This post was written by Patrick Johnson, senior marketer supporting Serengeti at Thomson Reuters

The buzz around Big Data is everywhere, yet very few people have figured out how to control its use and scope. Legal departments often have to scramble to catch up and keep their companies in compliance with ever-changing laws around data and privacy.

I attended a session at the Association of Corporate Counsel (ACC) Annual Meeting that focused on the scope of Big Data, regulations surrounding it, and what legal departments should do to minimize risk. Here were my top five takeaways:

  1. Big Data is getting…bigger. A surprising fact during the session was that 90 percent of all data ever collected in the history of the world has been collected in the past two years, and it’s continuing to accelerate. The more devices that are created and used, the more data that may be collected and tracked. This includes the obvious like the internet, social media and smartphones, but it also includes passive sensors in your car and facial recognition devices. This is not an area that is going away, and it’s best to get policies in place for your company now.
  2. Big Data doesn’t equal big insight. Data is great at telling a company what people have done. It’s terrible at telling you why they did it. Data still has a long way to go to do that, but right now understanding people is still key. A company needs to know why they are collecting data, their goal for collecting it, and what they hope to learn from it. Correlation does not equal causation.
  3. Regulatory violations aren’t the only thing that can hurt your company. Avoiding running afoul of regulatory requirements is a primary concern of any legal department, but with Big Data, there are other harming effects that need to be thought through, like devastating public relations damage. Various examples were given that noted companies using data in a way that offended their clients and blew up into full blown crises. It’s not just about whether you can do something, but should you.
  4. The regulations are vague. Regulations regarding data and privacy have not kept up with the explosion of data in the past few years. They include a patchwork of regulations that are, at best, vague. Legal departments need to put in best-practice procedures regarding the collection, use, access, and customer options with their data because these regulations will continue to evolve.
  5. The IT department should be Legal’s best friend. The IT department is where the Big Data analysts live. They know what finance, marketing and business units are trying to do. The legal department needs to have a direct pipeline to what they’re working on so that they can vet these projects against data and privacy procedures that are in place with your company. It might be time to take a programmer to lunch.