Presented By
O’Reilly + Cloudera
Make Data Work
March 25-28, 2019
San Francisco, CA
Please log in

Executive Briefing: Forcing the legal and ethical hands of companies that collect, use, and analyze data

Nick Curcuru (Mastercard)
11:00am11:40am Thursday, March 28, 2019
Average rating: ****.
(4.50, 2 ratings)



In recent years, security breaches have happened to a number of household names, and users feel violated. To give just one example, American consumers learned that the credit bureau Equifax had violated their personal information and didn’t report it. People around the world have shared their valuable, personally identifiable information with companies they trusted, and many of those companies didn’t guard that information appropriately.

More than one out of every four humans on the planet use Facebook every month. In March 2018, the world learned that Facebook had used their personal information in ways that the rank-and-file user had not imagined. A trust, albeit one that was implied rather than guaranteed, had been broken. People believed that while some of their information may have been used to give them a “personalized” experience, information about their friends and family was of no interest to Facebook. Equally, no one ever considered that their personal views on politics, immigration, or religion would be analyzed and assessed to determine if they and their friends and family were vulnerable to being manipulated to act or vote in a specific way. The average social media user never considered that an article by a “news source” could be completely untrue or that photos would be misidentified to manipulate a specific audience’s way of thinking. Now we know differently.

The EU enacted the General Data Protection Regulation on May 25, 2018. From the start, many believed that it was too stringent, caused too many complications, and leveed too many restrictions on businesses. GDPR fines could easily cause many businesses to close their doors permanently. Australia and Japan soon enacted their own versions of GDPR, and the world will likely follow in protecting an individual’s most valuable assets: their identity and privacy. It is expected that the first noncompliant companies will be identified, audited, and fined by the third quarter of 2018. A recent study by Oxford University estimated the true cost to a company for a privacy violation to be far beyond the hefty 4% of global turnover or €20M (per complaint filed)—a heart-stopping nine times the total cost of the fine for reputation damage and business lost from lack of public confidence.

As our global dependence on and addiction to technology, smart appliances in our homes, wearable devices, health information, applications in our cars, and all of the IoT bits that make our lives easier and more interesting grow every day, the volume of big data collected expands exponentially. Nick Curcuru explains why, without a clearly defined ethical treatment of personal data, clear limits that cannot be crossed, and a methodology that is dynamic and recalibrated as technology advances, we will face a customer base that will fear any company that doesn’t have a solid ideology that ensures that every precaution is taken to protect customers from “bad actors” and most importantly, from those inside the company itself.

Photo of Nick Curcuru

Nick Curcuru


Nick Curcuru is vice president of enterprise information management at Mastercard, where he’s responsible for leading a team that works with organizations to generate revenue through smart data, architect next-generation technology platforms, and protect data assets from cyberattacks by leveraging Mastercard’s information technology and information security resources and creating peer-to-peer collaboration with their clients. Nick brings over 20 years of global experience successfully delivering large-scale advanced analytics initiatives for such companies as the Walt Disney Company, Capital One, Home Depot, Burlington Northern Railroad, Merrill Lynch, Nordea Bank, and GE. He frequently speaks on big data trends and data security strategy at conferences and symposiums, has published several articles on security, revenue management, and data security, and has contributed to several books on the topic of data and analytics.