Data analytics provides an answer to POPI challenges
As the POPI Act looms, businesses are trying to straddle the line between data mining and data protection.
With the proclamation of the Protection of Personal Information (POPI) Act and its attendant one-year grace period looming, businesses that fail to comply will soon risk prison terms and fines of up to R10 million.
However, when it comes to compliance, enterprises in South Africa find themselves walking a potentially slippery slope. POPI will apply necessary pressure on local business to safe-guard customers' personal information.
This comes at a time when businesses are using customer insights based on their personal information more than ever before, in a bid to improve their services and to offer personalised, real-time solutions to customers.
According to Obed Lesejane, Senior Business Solutions Manager at SAS, enterprises that aren't using data analysis to target customers in such a manner run the risk of falling behind in terms of understanding consumer needs and trends. Today, he says, customers expect instant gratification, they expect good service, and they expect to be addressed and treated as individuals, not as a herd.
"Big data analytics has helped many organisations to strike the balance between getting this type of marketing right while not annoying customers with unsolicited communication and irrelevant offers. However, in order to continue to straddle this line and provide customers with the information they want, these enterprises need access to as much data about their customers as possible," he says.
"The challenge here is that a lot of this information is personal – meaning it will have serious implications for the POPI Act. When it is enforced, the Act will not only dictate how companies collect, store, share and discard customers' personal information, but will also require businesses to be transparent in terms of what information they're collecting about their customers and for what purpose."
Lesejane points out that the spectre of POPI has raised questions about how businesses can influence customers' buying decisions, if they do not have access to the information needed to inform those decisions. While these concerns are valid, he says, there is good news: the advanced data analytics solutions that help businesses better understand their customers are the same solutions that can help them prepare for and comply with the POPI Act.
"What is required is for businesses to undertake the following five steps. Start with obtaining access to the systems that store all of your customers' information. This could include unstructured or poorly structured data, such as Web logs and social media. The more information to which a business has access, the more relevant its solutions to customers and the less likely the business is to offend or alienate its customers."
"Secondly, the success of any data analytics project relies on the availability of clean, structured data. Not only is it imperative that there is no duplication of information, but you must also be able to identify and mask personal data. This can be a tricky and massive task, but modern analytics solutions have the ability to identify data like identity numbers, health and HR records, and phone numbers and addresses. It then falls to the business to decide who can access that information."
The third stage, continues Lesejane, is that of governance, where businesses create roles and responsibilities, and establish terms and definitions, such as defining exactly what an ID number is. This common ground of understanding ties into the second phase and allows organisations to link business terms to IT terms and create clarity in the organisation, which is crucial for going forward.
"Remember that businesses can still get impressive results from analytics without having sight of personal information, because solutions are able to hide the data from the analytics process. Businesses also have the ability to implement asset control so that only those with the right permissions can access personal information. This third phase also defines the data lifecycle and helps ensure that businesses only store the information they need in their systems, while still having the ability to build on historical data and identify patterns."
Once you know where your data is, he adds, and what it's used for, you can start to protect it in accordance with the law. Data protection can be done using three techniques, namely by anonymising, pseudonymising or encrypting.
"The final step is the audit stage and includes reporting and the visualisation of data discoveries. In this phase, businesses can see the control measures they're applying to their systems and the users in the systems, as well as the type of data that's in use throughout the organisation.
"When managed correctly, businesses can use data to delight customers in ways that will encourage them to share more of their personal information, because they want more of that same value. On the flip side of the coin, when a customer is annoyed, they'll start to ask how you got their information in the first place. Therefore, advanced analytics tools are now essential, in that they not only enable organisations to improve how they are perceived by their customers, but are, at the same time, able to bring them in line with POPI regulations," he concludes.