Last month's legal hammering of a leading tenancy database operator by the Federal Privacy Commissioner was a warning that could propel large enterprises to clean up their data. Julian Bajkowski reports.
It may have been a long time coming, but when Federal Privacy Commissioner Malcom Crompton finally cast judgement on the first enterprise to fall seriously foul of his office, the results were not pretty. Within hours of the announcement, the media spotlight was cast on the operations of TICA, a database business that runs a tenancy reference agency aimed at the real estate industry.
While much of the publicity centred on the high fees TICA charged tenants to access their own records, the Privacy Commissioners finding went out of their way to put businesses on notice that lax attitudes to customer data accuracy will no longer be tolerated.
Head of law firm Gadens intellectual property and technology division, Andrew Perry has watched the case closely and notes that the recent ruling has implications for the IT departments of sectors far broader than real estate. Perry told Computerworld that the TICA case formed a precedent and now opened the door for either individual or class actions against businesses that hold or distribute inaccurate data on individuals - with the potential for damages.
"[This determination] gives strong guidance to the financial, credit reporting, health and recruitment sectors. These are areas where particularly sensitive personal information is held," Perry said, adding personal information held on people in databases needs to be portrayed accurately.
"If you are categorising [personal information] on people, you have to be very careful that those categories are accurate. If you start putting people into categories that don't fit, that is misleading and people could take an action based on that, Perry said.
As for what penalties could apply to breaches, Perry said that damages payments are presently uncapped and can also take into account "injury to feelings or humiliation".
"If that's a [lease application] for commercial premises [rejected on inaccurate data] that can be very significant," Perry said. More significantly Perry noted that despite the Privacy Commissions' determination being based on a class action brought by The NSW and Queensland Tenants Unions, individuals are still able to pursue individual claims against TICA that may result in compensation.
Doing the laundry
At the other end of the dirty data spectrum are bespoke data laundry firms which specialize in auditing, validating and washing certain sorts of customer data. In the case of where people live, address laundering firm QAS is doing brisk business matching corporate databases against Australia Post's gargantuan Postal Address File (PAF) - which holds some 10.7 million addresses and is continuously updated.
QAS national sales manager Bryn Hughes is more than happy to concede that there is still a lot work to be done scrubbing addresses into shape for enterprises.
"We provide a wash against a [mailing list address]. It's a data hygiene test. Most businesses have 60 to 65 percent address accuracy. I've seen customer data [at its worst] that was 28 percent accurate. That's [an error margin] of 72 percent," Hughes says.
As for how dirty data gets into the system, Hughes is quick to point to human rather than data translation technologies. "Organizations are running with bad addresses in databases because of bad input. Bad input comes from all areas. [With] form-based registration on the Internet, a consumer may enter the wrong data without any validation or cleansing. A consumer's [writing] skills may be lacking, so that goes straight into the database and may find its way into all sorts of [applications]. Billing systems, marketing, you name it," Hughes said.
Delving further into how such errors occur, Hughes observes that even Australia's cultural diversity can influences address errors.
"There are very complicated addresses. People have different accents and ways [of pronouncing a place]. Australia is a multicultural society [which adds complexity to address data]. There are names like Woolloomooloo, Woolooware, Yackandandah," Hughes said, adding that even he is unsure of the correct spelling of such places. "[The point is] a customer service representative in a contact centre may well have a different interpretation [of what the customer is saying]," Hughes notes.
Moreover, Hughes asserts that attempts to impose new technology on data sets with poor integrity are doomed to failure. "The failure of many CRM projects has often not been about bad technology but bad data. You can have the best [CRM] technology in the world, but if you feed it garbage you will still get garbage. With first-time bills or transactions it's absolutely critical to get that [customer data] right. Consumers now expect that.
"The Privacy Act highlights that businesses have a responsibility to keep records and data accurate and up to date. That's [clearly stated] in the Privacy Principles. Organisations have to show signs they are using accurate data and have the measures to do that," Hughes said.