Data mining and privacy

July 15, 2012 |

The Age has run a long piece on data mining (found here). The privacy implications of unrestricted data mining has been well known for some time.  The scope for abuse of a database is significant, particularly when it contains financial details such as credit card numbers etc…  Even addresses, phone numbers and other identifiers provide the raw material for identity theft and fraud.

The article provides:

You’re walking by a shop you’ve been to in the past. Your mobile phone beeps and you find a text message offering you a discount if you buy something in the next 15 minutes.

Is it a great offer or an unwanted intrusion?

Are you happy that the phone company and the retailer know enough about you to create personalised marketing?

Or do you find it creepy that you can’t walk down the street in peace?

Advances in technology are creating dilemmas for large, traditional companies that are already familiar to the giants of internet commerce.

Vast reams of data offer apparently boundless opportunities. But they come at a cost and companies chasing them run new risks.

Once there were marketing surveys. Companies sent researchers out with clipboards and the information they collected from consumers was analysed using a mixture of maths and intuition.

About 20 years ago, increases in computing power allowed marketers to look for useful patterns much faster in much larger batches of research, known as data mining.

Now we are in the era of big data, where new and old sources offer information in mind-boggling volumes. The promise is that machines will find valuable trends in consumer behaviour for which humans haven’t thought to look.

Every time we make a phone call, click on a website link, send an email or swipe a card through an electronic reader, we are creating a record that can be stored and later analysed by computers.

New software slices and dices unstructured information shared on the internet, whether it be text, voice or video.

Offline movements – of people, of cargo, of weather patterns, of anything measurable by a mechanical sensor – can be captured and scoured for patterns.

The first companies to take advantage of these opportunities were born in the internet era.

Google offers website owners an analysis of traffic on their site, such as whether new content is popular, whether a promotion is driving traffic, and the effects of tweets and blog posts.

Facebook has a similar service, tracking use of an advertiser’s page, which shows the number of users who like and comment on the page, and how many stories about the advertisers brand are being created and shared.

Pure online retailers such as Amazon tailor their marketing to consumers based on details left on Amazon’s website of how those customers have behaved in the past.

Now large companies in traditional industries are learning the benefits and pitfalls of knowing things about their customers that marketing executives of the late 20th century could have only imagined.

Every day, the National Australia Bank records details of 2 million electronic transactions.

The information, stripped of material that would identify individual customers, is passed to a joint venture the bank established four years ago with a Sydney data analytics company, Quantium.

Quantium’s analysts, many of them actuaries trained in making predictions for insurers and life insurers, interpret the information for NAB and NAB’s business customers.

The joint venture, Market Blueprint, is also a business in its own right. Third parties can buy the data for their own market research.

A Quantium director, Tony Davis, says every electronic transaction that appears on a credit card statement or bank statement is captured.

”With aggregated data, we can paint some very accurate pictures of what types of customers are spending money in which category,” Davis says. ”Once you can understand how broad customer types are behaving, different businesses are able to measure their own performance against the broader market.”

The data can be used to gauge how much people are gambling online or how much people are buying petrol, so the popularity of differing forms of transport can be compared.

”The huge volume of transactions we all make through technology, not always online, not always through social networks, means that the forms of data get magnified and the insights that can be identified from that have just exploded on the back of the digital revolution,” Davis says.

Those who can exploit the opportunity at the lowest cost already collect data from their own customers. The giants of clicks and swipes – banks, telecommunications companies and retailers – are at the forefront.

They have the potential to gain more from the arrival of big data than pure online companies such as Google, Facebook and Amazon, says a partner in IBM’s business analytics and optimisation division, Graham Kittle.

”The opportunity for the banks and telcos and retailers is enormous because of the strength of their brands,” Kittle says.

And despite the internet’s tradition of spawning new companies and being a force for individual action, this trend is entrenching the establishment.

”Big data is a richer opportunity at the big end of town, with large corporations having more of it,” Kittle says.

He expects to see more activity in the area as young executives, comfortable with how information is shared on the internet, are promoted in large companies.

”A younger generation of people who are getting senior roles understand the value of data and the impact it has on customer service and marketing,” he says.

For all companies the cost of storing data is plummeting.

Kittle says 15 years ago a company would have paid hundreds of thousands of dollars to store the amount of data that today can be held on a $69 disc.

”The opportunity to use that data and find ways to improve the customer experience and therefore increase customer satisfaction and therefore increase retention is huge,” he says. ”There are not a lot of organisations today that have yet embraced what we would call big data.”

Large banks, telcos and retailers have been slow, but that was due to a caution that could stand them in good stead.

”They have very strong standards around data,” Kittle says. ”They are very careful about protecting brand integrity and not wanting ‘reputational’ risk. The major asset that banks, retailers and telcos have is trusted brands and that’s going to become more apparent and heavily leveraged over the next few years.”

When Facebook offered shares to investors earlier this year, it was required to spell out the risks to its business model in its prospectus.

They included the prospect of damage from ”concerns related to privacy and sharing, safety, security, or other factors”.

Another danger was if ”we adopt policies or procedures related to areas such as sharing or user data that are perceived negatively by our users or the general public”.

Davis says the expense of analysing data is only worthwhile if the customer ends up happy.

”Organisations are foolish if they think they can be fast and loose with customers’ data,” he says.

”The company is required to have sought the permission from the owner of the data, the customer, to use it in a way that’s reasonable, and to make sure that the customer has full understanding of how that data is going to be used, and that all that is done within privacy principles and privacy legislation.”

The regulator overseeing that legislation, the Privacy Commissioner, Timothy Pilgrim, says there are commercial risks – chiefly the threats of identity theft and fraud – for companies that are ”looking at their customer databases as being a new asset”.

”Organisations need to realise they are collecting what can be quite powerful sets of information that can impact on individuals’ lives if it’s misused or if it falls into the wrong hands,” Pilgrim says.

He says ”significant data breaches” he has investigated in the past 12 months include the hacking of Sony’s worldwide PlayStation customer base, which he concluded did not breach Australian law, and his finding last month that Telstra breached the Privacy Act in December when account details of 734,000 customers were accessible on the internet.

”If organisations fail to have the proper systems in place, they run the risk of losing the trust of their customers and having their customers go elsewhere, where they think they can have their information better protected,” Pilgrim says.

Telstra declined an interview request, but said via email that ”the incident resulting in some of our customers’ bundles information being accessible online last year is not related to Big Data or data mining”.

The company ”deeply regretted” what happened, had identified ”a number of areas where our technology, processes and training have to be improved” and had ”taken actions to improve all of these areas and will continue to do so”, it said in its email.

The Herald reported last week that the telco’s chief executive, David Thodey, had emailed staff following a recent second episode saying ”customer privacy is not negotiable”.

The email followed publicity about Telstra sending internet addresses visited by its smartphone customers to one of its commercial partners in the United States which is developing a product to filter internet access by children using smartphones.

”Some of our customers may feel we have broken their trust, and, frankly, they are entitled to feel that way,” Thodey said in the email. ”The hard reality is it will take months of hard work to win back that trust.

”Of course, the truth is we care deeply about customer privacy. That’s why I want to remind everyone that privacy is not an aspiration at Telstra – it is an essential requirement and our licence to operate.”

Pilgrim, the Privacy Commissioner, says an associated risk for companies is that the vast databases they amass ”become like a honeypot to people who have malicious intent”.

”It sometimes puts an organisation at risk from having too much information,” he says.

Another potential problem is that some people try to protect themselves from identity fraud or theft by giving false answers if companies require information before providing a product or service.

”People do that in the hope that if it does leak out, it won’t be valuable enough,” Pilgrim says. ”That’s also a risk to organisations who rely on having accurate information to be able to deal with their customers.

”Organisations should think carefully about what they are asking for.”

As the commercial exploitation of data increases, the benefit to companies will depend on what customers perceive they are receiving in return for revealing their personal information.

The sensation that a business is listening to them and tailoring products and services to them might not be enough.

Large retailers are offering a more explicit trade-off to shoppers via loyalty programs.

The Coles supermarket chain, which recently revamped its Flybuys scheme, offers scheme members discounts on their groceries and points that can be redeemed for flights, petrol and retail goods.

The general manager of strategy for Coles, Richard Wormald, says the company is not interested in the shopping habits of individuals and aggregates its data into groups.

”Any group of less than 5000 individuals is really too hard,” Wormald says.

”It’s beyond our capability to understand their behaviour because the group is not statistically significant and we can’t leverage our buying scale to offer value to such a small group.

”We might look at young mums who buy nappies and say ‘what else do they buy?’, and then we send offers that really do try and add value for them.”

While Coles analyses purchasing behaviour by large groups, it collects individual information for two reasons. One is to obtain ”life stage” data that cannot be picked up by analysing sales, and the other is to obtain customers’ names and email addresses.

”People respond better to personalised offers,” Wormald says.

Coles also uses this data to determine where to put a new store, just how big it should be and how it should be laid out.

”That’s far more valuable than what people actually see, which is that we sent them another offer,” Wormald says.

Privacy breaches and database hacking are the major risks Coles has identified.

”From our perspective I think the risk is if we fail to deliver our end of the bargain, which is to keep customers’ data private, then rightly they will throw their loyalty card in the bin,” Wormald says.

He says the costs of maintaining the database can be covered by the revenue raised from selling points.

When Coles revamped the Flybuys scheme earlier this year it introduced partners including Telstra, AGL, Webjet and GE, which buy points from Coles to pass on to their own customers.

”When we renovated the scheme we could see it could be genuinely accretive to profit apart from all the data benefits we get,” Wormald says.

He foresees a time when a Coles television advertisement will be shown to selected customers, who will then be able to use their mobile phones to order the featured product.

”Today there’s a lot of wasted spend in the marketing space for mass offers that are irrelevant to a large number of people,” he says. ”TV will eventually move on to the internet and really become just another website that can be targeted and relevant the same way that an email communication can be targeted and relevant.”

Quantium’s Tony Davis says the commercial use of big data will not be confined to tracking customers’ online behaviour.

He offers the example of a car insurer installing technology to record customer behaviour that is used to determine premiums.

”The insurer measures where you are travelling, how fast you are going, how hard you brake, whether you are a safe driver or an erratic driver, and you can be charged on that basis,” he says.

”It’s a technology-driven means of data capture which has really nothing to do with social or online transactions.”

But those uses will not compare with ”the enormous wave” of information from the way we interact through the internet, and social networks in particular.

”The amount of data that’s captured and utilised by big business from those data sources is still very immature,” he says.


Leave a Reply