By Tom Murray, Head of Product Strategy for LifePlus Solutions at Majesco.
This has involved using new tools to allow staff to be managed, to collaborate in teams, and to deal with the customer base. For the life and pensions industry, this has got to be the hottest topic of the moment. Sure, technology will allow us to dramatically improve overheads and provide insurance services in a far-more customer focused way than heretofore. But the very nature of our business and the type of information we hold means that data privacy and security have got to remain our number one priority as we embrace our digital future.
Our customers have to give us a lot of personal information, ranging from their health details and family history to their current financial position and future goals. This is the kind of information that is clearly dangerous to lose and could cause huge problems for the organisation that loses it.
The primary issue most companies need to focus on is the security of their distributed networks. With so many people connecting to the network from the outside, the task of authenticating the users has become much harder and the need for multiple levels of authorization complicates the task of having so many external people logging in.
What is new is the scale of the number of staff who are working from external sites, in this case their own homes, who are dealing directly with customers via conferencing systems and also using them to connect to other staff. The amount of customer personal information being discussed on these calls and shared among groups of staff that are not in environments controlled by the company means that there are many weak links in the process that didn’t exist before.
Data supplied for a legitimate purpose cannot be generically used across the organisation. It may be very tempting to use such data to offer services and products to people based on the information the company has stored in the organisation, but without the specific consent of the customer, it is not permissible to do so. But ensuring that this doesn’t happen is much more difficult when the employees are working from home. This is a completely different environment and one in which the company has no control over who is there, and what they can see and overhear.
As a result, employees have become one of the biggest risks for a company in terms of their control of customer personal data. Employees, either through carelessness with the security of the data they have available to them or through the temptation to use it in ways for which no consent has been obtained, are constantly at risk of mis-using personal data. The risks of data being shared across video systems or screenshots being captured by customers is something that is very difficult to manage. And it’s unlikely that the regulator will show any tolerance for data breaches that have happened just because the life company had to re-engineer its business processes practically overnight. The possibility of fines from regulators, not to mention the risk of collective action lawsuits from aggrieved customers, is something that all firms should be aware of and be working to mitigate.
Then, there’s the fact that extensive use is now being made of conferencing technologies that were never really used before and possibly haven’t had the level of security testing that would usually be in place before adopting these in normal times. And the difficulty of knowing just who is on the other end of a call, when the company has zero ability to control access to this new “workplace”.
Amid the excitement of new technology and the creativity of the employees, new ways of doing business and keeping customer satisfaction high are being developed. These are exciting breakthroughs for an industry that was notoriously a laggard in adopting customer-friendly processes. But they need to be accompanied by strict data protection policies adapted for the new environment.
Life and pension firms need to update their policies on data protection and cyber-security and ensure that all staff are being trained in them for the new environment they are working in. One of the best defences for any issue that arises is that strict policies are in place and that the firm is endeavouring to ensure staff compliance. With distributed workforces, this has just become so much harder, but efforts need to be made both to keep data protection levels high and to be able to demonstrate this to regulators, if the worst happens.
|
