With the industrial and mobility revolutions of the 19th and 20th centuries behind us, we now find ourselves in the grip of the 21st-century information revolution. But the excitement that began with the 'digitisation of everything' is, for many organisations, turning into concern that the explosion of data is outstripping our ability to protect, control and make sense of it.
A decade ago, little was digital. Now most information is digitised: photos, music, movies, radio, television and phone calls, as well as words and numbers. The trend seems unstoppable. Every day, something else moves from the analogue to the digital world. Not only is data growing in volume, it's also growing in complexity. Through technology and globalisation, an organisation now connects with a diverse international community of businesses, suppliers, customers, citizens and government departments. Meanwhile, social-networking websites have fuelled an explosion in social connectivity, with huge numbers of people linking up through common interests, goals and affiliations.
In a world where everything and everyone is becoming interconnected through data, remote disruptions ripple across networks like seismic shocks through geological fault-lines. The counter-intuitive 'Pareto effect' comes into play. Seemingly inconsequential events can quickly propagate and amplify throughout the network: good news if you're producing viral marketing, but bad news if you're responsible for security.
At the same time as dealing with the information revolution, organisations also face a spectrum of threats. Highly organised criminals and terrorists - often aided by insiders and third-party operators - possess a dramatically increased range of methods for inflicting harm. The data explosion enables them to camouflage their activities, with the internet now a potent conduit for identity fraud, money laundering, intellectual property theft and counterfeiting.
The increase in centralised government, police and commercial databases alongside monitoring systems such as CCTV and traffic cameras has fuelled concern about the coming of the 'surveillance society'. However, the debate is blurred by a lack of distinction between surveillance and the information that private individuals consent to provide. Many UK citizens will accept surveillance when there is true personal benefit, whether this is money off their supermarket shopping or greater protection from terrorists.
It's important to remain vigilant about state surveillance, but parliamentary scrutiny, legal safeguards and the sheer volume of data mean that the state's 'Big Brother' ability to monitor individuals is much less than most perceive it to be. More worrying is 'Incompetent Brother': large, bureaucratic organisations - both public- and private-sector - that store poor-quality data, use it for making poor-quality decisions, re-use it for purposes for which it was not collected and, as events late last year showed, mislay it.
So what can be done to regain control? First, organisations must improve their levels of data governance. In light of recent data-security breaches, protecting confidential data is a priority. But security in many organisations is not sufficient. And even if data is secure and of good quality, is it relevant to the business or are you just stockpiling irrelevant, obsolete or duplicated data? Boards must be made to understand that data is a valuable business asset that must be properly owned, managed and governed.
Individuals have their part to play too in protecting the security of personal data, particularly given the popularity of social-networking websites. For instance, two key elements of personal identity are biographical history and personal relationships. Such 'memorable' or 'cherished' data underpins online security credentials such as passwords and PINs. So it is remarkable that people use social-networking websites to publish details about their lives, loves, jobs and hobbies to the entire world. Such data is invaluable to identity fraudsters.
Indeed, the increasing amount of data overtly or covertly recorded, uploaded and shared by individuals online is far more personal and sensitive than anything large bureaucracies could keep on us. Unlike Orwell's Nineteen Eighty-Four vision of the all-seeing state apparatus, the day may come when the collective action of technology-wielding individuals creates that capability. Move over Big Brother - meet Big Citizen.
It's hard to see an easy way around the data-privacy question, and bureaucracy will remain a significant part of our lives. I believe we need to rethink who really owns our data: governments, corporations or individuals? At present, people wanting to know what information is held on them have to trawl around scores of organisations to request it. We should turn this situation on its head. People should be notified, by right, about what information is held about them and informed whenever it changes. Only by doing this, perhaps facilitated by secure 'Infobanks' that administer the process on our behalf, can we be confident that we remain in control of key data that is truly a part of us.
CV: TOM BLACK - As Group CEO of Detica, Black took the company through its successful IPO on the London Stock Exchange in April 2002. A physicist by education, with significant national security experience, he has spent 20 years with Detica. Under Black's direction, the company has become the leading consultancy specialising in information intelligence, with offices in the UK, the US and continental Europe and a market capitalisation of £250m.