Big Data poses big challenge for nation's AGs

Recently a half dozen attorneys general gathered in Point Clear to grapple with the fastest growing challenge to both personal liberty and law and order – the vulnerability and potential misuse of Big Data. I was pleased to host the group in my role as chair of the Southern Region of the National Association of Attorneys General.

No longer an abstract term, Big Data, or the accumulation of social networking, emails, web transactions, online videos, photos, searches, financial and health records and more, is now a reality. As the volume of Big Data dramatically rises, government and watchdog groups are increasingly concerned about security and privacy. How can Americans trust their data is being protected when security breaches are occurring every day?

More than 70 percent of Americans own and use smart phones. Practically everything they do on these mobile devices is exposed to Big Data collection. Not surprisingly, a Pew Research poll recently found that 91 percent of Americans feel they've lost control over how personal information is gathered and used by companies.

According to a study conducted by the Ponemon Institute, hackers managed to breach the data systems of 43 percent of U.S. companies during 2014; a 10 percent increase from 2013. While 73 percent of the companies polled reported having data breach response plans, only 30 percent believed their companies were "effective" or "very effective" in designing and implementing them.

Most have heard of the widely publicized Target data breach in December 2013 in which 40 million credit and debit cards were compromised and personal information for 70 million people was stolen. Unfortunately, 2014 witnessed many more high-profile data breaches, including attacks on JPMorgan Chase, affecting 76 million households; Home Depot, affecting 56 million credit and debit cards; Anthem, Inc., the nation's second largest health insurer, affecting nearly 80 million individuals; the U.S. Postal Service, affecting 800,000 employees and close to 3 million customers; Staples, affecting up to 1.2 million credit and debit cards; Google, affecting 5 million Gmail usernames and passwords; and Community Health Systems, a national hospital chain, affecting personal information of 4.5 million patients.

Cyber criminals have not limited their attacks to commercial enterprises. Over the last year there were also breaches of data at the National Oceanic and Atmospheric Administration, the U.S. Central Command, the U.S. State Department and even the White House.

Nearly 1.5 million people fall victim to cyber crime each day. Officials are working hard to keep up with the threat. On March 6, the Justice Department announced the indictment of three people in connection with one of the largest ever data breaches of names and email addresses in the history of the Internet. These men, operating from Vietnam, the Netherlands, and Canada, allegedly made millions of dollars by stealing over a billion email addresses from email service providers.

The delicate balance of privacy versus law enforcement's access to critical evidence in prosecuting criminal cases is also of great interest to attorneys general. Alabama is home to the National Computer Forensics Institute in Hoover, a federally funded training center which teaches law enforcement from all over the country how to retrieve crime-related data from cell phones and computers.

Due to the explosion of smart phone use, it is becoming increasingly common for vital evidence to be found on these devices. Murders, assaults and child abuse cases have often turned on the discovery of critical evidence recovered from criminals' and victims' smart phones.

A White House cyber security and consumer protection summit was convened in February to explore how to combat cyber threats while also protecting privacy. Officials underscored the necessity for government and private security to work together to combat cyber threats, sharing appropriate information.

Attorneys general have also voiced concerns about protecting privacy while safeguarding Big Data. The average data breach isn't discovered until 200 days after the criminals gain access to records and the public isn't notified for another one to two months. More must be done to reduce the time it takes for companies and the government to detect data breaches.

Government and the private sector must combine efforts now to protect Big Data, identify and stop criminals and also protect privacy, or it may soon be too late.

Luther Strange is attorney general of Alabama. The attorney general's Office of Consumer Protection may be reached at 1-800-392-5658.