CIO

How Telstra, Bank of New Zealand and iCare convince customers to share data

Responsible use and explaining why crucial

In 2017, the New Zealand Accident Compensation Corporation (ACC) – which manages a scheme to cover citizens and visitors who are injured in an accident – came under fire for using a prediction modelling tool to highlight which of its clients may be on the scheme for long periods.

The ACC was accused of possibly using the tool to decline applicants with long predicted treatment times, or following cues to “harass and harangue” someone to get off the scheme if the tool decided they had been on it for a long period.

Researchers called on the ACC to come clean about how the tool was being used. Critics called the lack of transparency “unacceptable”.

The tool used client data from 364,000 claims lodged between April 2007 and May 2013. At the heart of the criticism was the fact people weren’t aware their data was being used in this way.

“People have a right to know what is being done with their data by the Government," said specialist ACC lawyer Warren Forster.

The ACC responded by saying clients gave up their information when they agreed to its privacy notice.

Cases such as these serve as a warning to companies wanting to use their customers data to train AI systems and improve services. Just because organisations have sought the legally required consent to use data doesn’t make them immune to a backlash from customers.

Avoiding such a situation was a central talking point at a discussion at a SAS event in Sydney last week, by a panel featuring Telstra data, reporting and analytics executive Liz Moore; Bank of New Zealand head of data strategy and transformation, Sonya Crosby; and chief risk officer of NSW workers compensation scheme iCare, Gavin Pearce.

“They collected data for one purpose and were using it to essentially triage claims. The public probably got the wrong end of the stick. There was an absolute media storm,” said Pearce

“[The ACC response] was almost ‘nothing to see here’ instead of going down that transparency route of saying this is what we're doing and why,” he added.

(l-r) SAS’s Deepak Ramanathan, Telstra’s Liz Moore, iCare’s Gavin Pearce, Bank of New Zealand’s Sonya Crosby and Professor Ujwal Kayande from Melbourne Business School
(l-r) SAS’s Deepak Ramanathan, Telstra’s Liz Moore, iCare’s Gavin Pearce, Bank of New Zealand’s Sonya Crosby and Professor Ujwal Kayande from Melbourne Business School

Transparency

“The way it needs to be managed is all about transparency. This is the customer’s data not our data. So whenever we’re wanting to support them using that data in any way we need to tell them. We need to explain the purpose for which it’s being used and make sure you have explicit consent,” said Crosby.

“That visibility is really important, if people understand the why and if the context is correct and its delivering a benefit to the customer than that’s half the problem solved,” she added.

The sentiment was echoed by Telstra’s Moore who was previously in a marketing focused role at the telco.

“It’s us being really clear and communicating effectively around what that specific benefit is. And being really clear about what we’re doing rather than using industry jargon,” she said.

Page Break

Pearce added that companies needed to be extra cautious about using customers data.

“Conversations are changing to ‘data ethics breaches’. You haven’t technically breached the privacy laws but the public sentiment, the pub test says you’ve failed,” he said.

“You have to take an outside in view. We might think we’re doing something that’s completely aligned with the purpose of the data, its collection and use, but if the general public says no that’s not the case, then you’re in trouble,” Pearce added.

Consent

Companies are allowed to collect personal information about their customers, but “only where it is reasonably necessary for, or directly related to, the organisation’s functions or activities,” and with their consent, as per the Privacy Act 1988 and Australian Privacy Principles.

Going beyond the legal necessities is crucial to winning and maintaining customers’ trust, the panelists agreed.

“It’s about informed consent. Not a 17 page two-point font document that you ask customers to agree to once a year. It’s really being clear and contextual,” Moore said.

“As custodians of data having that ongoing dialog with customers is going to become more and more important as people are fine for that use but not fine for that use. Being much more granular about getting consent for specific use cases,” she added.

And when a customer says no, Moore said, “we absolutely have to respect that”.

At present, not many companies in Australia and New Zealand had quite figured this out, said Crosby.

I would say there’s a lot of talk and not enough walk. Businesses are still working in old marketing games of static rules and blanket approvals. We need to get away from that,” she explained.

Human centred design

One of the best ways to ensure customers were on side with their data being used to improve services is to involve them in the design process.

Human-centred design is a well-established approach to systems development that aims to make systems usable and useful by focusing on the users, their needs and requirements.

“Getting the customer involved right at the beginning of these pieces is so important,” Pearce said. “We’ve embraced human centred design.”

Telstra and Bank of New Zealand had also adopted the approach to new services and features.

“With great power comes great responsibility,” said Pearce. “You have to get that balance right. We are the custodians of the data. Privacy is not something that should constrain you. If you want to do great things you’ve got to do it in an ethical way.”