and Data Privacy. Will be speaking alongside prominent international speakers, who can be retrieved from here.

The Problems with IoT (Internet of Things)

By: Sonny Zulhuda

Today I will be speaking at the IT Governance, Assurance and Security Conference 2015, held annually by ISACA Malaysia and the Malaysian National Computer Confederation (MNCC). In the slotted debate panel, I will be speaking about the problems and challenges brought about the Internet of Things (IoT) vis a vis individuals’ privacy. My debate counterpart will be Mr. Hizamuddin from MDEC.

Here are some details:

Debate ISACA

And here is for the event link:

Click to access IT%20GOV%202015.pdf

The summary of my points are aa follows:

=== IoT vs Privacy ===

1. IoT is conceptually flawed/problematic because it equates human and other objects (“things”)

* Under EU Data protection law, there is a legal rule protecting individuals against data automated processes

* IoT, like any other innovations, is wrongly perceived as technical matters, not really human affairs

* Privacy is a fundamental need, its protection cannot be sidelined, reduced or outsourced to others (including things)

2. Businesses looking for a quick RoI, invested only on technical requirements, not on the prerequisite culture

3. Those countries who introduce IoT (US, EU, Japan, Korea) are already equipped with a strong privacy laws, unlike Malaysia where the law is in the making at initial stage.

INFO: Berlin Early Stage Researchers Colloquium 2015

By: Sonny Zulhuda

If you are a PhD student or otherwise a post-doc researcher on Internet studies, here is a piece of information from my network in the Global Internet Governance Academic Network (GigaNet):

Hereby the Alexander von Humboldt Institute for Internet and Society announces the annual colloquium held in Berlin, 24 September 2015. We wish to gather early stage researchers (Ph.D. candidates and post-docs) from all disciplines in order to drive forward the discussion on topics in the field of Internet research. The colloquium provides a stage for new perspectives on current issues of Internet and society.


============
=========== BERLIN EARLY STAGE RESEARCHERS COLLOQUIUM 2015 =======================

Early stage researchers (Ph.D. candidates and post-docs) from all disciplines are invited to push ahead with the discussion revolving around Internet research.

Conference: 24 September 2015 in Berlin
Submission Deadline: 15 June 2015
Online submission via: http://colloquium.hiig.de/index.php/esrc/esrc2015/schedConf/cfp

*******************************************************************************************************************

TOPICS 2015
This year’s colloquium will consist of 5 thematically focused tracks. We cordially invite you to submit your research projects on one of the following topics:

RESEARCH AND KNOWLEDGE IN A DIGITAL AGE
The Internet offers fundamentally new premises for how knowledge is created and disseminated. Research in particular is facing massive changes in the way it produces and conveys knowledge. Scientific blogs allow communicating at a faster pace, data sharing platforms enable collaboration at an intermediate stage in the research process, and new models of participation, as for example citizen science, allow volunteers to take part in the discovery process. » MORE

INTERNET AND PUBLIC GOVERNANCE
The use of the Internet in public services is gaining more and more attention. We therefore want to discuss structural repercussions the Internet has on fundamental ordering principles as well as on the general functions of public administrations and state institutions as regards the provision of public goods, tasks and outreach. The focus of this workshop lies less on how these technologies are rolled-out but rather on the impact and challenges these developments have on state actors and specific public governance areas.» MORE

INTERDISCIPLINARY RESEARCH ON INFORMATION PRIVACY, SURVEILLANCE, AND DATA PROTECTION
Facing the inherent complexity of information privacy and the growing interdependence between social, legal, economic, and technological aspects of privacy in the Internet age, research on information privacy, surveillance, and data protection is depending more and more on interdisciplinary cooperation. But interdisciplinarity is posing major scientific challenges in itself. How can we create a mutual understanding between social, legal, economic, and technical sciences? What are the assumptions, scopes, and limits of theories of information privacy, surveillance and data protection, and how can we make them transparent to researchers from different disciplines? » MORE

ALGORITHMIC GOVERNANCE
Data and algorithms seem to organise and structure our communications, our purchases and financial trades, our mobility and our risk evaluations – in short: our lives in a digital society. While this governance by algorithms is increasingly getting public attention, rigorous empirical research is still scarce and fragmented. What happens when existing rules and practices are translated into computable decisions systems? What are the normative evaluations and business interests that shape the creation of these algorithms? » MORE

DIGITAL COMMUNICATION AND VALUE CREATION BETWEEN COMPANIES AND THE CROWD
Given the need to become more malleable and meet the demands of the business environment of the so-called network information economy companies seek renewed organisation models particularly in the relationship with internet users. Companies are no longer players that have a linear and unidirectional dialogue with the consumer, but are part of a decentralised and complex information ecosystem with multiple players. The connected consumer requires other marketing and communication strategies. » MORE

PDP Law Compliance for Educational Institution

By: Sonny Zulhuda

Educational institutions -universities, colleges, schools, etc.- are among those who are regulated by the Personal Data Protection Act (PDPA) 2010. The data subjects include: students (obviously the main object here), staffs or employees, vendors, alumni, sponsors, as well as those applicants who have yet join the universities/schools.

The amount of personal data are potentially bulky: personal details, medical records, financial and scholarship records, academic records, student societies records, disciplinary records and even post-study information about the students. Given this situation, people who deal with students’ data in the educational institutions would need to ensure their handling of personal data is in line with the demands of the Act.

In introducing the subject matter to the community in the University, I will be speaking in this following workshop, together with my friend Noriswadi Ismail from Quotient Consulting Sdn Bhd and PDP Academy LLP, and Dr. Federico Feretti from Brunel Law School, London, UK.

Banner PDP Workshop AIKOL 28052014 (4)

Do-Not-Call Registry (DNCR) to Protect Personal Data?

By: Sonny Zulhuda

In March, I featured in The Sunday Star (9/3/2014) reporting on the need to establish a “Do not call registry” to protect people’s personal information. The main issue discussed was to scrutinize an initiative to have a DNCR and its operational and legal challenges. The full report can be traced here.

Image

 

The question that was posed to me was: (1) How good is the idea of DNCR for Malaysian consumers? AND (2) Do you foresee any issues that might arise when they  implement this?

Here are my comments:

Personal Data Protection Act & Information Assurance – at ISACA Evening Talk

By: Sonny Zulhuda

I will be speaking on the above topic this week (Tuesday, 18th February 2014) to  IT Governance professionals affiliated under the ISACA Chapter Malaysia. I was informed at least one hundred people will be attending.

ISACA Feb 2014This will be my first speech on PDPA after the lapse of 3-month grace period set up by the PDP authority in Malaysia. I can foresee the level of enthusiasm from participants is high.

Details are here: http://www.isaca.org/chapters3/Malaysia/Documents/Talk%20-%20PDPA%20-%20Feb%202014%20FINAL.pdf

Here is the home page for the Chapter: http://www.isaca.org/chapters3/Malaysia/Pages/default.aspx

Speaking at the Global Information Governance Summit (GIGS 2013)

By: Sonny Zulhuda

ImageThis is just to share of my upcoming presentation at the Global Information Governance Summit (GIGS 2013) that is held in Kuala Lumpur, 28th-29th of May 2013.

I will be speaking in the session 3 of day 2, entitled “Selected Issues in Information Security Law and Data Protection”. I will be speaking more specifically about the threat of identity theft; spam; data surveillance and cyber-terrorism!

The event is jointly organised by the QC Consulting and Universiti Teknologi Malaysia (UTM) Space. Here is the snapshot of the agenda at the second day.

 

Image

The list of the speakers are amazing. I hope I can deliver something new to the audience. Let me know if you’re there too. That is for now, will share more when things are done!:)

PDP Act enforcement soon – Are we prepared?

By Sonny Zulhuda

Recent report about the PDP Act 2010 (Act 709) soon to be enforced would naturally receive mixed reaction. Some quarters would be anticipating that news, while others could have heard it like a gong in the middle of the night.

I am glad that I have a privilege to engage with many people from different industries in the past five years, with whom I have shared my views, research and “strategies” on the new law in workshops, trainings and seminars. From the events that I attended or conducted, I find some sectors are more prepared than others in anticipating the coming or implementation of the Malaysian Personal Data Protection Act 2010.

In getting these industries actively moving or preparing, there are few factors that I think are relevant:

  1. Due to existing regulatory framework
  2. Due to their international pressure
  3. Due to individual experiences

Under the first category would appear to be those under certain professional associations, banks and financial institutions. Continue reading “PDP Act enforcement soon – Are we prepared?”

Bank and personal data protection: Why care?

By: Sonny Zulhuda

pic from: mortgagechiliblog.com

Contrary to the traditional belief, information is no longer a mere business processing tools. It is now the very asset that turns to become the commodity of the business itself – becoming more powerful and valuable than any other physical assets. And this is particularly obvious in financial and banking industries where the acquisition of personal data and the adoption of information technology (IT) have both transformed the banking industry as well as the associated operational risk management.

The demand to protect personal data in banking industry comes mainly from two factors. Firstly, the consumers are getting increasingly aware of their right to data privacy. The bulk of their data such as personal and family data, financial information, credit history, employment records, or legal matters are now the target of many predators who wish to acquire them for their benefit, ranging from unsolicited direct marketing, loyalty program recruitment, credit card applications, and even for malicious intent such as identity theft and fraud (or “phishing”).

Continue reading “Bank and personal data protection: Why care?”