Sky data protection lead: ‘Loyalty cards don't offer fair value for the amount of data they take’

Sky's strategic governance manager says that firms need to offer better value for customer data.

Share

Loyalty cards like the Tesco clubcard, “are not offering fair value for the amount of data they are scooping up”, the strategic governance manager for data protection and privacy at Sky said this morning.

“I think in the past, loyalty card value was opaque and now people are starting to realise the trade off for that voucher they are getting,” said Simon Wright, during the Big Data Innovation Summit in London.

Wright warned that firms need to publicly state they will not sell customer information on to third parties - a commitment Sky itself made back in 2010 - to garner trust amongst its customers.

“This is something we do not find acceptable and we would never do...getting it right up front will allow you to collect more data and do the innovative things you want to do without upsetting your customers.”

The much anticipated new EU general data protection legislation - which is slated for the end of this year - should be a focus for all firms that use big data, Wright warned.

The regulation will standardise data protection laws across the continent, which Wright described as a “benefit for us” as it currently has to contend with 17 different rules in Germany in comparison to the UK.

However, it will mean that consent will become increasingly important, and firms will need to provide an audit trail to prove consent at every step of a “customer journey”.

“The nuances could be quite impactful around profiling”.

Firms that buy datasets may need to be careful too. While it is not obligatory to anonymise bought data, you should be certain that consent has been given to the original collector of the data - firms like Experian, for example.

Additionally, anonymisation is not always the silver bullet. Unique identifiers, like browsing data (websites visited) are increasingly viewed as personal data by courts and regulators.

“Browsing data is personal data even if you don’t know the name of the person”, Wright added.

Firms that have fallen foul of data protection regulations have faced repercussions. One American retailer Target, suffered huge reputational loss and the loss of its CIO Beth Jacob following a data breach in 2013 that affected as many as 110 million US customers.

"Recommended For You"

Data protection, the law and you Irish loyalty card provider hit by major cyber attack