Four reasons Australian firms are dialing back on data collection
While the use of data-driven ways of working continues to soar, attitudes of Australian organisations towards excess data collection and personal privacy are shifting. Ashley Diffey, Vice President Sales APAC and Japan at Ping Identity, shares four reasons behind the shift.
Reason #1: Attack surface reduction
The obvious reason for this shift is the scale, profile and nature of personally-identifiable information (PII) breached in recent attacks. These incidents instantly educated Australians about the amount of data held about them, where, and under varying degrees of security and control. Repetitive oversharing of PII data to access places or services became top-of-mind.
For businesses, reducing their attractiveness as an attack target – and the potential to be on the wrong end of a $50 million privacy breach fine – is an obvious reason to dial back on their own data collection, and embrace alternative methods of establishing customer identity.
Identity data will never not be valuable, because identity touches everything. It is the perimeter of security – if I can be you then I can access everything that you are allowed to access.
One way to resolve this is to reconsider whether the amount of personal data and documents collected and retained is necessary – data retention may be for opaque regulatory reasons. However, it may also be that the need to store that data has passed, and/or that there are better ways of establishing a person’s identity than having to keep a multitude of documents and data fields on file.
Reason #2: Meet customer expectations
Meeting customers’ evolving expectations of privacy is equally important. Even before the recent wave of breaches, the line on privacy expectations has been drawn for some time, and it simply makes good business sense to reach that line, if not exceed it.
We know consumers expect companies to protect them and their data. In addition, consumers increasingly favour organisations that prioritise security, particularly for authentication; 53% of breach and online fraud victims “are more cautious about revealing information” to organisations again, owing to their experiences; and four-in-five customers “stop engaging with a brand online following a data breach”.
Based on what we know about consumer behaviour and attitudes towards security and privacy, it makes sense to meet or exceed expectations, to foster trust and create comfort. Such conditions enable consumers to feel safe when transacting with a business or service provider.
Reason #3: New models make data reduction possible
Data reduction is only feasible if alternative methods for strong authentication exist. Businesses are dialing back on their data collection now largely because they can.
The advent of digital identity exchange models like ConnectID provide a real commercially-viable path for businesses to transform the way they establish and verify the identity of customers seeking to interact with them, without impacting assurance or raising risk levels.
Australia currently has many “islands” of identity; banks, telcos and governments that have verified people’s identities to a high extent. Under ConnectID, these identities become reusable.
ConnectID acts as “connective tissue” between the customer, a trusted identity provider and a new third-party seeking to establish the customer’s identity. Customers have the flexibility to choose which existing trusted identity they have that gets used; giving them more control over the way they establish their identity, and limiting the amount of information every future organisation they transact with needs to have on file.
Businesses can still fulfil their authorisation requirements, while enjoying a massively reduced risk profile.
Further reading: Overcoming data insight limitations with a data lakehouse.
Reason #4: Digital simplification
There’s also a digital dividend for businesses that commit to data reduction: it materially simplifies digital processes or workflows, such as a customer onboarding or login process.
Extracting personal data from uploaded copies of identity documents to autofill online forms, and separate verification requirements, often add several steps or clicks to a digital process. If steps can be removed, without compromising the efficacy of the process, the interaction can be completed faster and in a more privacy-conscious manner, and customer experience is improved.
Where a better customer experience is offered, it improves onboarding flow and funnel conversion, without having to sacrifice or compromise on security and trust. This is a win for businesses everywhere.
Businesses can also benefit by adding transparency data to their customer-facing portals and apps. Customer confidence increases when there is transparency about what data is held, for what purpose, and under what conditions it may be shared. If that information is easily visible in a dashboard, and the customer potentially has control over some or all of the settings, businesses may see further upside in customer loyalty and satisfaction.
Collectively, these are the key reasons for product and digital teams in customer-facing industries – from utilities and telcos to insurers and ecommerce operators, and beyond – to kick off an internal discussion about data reduction, develop a strategy and roadmap, and to start putting it into action.