Page |1

Big data and data security

 Page |2

Table of Content
Content Page No.
INTRODUCTION 3
BIG DATA SECURITY AND PRIVACY 3
DATA PRIVACY LAWS IN THE UAE AND THE FREE ZONES 3
 Free Zone Laws 3
 National Laws 4
MANAGING DATA PRIVACY WHILE DOING BUSINESS IN THE UAE 5
BIG DATA SECURITY AND PRIVACY ANALYSIS 5
CONCLUSION AND FUTURE RESEARCH 5
REFERENCES 6

INTRODUCTION

It is estimated that by 2020, annual data output will increase by 4300 percent, culminating in 44
times the data produced previously, due to social media's introduction of photographs, videos,
and other unstructured data. Academics, media, and industry have been capturing and storing
massive volumes of data, nicknamed Big Data, due to increased data generation and recent
 Page |3

storage technological improvements (such as cloud) (Gheid et al., 2017).According to a Gartner

Group investigation, big data sets with a range of data types and high streaming rates (Malizia et
al., 2016). Everyone is noticing Big Data's growing importance. The US government has even
published documents describing the expansion's benefits and drawbacks (especially in respect to
security and privacy). According to studies, it is vital to create new laws and regulatory
frameworks that foster innovation and information exchange while also protecting individuals
and society from privacy and security breaches. We must use scalable techniques and technology
to deal with large data sets (by Apache). Both new commercial and government concepts will
profit from large datasets. Facebook and Twitter use Hadoop clusters to store queries for further
analysis using data mining techniques. Using Big Data analytics, Obama's reelection campaign in
2012 was able to pinpoint and address voter concerns (Hashem et al., 2018).

BIG DATA SECURITY AND PRIVACY

Traditional security and privacy measures are incapable of keeping up with the rapid changes
occurring in Big Data, from the sheer volume of data collected to its storage and processing
(Thuraisingham et al., 2018). It is possible to circumvent or hack security systems built into a
network, such as encryption techniques, access control restrictions, and firewalls. Even when
anonymized, a single user's data can be tracked down and used for malicious purposes (Matturdi
et al., 2020). For instance, the inference and aggregation capabilities of Big Data enable it to
identify persons even after they are removed from datasets. The storage of email data for a
lengthy period of time (up to 5 years) when the user no longer uses it, on the other hand, may
result in privacy violations as previously described constraints.. However, there is a dilemma,
which is referred to as the security triangle. It asserts that as security measures get more
stringent, the functioning and usability of systems deteriorate. For instance, businesses will be
difficult to grow if regulation restricts access to raw data analysis and manipulation. As a result,
we must develop balanced legislation and analyses to ensure enterprises maintain a competitive
edge. Overall, the entire Big Data ecosystem must be re-examined in light of the growing
security and privacy concerns, from infrastructure to trust policies to data quality.

DATA PRIVACY LAWS IN THE UAE AND THE FREE ZONES

There is a hodgepodge of regulations regarding data privacy in the UAE at the moment, and they
don't operate well together. A number of factors contribute to this, including the UAE's strange
division of the country into federal and free zone regions.

Free Zone Laws

The DIFC and ADGM have data protection rules that are "essentially comparable" to other
developed countries, according to the GSMA. The distinctions between GDPR and California's
Consumer Privacy Act in the European Union (CCPA) . The DIFC announced plans to update
its 2007 data protection rule in July of this year (CCPA). For example, the maximum fine for
 Page |4

non-compliance was raised, and data controllers were required to notify of breaches, both of
which were influenced by GDPR.

National Laws

Despite the fact that the United Arab Emirates does not have a complete national privacy law,
there are regulations controlling specific firms and indications that more will be added in the
future. Mohammad Al Zarooni, Director of the Policies and Programs Department at the
Telecommunications Regulatory Authority, stated that a federal rule similar to the General
Data Protection Regulation (GDPR) is now being developed. The first 60 data security
initiatives will be implemented in the utilities, health care, and agriculture sectors over the
following three years, with the remaining projects to follow.

The United Arab Emirates passed the Health Data Law after the General Data Protection
Regulation (GDPR) took effect, which addressed many of the same issues as the GDPR, but
with a few key differences. In addition to the previously mentioned things, the following are
prohibited by law:

 Data retention: Providers are required to preserve patient records for at least 25 years
after the final procedure. Instead, GDPR stipulates that data must be erased after a
reasonable period of time has passed and does not include this requirement.
 Data localization: According to UAE law, health data cannot be transferred outside of
the country without prior permission.
 Data processing: Accuracy, security, and single purpose of data collection are all
critical considerations. Health care providers are prohibited from sharing patient data
without the consent of the patients themselves.
 Data security: Similarly to the GDPR, the Health Data Act mandates that organizations
adhere to international standards for the security of health data and limits access to
health data to only those employees who are allowed to do so.
 Data centralization: It is because of this law that health practitioners will now have
access to, storage for, and the ability to communicate data under the control of the
Ministry of Health.

This national framework for Internet of Things regulation in the UAE is based on GDPR
principles such as data minimization, purpose limitation and storage limit. All service
providers must register with the government, regardless of where they operate.

MANAGING DATA PRIVACY WHILE DOING BUSINESS IN THE UAE

To strike a balance between security and privacy, the United Arab Emirates' data management
must be constrained for the time being. In a society where personal data is easily stolen,
businesses must adhere to current rules, plan for future changes, and consider how to preserve
 Page |5

the rule of law. Localization and retention are the most challenging parts of UAE law
compliance. To conduct business in the UAE, you must have access to local servers and be
willing to keep data for a lengthy period of time. Access control is important to UAE security
legislation. Auth0, an identity platform, may help with this by ensuring that only authorized
personnel have access to sensitive data. Even if they are compliant, businesses operating in the
UAE should exercise prudence when it comes to data management. Avoid amassing much data
at the risk of endangering your users. Provide training to any staff who will be working in the
United Arab Emirates on how to mitigate hazards on their own.

BIG DATA SECURITY AND PRIVACY ANALYSIS

However, while many firms use Big Data for marketing and research, many lack the key security
assets that might result in costly lawsuits and a tarnished brand if a security breach occurs
(Inukollu et al., 2019). Traditional procedures fail to solve Big Data's security and privacy
concerns, prompting the creation of new methodologies and legislation. Because of this, open
source and cutting-edge technology may have their own disadvantages, such as a back door or
default credentials. Before using any product or service, be sure the data is available, secure, and
secret (Miloslavskaya et al., 2020). Encryption, logging, and honeypot detection are used to
achieve this. Big Data is plagued by concerns regarding both security and the privacy of users'
personal data. Unlike security, privacy is seen positively by customers and stakeholders alike,
and hence may be utilized to enhance future sales. Petabytes of data can now be kept and
examined thanks to Big Data technology, reinforcing the relevance of classification. Businesses
may use Big Data analytics to detect and prevent complex threats and malicious intruders early
on by evaluating data from several sources (such as different data sets).

According to a new investigation, the US National Security Agency (NSA) routinely obtains
personal data from large companies' databases, risking their customers' and clients' privacy. For
these complex issues, rules and regulations defining the bounds of unlawful access, data
exchange, and exploitation are essential. According to a Cloud Security Alliance survey, Big
Data privacy and security concerns fall into four categories:

1. Infrastructure Security
2. Data Privacy
3. Data Management
4. Integrity and Reactive Security

CONCLUSION AND FUTURE RESEARCH

Big Data analytics can turn enormous amounts of unstructured data into relevant insights. Access
to widely scattered databases has privacy and security problems. Data collection, storage,
analysis, and transfer all require different levels of security and privacy. Data transferred must be
encrypted using the proper standards for the data type, and users and devices must be permitted
resources, according to studies on Big Data security and privacy. Big Data privacy and security
 Page |6

will be important future study and debate topics. New techniques, technologies, and solutions
must be developed or old ones upgraded to meet contemporary needs. Big Data is like a loaded
weapon; when misused, it may cause harm, but when used properly, it can provide safety and
security. Consider this when working with Big Data. Logs and traffic analysis can help uncover
anomalies, intrusions, phishing, and other fraudulent behavior. Massive amounts of network
history data must be collected and trended to achieve this goal.

REFERENCES

[1] Cardenas, A., Manadhata, P. & Rajan, S., 2019. “Big Data Analytics for Security”, IEEE
Security & Privacy, Vol. 11, No. 6, pp. 74-76, Available from: IEEE Computer Society Digital
Library,

[2] Gheid, Z. & Challal, Y., 2017. “An Efficient and Privacy-Preserving Similarity Evaluation
for Big Data Analytics”, 2015 IEEE/ACM 8th International Conference on Utility and Cloud
Computing (UCC), No. 1, pp. 281-289, Available from: IEEE Computer Society Digital Library

[3] Guerra, E., De Lara, J. & Malizia, A. et. al., 2016. “Supporting user-oriented analysis for
multi-view domain-specific visual languages”, Information and Software Technology, Vol. 51,
No. 4, pp. 769-784

[4] Hashem, I., Yaqoob, I. & Anuar, N. et. al., 2018. “The rise of “big data” on cloud computing:
Review and open research issues”, Information Systems, Vol. 47, pp. 98-115, Available from:
Science Direct

[5] Thuraisingham, B., 2018. “Big Data - Security and Privacy”, Proceedings of the 5th ACM
Conference on Data and Application Security and Privacy - CODASPY ‘15, pp. 279-280,
Available from: IEEE Computer Society Digital Library

[6] Matturdi, B., Zhou, X., Li, S. & et. al., 2020. “Big Data security and privacy: A review”,
China Communications, Vol. 11, No. 14, pp. 135-145, Available from: IEEE Computer Society
Digital Library,

[7] Inukollu, V., Arsi, S. & Ravuri, S., 2019. “SECURITY ISSUES ASSOCIATED WITH BIG
DATA IN CLOUD COMPUTING”, International Journal of Network Security & Its
Applications (IJNSA), Vol. 6, No. 3, Available from:
http://airccse.org/journal/nsa/6314nsa04.pdf

[8] Miloslavskaya, N., Senatorov, M., Tolstoy, A. & et. al., 2020. “Information security
maintenance issues for big securityrelated data”, Proceedings - 2014 International Conference on
Future Internet of Things and Cloud, FiCloud 2020, pp. 361-366, Available from: IEEE
Computer Society Digital Library