By Obed Lesejane, senior business solutions manager, SAS
The office of the Information Regulator is expected to be fully operational by the end of this year. From then, organisations will have just 12 months to comply with the Protection of Personal Information (POPI) Act, or risk prison terms and fines of up to R10 million.
The onus to protect the personal information of customers comes at a time when businesses have access to more information about their customers than ever before, and are using that information to improve their services and to offer personalised, real-time offers to customers.
It’s gotten to a point where, if you aren’t using data analysis to target the right customers with relevant offers, at the right time, then you’re wasting your business’ time and money. Customers expect instant gratification, they expect good service, and they expect to be addressed and treated as individuals, not as a herd.
Big data analytics have helped businesses to strike a balance between getting this type of marketing right and annoying customers with unsolicited communication and irrelevant offers. It could even reach a point where they opt out of such communications and demand that you delete their information – which they will have every right to do once POPI is enacted.
But here’s the conundrum. In order to use analysis to be able to target customers with relevant offers, which could increase sales and improve the customer experience, businesses need access to as much information about their customers as possible. And they already have that access. Data that the organisation has on site, combined with information from social media, the Internet of Things and connected devices paint a comprehensive picture of individual customers, including their networks, likes and dislikes, browsing habits and purchasing behaviours. Together, this information is driving the digital transformation that is reshaping organisations.
But a lot of this information is personal, which has implications for the POPI Act. When it is enforced, the Act will not only dictate how companies collect, store, share and discard customers’ personal information, but also requires businesses to be transparent in terms of what information they’re collecting about their customers and for what purpose.
This has raised questions about how businesses can influence customers’ buying decisions if they do not have access to the information needed to inform those decisions.
Here’s the good news: the advanced data analytics solutions that help businesses better understand their customers are the same solutions that can help them prepare for and comply with the POPI Act. To get started, businesses should take these five steps:
Step 1: Access
To get off the mark, you need access to the systems that store all of your customers’ information. This sounds simple but it can be quite challenging. You could have relational databases that normal drivers can access but you could also have unstructured or poorly structured data. Web logs, social media and network drives storing PDFs, Excel and PowerPoint documents are all part of the same problem.
The more information a business has access to, the more relevant its offers to customers will be, reducing the likelihood of annoying customers and driving them away.
Step 2: Identify
The success of any data analytics projects relies on the availability of clean, structured data. Advanced analytics solutions ensure that there are no data duplications and are able to identify and mask personal information. This is a tricky and massive task but modern solutions have the ability to identify data like identity numbers, health and HR records, and phone numbers and addresses but it’s up to the business to decide who can access that information.
Step 3: Govern
During the governance stage, businesses create roles and responsibilities, and establish terms and definitions so that everyone knows what an ID number is, or what a medical record is. This common ground of understanding links to the identification phase and allows organisations to link business terms to IT terms and create clarity in the organisation, which is crucial for going forward.
Businesses can still get impressive results from analytics without having sight of personal information because solutions are able to hide the data from the analytics process. Businesses also have the ability to implement asset control so that only those with the right permissions can access personal information.
This phase also defines the data lifecycle and helps ensure that businesses only store the information they need in their systems, while still having the ability to build on historical data and identify patterns.
Step 4: Protect
Once you know where your data is and what it’s used for, you can now start to protect it. Data protection can be done using three techniques: by anonymising, pseudonymising or encrypting the data.
Step 5: Audit
This is the final step and includes reporting and the visualisation of data discoveries. In this phase, businesses can see the control measures they’re applying to their systems and the users in the systems, as well as the type of data that’s in use throughout the organisation. Together, this forms the monitoring phase.
When managed correctly, businesses can use data to delight customers for the ultimate prize – their willingness to hand over more of their personal information because they want more of that value. When a customer is annoyed, they’ll start to ask how you got their information. But when businesses embark on a customer experience journey where they want to improve how they are perceived by their customers, advanced data analytics tools can enhance and streamline that process for them, while bringing them in line with POPI regulations.