With the number of firms suffering data breaches increasing, and many consumers more aware that their data can be exploited, many companies are focusing more than ever on their data privacy strategies.
Online companies possibly have the easiest access to customer data, as consumers willingly enter their details onto online forms in order to register and log-in.
But where lies the perfect balance of data privacy for the consumer, and commercial success for the company?
Moneysupermarket.com has access to sensitive data similar to that of a bank or insurer. In order to receive a quote, the company would need to know if the consumer has a criminal record, where he or she lives, what car they drive, who their spouse is, as well as a number of other details.
But how long is it appropriate for the company to hold on to this data?
“If you wanted a quote for home insurance and you filled in a form which went out to 50 insurers then I would realistically expect them to have it for a week, or maybe a month because the likeliness is that I won’t transact straight away,” says Moneysupermarket.com’s CIO, Tim Jones.
“But following a transaction, the only firms that should keep that data is the insurer that you have transacted with and Moneysupermarket so that you can use our site again next year – everyone else on the food chain does not have a right to your data,” he adds.
This is something that is not enforced by law at the moment, but will be when the changes to the impending EU data protection directive go live.
Jones believes that ultimately the legislation enables a level of transparency.
“It’s not about hiding things away in the terms and conditions, but being upfront and giving the consumer a choice.
“As long as a consumer feels like they’re in control then there is a higher propensity for their data to be shared. If we make a verbal commitment, we won’t share consumer data with anyone else unless the consumer allows us to. We don’t sell anyone’s data for marketing purposes,” he says.
But the biggest challenge for Moneysupermarket.com is that it shares data with the insurers that it gets quotes from.
“We’re working on looking at if a partner isn’t as transparent and does decide to use consumer data because that tarnishes our brand,” Jones says.
Any data that is passed on to a third party is Moneysupermarket.com’s own responsibility, according to Jones.
“You can’t say it is ok to give them the data and then wipe your hands with it,” he states.
Mittu Sridhara, CIO of global leisure firm TUI Travel, which has a big online presence, agrees with Jones that transparency is essential when it comes to data privacy.
“Transparency with consumers and respecting privacy is key – it is about personalising offers to them and serving them better,” he states.
Sridhara adds that the firm only uses customer data with consent.
TUI Travel, which owns Thomson, First Choice and Laterooms.com, is looking at using predictive analytics technologies to determine what a consumer sees on their website, depending on what they have looked at in the past.
But unlike Moneysupermarket.com, TUI Travel doesn’t rely on its partners for information, and so doesn’t need to share data with third parties.
“We don’t share data, we don’t need to and we don’t as a policy,” Sridhara emphasises.
Meanwhile, Jones insists that there are benefits in consumers sharing more of their data.
“Not for us to share it or sell it but to interpret it. We acquired account aggregation tool OnTrees, which is currently being used for user insight into where consumers are spending their money but eventually we could tell you we know how much you’re paying for your energy, and compare it to what other people on your street are paying and tell you if you switch providers you could save £200,” he says.
But other companies are not yet exploiting customer data to the same extent.
“In terms of customisation into individual levels, we don’t really do that,” says online gambling firm Bet365’s CIO Martin Davies.