According to Pew Research, 72% of Americans say they have little to no understanding of the laws and regulations that are currently in place to protect their data privacy. But OU’s Krish Muralidhar is a data privacy expert. He has researched the topic for more than 30 years, before Google and before Facebook. Now, during Data Privacy Week, he shares insights into the importance of data privacy, new developments in the field and tips on how everyday citizens can keep their data private.
Muralidhar, a professor of marketing and supply chain management in the Price College of Business, studies techniques that allow organizations to securely analyze, share and disseminate confidential data without compromising privacy.
“My interest in data privacy predates the internet when the focus on data privacy was much different and focused on government agencies, banks and similar institutions. But in 1995, with the rise of the internet, there was an explosion of applications that collected and shared data,” he said.
Everyone everywhere has data that they hope to keep private. Laws like HIPAA, the Health Insurance Portability and Accountability Act, and FERPA, the Family Educational Rights and Privacy Act, mandate data privacy in the United States. Europe has more robust laws like GDPR, the General Data Protection Regulation, that require businesses to disclose how they collect, use, store and delete user data.
“Data collection has increased exponentially, and while privacy requirements have increased, they’ve done so at a much slower speed,” Muralidhar said. “But data is useless unless somebody actually analyzes it. And the privacy requirements make it difficult for you to freely analyze the data. The secret is finding the right balance between individual privacy and legitimate use of the data.”
With the rise of artificial intelligence, data has become more valuable because every AI program and AI learning method requires historical data to build their models.
“In the early '90s, most organizations could simply remove all the names, addresses and other identifiers and share the data. In most scenarios, that was an adequate method to protect privacy,” Muralidhar said. “That’s simply not adequate anymore. Anyone can go online, type in a name or address, and out pops all this information that doesn't even cost a penny. To strike a balance, we must develop new tools and techniques as technology develops.”
Synthetic data might be a solution for balancing privacy and data use. It is artificially generated data that keeps the essential qualities of the original data but does not contain any private details from it.
“The advantage of simulated synthetic data is that researchers can perform any type of analysis without violating privacy. If they find something that is particularly interesting, they can go back to the original data and verify whether that relationship truly exists in the original data,” he said. “For organizations like Google who have data that they want to share, synthetic data may be a preferable solution.”
While this approach will certainly help maintain a level of data privacy, Muralidhar emphasizes everyone’s role in keeping their personal information personal.
“If you want to protect your privacy, be careful about how much information you put online. The amount of information people can gather about you is directly a function of how much information you put out there about yourself,” he said.
Data Privacy Day began in the United States in 2008 to commemorate the 1981 signing of the first legally binding international treaty dealing with privacy and data protection. In 2022, the annual holiday was expanded to a week-long campaign called Data Privacy Week. Learn more about Data Privacy Week from the National Cybersecurity Alliance and read the full Oct. 2023 report, “How Americans view data privacy,” from Pew Research.