Read the Q4 2018 dilemma
This ‘Grey matter’, published in the Q4 2018 print edition of The Review, looks at what happens when a lack of understanding about new technology leads to unexpected problems.
Suggested solutions and results
- All the data collected by the app should be deleted, and a message sent to clients noting that there was an unexpected technical glitch, no erroneous data will be retained, and that clients should delete the app. The survey questions should be sent out again by post. (19%)
- Each client must be informed immediately about exactly what data has been accessed. These responses should be tailored to each client, especially for those who clicked ‘yes’ to the pop-up, therefore giving consent for the app to access their wider personal information. (29%)
- All personal data should be deleted, even if the client consented to the pop-up request, but the responses from the survey questions can be kept in the client folders, especially since they can be used to improve customer service and fix small problems. (4%)
- The responses to the survey should be anonymised. Where consent was given, some personal information obtained by the app can be used. However, the information should only be used for its intended purpose, and its use should be reasonable and proportionate. Any unnecessary information should be deleted. (48%)
Responses received: 248
The CISI verdict
With the launch of the EU General Data Protection Regulation in May 2018, the use and collection of customer data is a key consideration for many businesses. The key issues in this case are a) it is unclear whether clients realised their responses were not anonymous and b) some irrelevant data has unintentionally been collected.
The most popular choice is option D, but if there’s any confusion about what clients have agreed to, they must be told what information of theirs has been accessed. Option B is also not appropriate because, as one respondent said: “Option B … involves identifying the personal information accessed, [and] is much more likely to compromise confidentiality than option A.”
Our recommended option (option A) is in line with this.
It is too complicated to separate which clients consented to their response being attributed to them and which clients consented to the app accessing information from their phone. Additionally, this exercise would most likely narrow down the groups of respondents so much that it would be possible to identify responses provided by individual clients.
Should you wish to suggest dilemmas for future editions, please contact us at ethics@cisi.org