• January 31, 2017

To Share or Not to Share? Enterprise Data and the Government

Will the private sector have greater access to government information?

Big Data can help businesses better compete, and the government is working to better support the sharing of information between its departments and the private sector. But these same agencies are asking the private sector to share information too — actions which come with their own sets of benefits and risks.

For instance, U.S. Secretary of Commerce Penny Pritzker says the department is working to make government Big Data easier for the private sector to access and use. This is good news for enterprises that value such input. The U.S. Department of Commerce collects census information, patent and intellectual property data, climate data from the National Oceanic and Atmospheric Administration, and international trade data, all of which enterprises can use to inform strategic decisions on when and how to expand into new overseas markets.

Yet Pritzker also recently made a pitch for businesses to voluntarily share more enterprise Big Data with the Department of Commerce. The department wants to collect private sector information like credit card and retail sales data continuously instead of periodically to help calculate a more accurate GDP.

Her proposal has merit: A more accurate and timely GDP assessment would allow businesses to better forecast economic conditions and demand for their products and services. But it also raises some thorny issues about how much and what types of data are appropriate for the private sector to provide to the government. What if hackers exploit new data feeds and steal private information?

The Influence of CISA 

Enterprises are already debating whether and how to share information with the government in the wake of a recent federal law regarding cybersecurity. The Cybersecurity Information Sharing Act of 2015 (CISA) set up incentives for businesses to communicate threat information with each other and government agencies. The program’s top goal is to alert enterprises to new threats and bolster enterprise security solutions. If it works as intended, CISA could be a valuable tool in the fight against cybercrime.

CISA provides immunity from lawsuits and government regulatory enforcement for businesses that share threat information and details on security countermeasures with the government. CISA guidelines outline the classes of information that should be censored before companies send data to federal authorities. Sensitive information on individuals such as health data, human resources information, education history, property ownership, and information protected under the Children’s Online Privacy Protection Act should be scrubbed.

This placesconsiderable burden on enterprises to ensure they appropriately modify data to be shared, because in order for this information to do the most good, it must be shared quickly. Randi Parker, public advocacy director for trade group CompTIA, recently told CIO Dive her organization wants the CISA framework to remain voluntary, and companies should conduct a risk/benefit analysis before they share information.

As information sharing expands, the burden of data security will remain front and center for the enterprise. Given the risks, the decision needs greater attention and discussion from leaders who will ultimately opt to open the gates or keep them shut tight.

Learn more about other creative ways the public sector is working to reduce security threats with “Paying to Get Hacked: Bug Bounties for Improved Cybersecurity.”