Reading List: Big Data, Security and Privacy

August 4, 2014

The U.S. Chamber of Commerce Foundation has compiled a reading list for those interested in topics related to Big Data and data-driven innovation. This list includes articles from newspapers, magazines, websites, and academic journals. Many of the more notable articles are annotated.

The reading list is divided into 13 sections. (Read the full list here.)


The section below includes items offering an overview of Big Data, security and privacy. To add to the list, email


Big Data, Security and Privacy


Abelson, H. and Kagal, L. (2010) Access Control is an Inadequate Framework for Privacy  Protection, W3C Workshop on Privacy for Advanced Web APIs 12/13 (July) London.

The authors argue that the current framework for evaluating and assessing privacy risks, “information access,” or the focus on how information comes to be known, is no longer viable given new big data-related technologies. Hence, they suggest, focus should instead be given to “how information is used,” following precedent, e.g., in Brandeis’s and Warren’s opinions about privacy.

Acar, G. et al. (2013) “FPDetective: Dusting the Web for Fingerprinters,” Proceedings of CCS November.

The authors report on the design and implementation of a particular framework (FPDetective) for the detection and analysis of web-based fingerprints, i.e., identifying information for individuals based on web browser use. They conduct a large scale analysis of the million most popular websites and conclude that the adoption of fingerprinting is more widespread than previously thought, arguing that two common countermeasures to fingerprinting are insufficient. The authors suggest that a change in how users, companies, and policy-makers engage with fingerprinting is needed.

Aggarwal, C. C. and Yu, P. S. (eds.) (2008) Privacy-Preserving Data Mining: Models and Algorithms, Springer: New York.

Al-Khouri, A. (2012) “Data Ownership: Who Owns My Data,” International Journal of Management & Information Technology, Vol. 2. No. 1, November

Alstyne, M. V., Brynjolfsson, E. Madnick, S. (1995) “Why Not One Big Database? Principles for Data Ownership,” Decision Support Systems Vol. 15 Iss. 4, December, pp. 267-284.

Andrews, L. (2012). I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy. Simon and Schuster

Billitteri, T. J. et al. (2013) “Social Media Explosion: Do social networking sites threaten privacy rights?” CQ Researcher (January) 23:84‐104.

Birnhack, M. (2013) “S-M-L-XL Data: Big Data as a New Informational Privacy Paradigm.”

Butler, D. (2007). Data sharing threatens privacy. Nature News, 449(7163), 644–645.

Cate, F. H. and Mayer-Schönberger, V. (2012) “Notice and Consent in a World of Big Data,”Microsoft Global Privacy Summit Summary Report and Outcomes, November.

---- (2013) “Notice and consent in a world of Big Data,” International Data Privacy Law 3.

Cavoukian, A. and Castro, D. (2014) Setting the Record Straight: De-Identification Does Work, Information and Privacy Commissioner, Ontario Canada.

Centre for Information Policy Leadership (2013) Big Data and Analytics: Seeking Foundations for Effective Privacy Guidance,” A Discussion Document, February.

Cisco (2013), “Solutionary Boosts Security with Cisco and MapR Technologies,” Customer Case Study

Cloud Security Alliance (2014) “Big Data Working Group: Comment on Big Data and the Future of Privacy,” March.

Cukier, K and  Mayer‐Schoenberger, V. (2014) "How Big Data Will Haunt You Forever," Quartz, March 11.

Davenport, T. H. and Reidenberg, J. R. (2013) “Should the US Adopt European-Style Data Privacy Protection?” Wall Street Journal, March.

Davenport, T. H., Harris, J. G. (2007) “The Dark Side of Customer Analytics,” Harvard Business Review, May.

Driscoll, K. (2012). From Punched Cards to “Big Data”: A Social History of Database Populism. communication 1, 1(1).

Dwork, D. (2011) “A Firm Foundation for Private Data Analysis,” Communications of the ACM, 54.1.

This paper outlines a novel approach to data analysis, which aims to maintain the utility of databases while ensuring individual privacy. This approach, “differential privacy,” separates the utility of the database from individual data by randomizing responses “so as to effectively hide the presence or absence of the data of any individual.”

Evans, B. J. (2011) “Much Ado about Data Ownership,” Harvard Journal of Law & Technology, Vol. 25 No. 1.

Fienberg, S.E. (2013) "Is the Privacy of Network Data an Oxymoron?" Journal of Privacy and Confidentiality, 4:2.

Gindin, S. E. (2009-2010) “Nobody Reads Your Privacy Policy or Online Contract: Lessons  Learned andQuestions Raised by the FTC's Action against Sears,” Northwestern Journal of Technology and Intellectual Property 1:8.

Gurin, J. (2013) “Open Data Trends: Cities, FOIA, and Open Science,” Open Data Now, March.

Hardy, Q. (2014) “How Urban Anonymity Disappears When All Data Is Tracked,” The New York Times, April. 

Harrison, T. et al. (2011) Open Government and E-Government: Democratic Challenges from a Public Value Perspective Proceedings of the 12th Annual International Digital Government Research Conference, June 12–15.

Hart, D. (2000) “Data Ownership and Semiotics in Organizations, or Why ‘They're Not Getting Their Hands on My Data!’” PACIS Proceedings, Paper 30.

IBM (2013) Security Intelligence with Big Data

IBM Institute for Business Value (2011) Opening up government: How to unleash the power of information for new economic growth Global Business Services Executive Report.   

Information Age (2012) “Privacy, Smart Meters and the Internet of Things,” July.

Khan, S. M. and Hamlen, K. W. (2012) “Anonymous Cloud: A Date Ownership Provider Framework in Cloud Computing,” Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications pp. 170-176.

Lane, J. et al. (2014) Privacy, Big Data, and the Public Good, Cambridge University Press.

Lathrop, D. and Ruma, L. (2010) Open Government: Collaboration, Transparency, and Participation in Practice (1st ed.). O’Reilly Media.

Mackie, C. and Bradburn, N. (eds.) (2000) Improving Access to and Confidentiality of Research    Data, National Research Council, Washington, D.C.

Mundie, C. (2014) “Privacy Pragmatism: Focus on Data Use, Not Data Collection,” Foreign Affairs, March/April.

Nature Editorial (2007) A matter of trust. Nature, 449(7163), 637–638.

---- (2008) Community cleverness required. Nature, 455(7209), 1.

Nissenbaum, H. (2009) Privacy in Context: Technology, Policy, and the Integrity of Social Life, Stanford Law Books, November.

Noveck, B.S. (2009) Wiki government: how technology can make government better, democracy stronger, and citizens more powerful. Brookings Institution Press.

Rosen, Jeffrey (2011) “The Deciders: Facebook, Google, and the Future of Privacy and Free Speech,” Constitution 3.0: Freedom and Technological Change, Rosen, J. and Wittes, B. (eds.) Brookings Institution Press: Washington D.C.

Rudin, C. (2013) “Predictive policing: Using Machine Learning to Detect Patterns of Crime,” Wired, August.

Saramäki, J. et al. (2014) “Persistence of social signatures in human communication,” Proceedings of the National Academy of Sciences, 111.3:942‐947.

Shields, G. (2010) Addressing Security and Data Ownership Issues When Choosing a SaaS Provider, Quest Software White Paper.

Sifry, M. L. (2011). WikiLeaks and the Age of Transparency. OR Books.

Smart Grid Consumer Collaborative (2012) Data Privacy and Smart Meters.

Tanner, A. (2013) “The Web Cookie Is Dying. Here's the Creepier Technology That Comes Next,”  Forbes, June.

Tene, O. and Polonetsky, J. (2013) “A Theory of Creepy: Technology, Privacy and Shifting Social Norms,” Yale Journal of Law and Technology 16:59,  pp. 59‐100.  

Thierer, A. (2013)  “Privacy and Security Implications of the Internet of Things.” Mercatus Center at George Mason University.

---- (2012) “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle” Mercatus Center at GMU No. 12-09, February.

Turow, J. (2012) The Daily You: How the Advertising Industry is Defining your Identity and Your Worth, New Haven: Yale University Press.

Vincey, C. (2012). Opendata benchmark: FR vs UK vs US. Presented at the Dataconnexions Launch Conference, Google France, July.

Weitzner, D. J. et al. (2014) “Consumer Privacy Bill of Rights and Big Data: Response to White House Office of Science and Technology Policy Request for Information,” April 4.

Wittes, B. (2011) “Databuse: Digital Privacy and the Mosaic,” Brookings Institute, April.           

Woodbury, C. (2007) “The Importance of Data Classification and Ownership,” Sky View Partners, Inc.

World Economic Forum (2011) Personal Data: The Emergence of a New Asset Class, prepared in collaboration with Bain & Company, Inc.

---- (2012) Rethinking Personal Data: Strengthening Trust, prepared in collaboration with the Boston Consulting Group.

---- (2013) “Unlocking the Value of Personal Data: From Collection to Usage.”

This report offers new policy framework for personal data use, given that the latter has become a crucial ingredient for innovation. Discussed are the need for a case-by-case approach to data regulation, and the importance of weighing security concerns against the benefits of freely flowing data.