Back in August, at the pinnacle of the summer farm show season, a group of precision ag specialists, educators and even a few advanced growers descended upon Iowa State University in Ames, IA, where PrecisionAg magazine hosted our first-ever “Big Data: Managing Your Most Elusive Farm Asset” workshop.
With a day filled with presentations on topics ranging from Understanding the Value of Data to The State Of Data Standards In Agriculture, the inaugural event pretty much proved itself worthy of attendees’ time and effort in making the trek out for the event.
And while all of the presenters had intriguing messages for audience members, one of the more enlightening presentations from that August day in Ames was Oklahoma State University professor Dr. Shannon Ferrell’s talk on maintaining data privacy standards in a today’s world of automated data transfer.
Protection Requires Proaction
An on-stage selfie was likely far from top-of-mind on what kind of things to expect when attendees signed up for the Big Data workshop. Yet that’s exactly how Dr. Ferrell opened his presentation, although he didn’t take the selfie just to show off on social media. It was to make a point about data in precision agriculture and how it’s being collected.
And just what was that point? That, like many of the unsuspecting audience members now making up the background of Ferrell’s selfie (whether they liked it or not), growers today also find themselves subject to their data being collected without their immediate knowledge and/or consent.
“From the moment your tractor or combine sets out from the factory now, your machinery is talking whether you told it to or not,” Ferrell continues. “As the equipment purchaser, you have the right to tell the dealer ‘Hey, shut it off. I don’t want my modem talking to you.’
“But nobody ever does that, because that’s the default setting and that takes an affirmative action on the part of the user to opt-out. Just like me saying ‘Hey, is it okay if I take a selfie?’ and some of you went (shakes head no), but did you do anything to more affirmatively opt out of that data collection? No, you sat there and continued eating your donut.”
NDAs For Ag
So how does a producer not just “sit there eating a donut, and take proactive steps to protect data from non-approved disclosures?
Unfortunately, according to Ferrell, it sounds like something that will involve that oft-dreaded “L” word: Lawyers.
Ferrell says the first step to protect data is to have a strong and comprehensive Non-Disclosure Agreement (NDA) drawn up and agreed to by all parties, prior to the first data collection event.
The NDA should include a substantial amount of specific information, including what data is to be kept secret, what data isn’t secret and what happens when one of the parties violates the NDA.
Still, a well-drawn out and agreed upon NDA isn’t the end-all-be-all when it comes to data security.
There are limitations to NDAs, according to Ferrell, and they are:
- When the disclosing party fails to use reasonable efforts to maintain secrecy.
- When the information in question is already generally known or ascertainable via other means.
If the information can be learned from either independent discovery or reverse engineering.
“At the end of the day though, what’s so critical is to understand that you need to prevent disclosure by having a good, clear understanding and relationship with your service provider so that the data just doesn’t get disclosed,” cautions Ferrell. “You can have the best NDA in the world … but if the data’s out there … you just cannot un-ring that bell.”
According to Ferrell, there are myriad rules and regulations (enforced by the Federal Communications Commission) in place currently governing data when it’s contained in personal communications such as telephone conversations, text, voice and e-mail messages. But data captured on the farm has largely been ignored by the legislature up until this point.
That all could change very soon. Coming down the pipeline are potential statutory regulations on data ownership, data storage and disclosure, a decision on whether End User Agreements are enforceable, as well as rules differentiating the handling of aggregate data vs. standalone (farm level) data.