Striking the right balance on using data

The post-COVID-19 world is set to be more digital but, with growing concern among Australians when it comes to the collection and use of their personal data, businesses need to rethink how they collect, store and exchange information.

Australians are increasingly questioning data practices where the purpose for collecting personal information is unclear. Indeed, more than 80 per cent of Australians consider ‘‘an organisation asking for information that doesn’t seem relevant to the purpose of the transaction’’ to be mis-using that data, according to the Australian Community Attitudes to Privacy Survey 2020, published by the Office of the Australian Information Commissioner.

And almost 60 per cent of Australians have experienced problems with how their personal information was handled in the past 12 months. The majority of complaints involved unwanted marketing communications or having personal information collected, with or without consent, when this was not required to deliver the service.

New standards are emerging that focus on establishing trust in order to deliver a safer and more transparent data-sharing ecosystem, such as W3C’s ‘‘Verifiable Credentials’’ standard for portable credentials to verify and issue important documents and data in a digital wallet. This includes the ability to prove cryptographically that a credential is authentic and has not been altered.

With organisations looking to reduce the handling and exchange of physical paperwork in a COVID-safe work environment, one case for using portable credentials is the ability to store education, training, professional development, registration and certification details for professions such as nursing. Higher education providers around the world are developing standards to make this possible.

Benefits for nurses include the reduction of administrative back and forth for verification of important information — making it faster and more convenient to verify qualifications in real time, confirm employment information and undertake background checks. All while retaining greater granular control of the access and sharing of information.

Meanwhile, benefits for the nurse’s employer include easier document authentication, simplified onboarding, faster placement times and improved compliance while decreasing compliance costs. All of this helps minimise organisational risk.

The same technology can assist consumers in securely managing key documents and data from different aspects of their life, with a consent layer which lets them control what they share, who they share it with and how long access is available.

This can assist consumers when digitally interacting with employers, financial institutions and healthcare providers – particularly in an age of reduced face-to-face interaction with a greater reliance on tools like video conferencing and telemedicine.

Banking apps are already beginning to incorporate secure portable credentials features, creating a digital safe where customers can store information that isn’t accessible by the bank unless they choose to share it. Such features can also take advantage of open banking.

The underlying technology also allows these organisations to provide the necessary rights to customers and track compliance for regulators, with the introduction of data access and privacy regulation such as the General Data Protection Regulation (GDPR), Payment Services Directive (PSD2) and Consumer Data Right (CDR).

As the world continues to struggle with the impact of COVID-19, the technology can also be used to issue immunisation passports.

For the digital economy to flourish, there needs to be a balancing act between businesses engendering trust and digital citizens ensuring their rights are observed, says Katryna Dow – founder and CEO of Australian digital privacy services provider Meeco.

A global leader in the collection, protection and permission management of personal data and decentralised identity, Meeco’s API platform and tools enable people and organisations to securely exchange and create mutual value from personal data.

‘‘If we want the digital economy to thrive, then businesses need to make sure that customer data is safe and secure, to ensure there’s trust,’’ Dow says. ‘‘Without that baseline of trust, many of these digital initiatives will fail to get off the ground.

‘‘This is where the consent layer is crucial, delivering a convenient user experience while ensuring that customers feel their data is safe and that they are in control of how their data is used.’’

This year, Meeco launched a developer portal to offer organisations access to tools, APIs and SDKs for developing customer applications. It is currently involved in a number of proof of concepts with iconic Australian financial services brands. Meeco is also the technology behind VELA Solutions, which will launch its Workforce Credentials service this month.

‘‘Granting employees and customers more control and choice over the collection and use of their personal information can give businesses a competitive advantage, as Australians become more concerned about issues like privacy and security,’’ Dow says.

‘‘Businesses that want to bounce back after COVID-19 need to be ready to tackle these privacy and security challenges, not just to meet their regulatory obligations but also to form that critical bond of trust with their employees and customers.’’