By Tom Murray, Head of Product Strategy Life Plus Solutions, Majesco.
In particular, the social media giants have been put on the hot-spot by regulators responding to uneasiness in society about how much information they hold. Even those who do not subscribe to these platforms are finding that information about them is available to the large data giants. This is because those members, who do post often, post about other people who were with them and are thereby accidentally posting enough information for the views or preferences of the non-user to be revealed.
Much of the media focus has been on the security side, with the spotlight being focused on a seemingly endless series of data breaches, with passwords and usernames being harvested, along with credit card and bank details in the most egregious cases. But the dangers of the mis-use of information by the company themselves is much higher and could ultimately cause them far more in terms of compensation or reputational damage if they get it wrong.
For the life and pensions industry, this has got to be the hottest topic of the moment. Sure, technology will allow us to dramatically improve overheads and provide insurance services in a far-more customer focused way than heretofore. But the very nature of our business and the type of information we hold means that data privacy and security have got to remain our number one priority as we embrace our digital future.
Our customers have to give us a lot of personal information, ranging from their health details and family history to their current financial position and future goals. This is the kind of information that is clearly dangerous to lose and could cause huge problems for the organisation that loses it.
It is a difficult balancing act; providing the online real-time services that the customer wants whilst at the same time ensuring the confidentiality that the customer demands is a big ask. There are plenty of technical security solutions and, while none of them are perfect, there are at least standard approaches to ensuring the protection of data from external sources.
However, internally, it is also important that we are focused on the privacy of data. Data supplied for a legitimate purpose cannot be generically used across the organisation. It may be very tempting to use such data to offer services and products to people based on the information the company has stored in the organisation, but without the specific consent of the customer, it is not permissible to do so.
Hence, probably the biggest risk to companies, in terms of the customer data, is their own people. Employees, either through carelessness with the security of the data they have available to them or through the temptation to use it in ways for which no consent has been obtained, are constantly at risk of mis-using personal data. And the fines from regulators, not to mention the possibility of collective action lawsuits, should be enough to keep board members awake at night.
Amid the excitement of new technology and the creativity of the employees, new ways of doing business and keeping customer satisfaction high are being developed. These are exciting breakthroughs for an industry that was notoriously a laggard in adopting customer-friendly processes. But those putting the brakes on in the name of data security aren’t holding the firm back, they are keeping the customer at the forefront of their mind. Customers who feel that their data is being used too freely will be very resistant to the new products and services that are aimed at them.
Processes and procedures might seem to inhibit innovation. But the risks involved in too lax an approach are very high. Getting the right balance for this is difficult. The companies that know how to walk this thin line will be the real victors of the 21st century.
|