Analytical assessment made possible thanks to the testimonies of Jean-Christophe Procot and Hervé Commerly, Human Resources experts from Wavestone. 

This blog post is a part of a series of articles which is itself the result of a synthesis on Privacy at the digital age published on our website. 

How is the concept of privacy between employees and employers perceived?

It is a concept that has changed significantly over the last few years. The privacy concerns of employers about their employees is that they often do not devote enough time to their work. For employees, the notion of privacy goes hand in hand with flexible working conditions such as flexible hours, reduced surveillance and teleworking arrangements. Employees also value a limit on the amount of information that the employer can gather about them. On the basis of this concept of privacy and to improve employee privacy, employers increasingly seek to support employees in their personal lives through well-being services such as laundry and daycare services, company restaurants and complementary insurance. However, providing such support also requires that the employer knows more and more about the private life of employees, such as the composition of their family and eating habits linked to religious beliefs.

What explains such concerns?

It should be understood that employers are increasingly interested in collecting data to improve understanding of their employees. Employees are increasingly reluctant to communicate this information, especially the younger workforces. Employers wants to retain their employees for longer, facilitate their decision-making and help them to perform more effectively and efficiently in the professional and personal lives. The employer collects such data not directly communicated by the employee themselves but from third parties, such as social networks, previous employers, managers, and data inputs from work tools. Both employees and customers are concerned by this development. It would almost say that, by definition, employees suspect employers of attempting to monitor their every move. The employee is then left to wonder how it is possible to retain control over privacy if employers collect all this information about them, not necessarily provided by the employee themselves, leaving them powerless if the employer chooses to correlate data for making decisions about an employee, unbeknown to them.

Do you have an example of a recent project which echoed such concerns?

The plan of the French government plan to introduce a tax withheld at source. An employee’s salary withheld is an example of this. The aim is to simplify an individual’s life by avoiding deferred payments which can lead to difficult situations. For example, tax collection methods for the state can be improved with a reduction in income set by the employer as an indication that an employee is no longer able to pay the tax rate of the previous year. However, citizens are quick to express concerns about the information their employer holds about them. As well as financial information, a tax return can contain additional private information such as marital status, children, ancillary income and any assistance provided to persons with difficulties. The objective should be therefore to ensure that the purpose of the data collected will be limited to tax purposes and that access to such data will be controlled. The employee wants to ensure that his or her data will not be used for any purposes other than that previously agreed to, such as modifying a salary due to learning the employee’s ancillary income.

What developments have taken place in human resources management that will impact the protection of personal data?

Several major trends have emerged:

• Big Data in recruitment activities, particularly sourcing, which should be supervised in order to ensure legitimacy when collecting data;
• The multiplication of decision-making for career managers (for example, the creation of succession trees or the identification of key personnel) for automated decision-making, a sensitive topic for regulators;
• Mobility, with an increasingly frequent introduction of new professional mobile terminals which do not facilitate the separation between the data produced in private settings and data produced in professional settings. The question of the “right to disconnect” is also alluded to regularly.

Cet article The evolution of the Human Resource management: what are the impacts on personal data protection? est apparu en premier sur RiskInsight.

Analytical assessment of a concrete project within the mass retail sector, made possible thanks to the testimony of Armand de Vallois, Consumer goods & distribution expert from Wavestone.

This blog post is a part of a serie of articles which is itself the result of a synthesis on Privacy at the digital age published on our website. 

What changes have occured over the last few years in the mass retail sector?

Over the last decade, we have shifted from a distribution model focusing on costs and volume to a model based upon understanding our customers. Mass distribution is thus a thing of the past, as it completely overlooks the interests of the customer relationship. Nowadays, our model gathers and stores knowledge about our customers, allowing us to develop closer proximity with the customer and loyalty programs which support the frequency and consistency of their purchases.

How should organisations handle such changes?

In recent years, awareness by business stakeholders of the opportunities that come with the high potential of customer data has increased. Nevertheless, resources must be used wisely in supporting the efforts of organisations to get closer to their customers. Data must be collected, handled and reconciled against frameworks which correspond to customer expectations and regulatory requirements. For example, the “opt-in” option is a good way to ensure that customers are well informed and accept the collection and processing of their data. Increasingly, rewards are used as a means for encouraging customers to accept the disclosure of their data. However, this model has its limitations. It is essential to ensure that services are of interest to customers and contribute to the ease of their lives, as well as ensuring that individuals have agreed to provide their data.

Do you have some examples of projects which created apprehension?

The introduction of RFID chips (integrated technology which enables the identification and follow-up of objects or people) in electronic tagging is a good example. Many projects have been launched in the textile industry based on optimising production costs, inventory automation in stores and warehouses as well as the ease of chip insertion into clothes. It is crucial to have real-time knowledge of stock levels and to have reliable information in an omni-channel context, where it is increasingly common to see online purchases made ahead of in-store collections. RFID chips can also contribute to data production based on customer journeys and the actual product itself, for example calculating ratios to record the number of times a product has been tried on in a fitting rooms compared to successful purchases of that product. This type of information is essential in the context of fast fashion in the textile industry. However, such chips are also a cause for concern. For example, salesmen can “potentially” connect a customer to a product (the RFID chips use unique identifiers) and track their activity over the duration of their shop visit (the chipset remains activated).

How did you adress these concerns?

We implemented what we call “Privacy By Design”, which goes beyond strict principles regarding chip use (identification and follow-up of products, not customers) and incorporates several other principles:

• A visible marker showing that clothes are equipped with a RFID chip
• Training sales teams so they are better qualified to respond to customer queries, such as informing customers that chips may be removed by cutting the tags attached to a product, a service offered in stores, or declaring that the company in question will never connect a customer and a chip
• Dedicated webpages for communicating all information required to understand the chip and the data it collects

These are some examples of best practices which are applicable to all projects involving the treatment of sensitive data. We must lead by example when handling and informing individuals about how to handle such data. It is therefore crucial to reassure customers and answer their questions so as to anticipate and alleviate their concerns.

Cet article Privacy and Digital Transformation: the retail relies on a Trust policy est apparu en premier sur RiskInsight.

This blog post is a part of a series of articles which is itself the result of a synthesis on Privacy at the digital age published on our website. 

Many projects aim at digitalising business processes and customer relationships in order to optimise existing processes, introduce customer proximity or offer new services

The following examples, based on Wavestone’s consulting experience, illustrate such trends. Historically, postmen, meter readers and service technicians have worked with paper (address databases, meter-reading or maintenance documentation). Work is organised according to the tasks to be performed and can usually be operated alone and independently throughout the day, before information is collected and consolidated at the end of a work shift.

The dematerialisation of such paper-based processes is intended to help organisations or agents in their activities by collecting data, better organising the work to be performed and sequencing tasks. This digitalisation process occurs in different sectors for specific purposes. For example, in the energy sector, smart meters create innovative opportunities around energy saving and fraud management through the collation of consumption data. In the insurance sector, accumulating data on customer preferences enables the personalisation and customisation of services and the development of additional offerings.

Such developments require the collation and manipulation of masses of personal data.

Cybersecurity alone is not sufficient for protecting digital privacy

To protect personal data so crucial to the digital market, organisations will pursue cybersecurity measures, such as secure transfer protocols or data encryption. However, we may question if such measures are sufficient, while concerns over data misuse, profiling and automated decision-making intensify.

An IT security-oriented approach alone is not sufficient. To address the fears over the respect of privacy, it is essential for organisations to reassure individuals by guaranteeing the non-manipulation of data without their prior knowledge and against their will.

Four Major Principles

The following guiding principles are to be applied in the collation and use of personal data

1- Communicate transparently and explicitly,

informing individuals on the data that is collected about them even if not directly obtained from those concerned. Our survey essentially illustrates this meaning of privacy to citizens: what kind of information is accessible about me, and to whom? It also means sharing the reasons behind data collection and the intended usage. Under no circumstances should data be collected without the purpose of collection disclosed to the persons concerned. Recent sanctions from regulators have illustrated that such activity is always exposed in the media, with heavy reputational impact and lost customer confidence often the damaging consequences. Building a relationship of trust takes years, whereas losing it only takes minutes.

2- Minimise the collection and storage of personal data

Less data collected about an individual means a lower risk of unauthorised and non-compliant use. For existing data, it is possible to process data while minimising risks through the use of “declassifying” techniques such as anonymisation, pseudonymisation (replacing direct identifiers with “codes”), randomisation (randomly generated data which retains the statistical value but conceals the origin) or generalisation of data sets.

Regarding data sharing and exchange, mathematical methods facilitate the exchange of data between two organisations, whilst ensuring data anonymity. When selecting such methods, it is important to assess their limitations. A poorly executed “sensitivity reduction” can still directly lead to the source of original data. For example, this can involve deleting the name but keeping the date of birth, place of birth and address.

Such methods enable organisations to optimise the customer relationship in two ways: by providing a better understanding of the digital customers’ profile and by demonstrating respect for customer privacy. This is the path chosen by Apple through the concept of differential privacy to differentiate from competitors Google and Microsoft.

3- Ensure individuals are in control of their personal data

not by generating value through the access to data, but rather by providing individuals with control over their data, allowing services to develop based on their needs.

This approach, labelled “self-data”, can be applied in the context of an energy consumption optimisation project, an example of which is to ask customers to indicate the temperature in their homes to record the potential cost savings associated with heating reduction. An individual will then be informed of the potential cost savings by autonomously using and managing a self-data Cloud platform, connected to his personal equipment to enable the cross-analysis of data through consultation of his digital thermometer and energy bills.

Use cases for self-data are also subject to research in the insurance sector, with some insurance companies contemplating the complete removal of client spaces to instead install them on self-data Cloud platforms. The insurer will then have access to the data belonging to his client but is no longer in ownership of that data. Beyond self-data, such trends may even lead to the “Green Button” mechanism where individuals explicitly validate access to their data at any time. This principle, albeit difficult to implement in practice, can be restricted to particularly sensitive data, such as health data.

4- Implement a win-win model

by clearly demonstrating the benefits generated by collecting and using data, not only for the organisation but also for individuals. Such benefits can be shared with customers through various means, such as additional services, rebates and compensation.

This approach may even drive the ease in adoption of new uses in an environment where increases in market share carry significant impact.

Ultimately, we are able to identify several levers in motion for building an honourable circle of trust when using an individuals’ data with respect and for the purposes of increasing the level of confidence.

Cet article Privacy within the digital transformation: four major principles est apparu en premier sur RiskInsight.

Les réformes publiques, moteur de la transformation digitale des collectivités territoriales en France

Tirées par des réglementations et une dynamique imposant à la fois une maîtrise des dépenses publiques et un renouveau dans la relation avec l’usager, les collectivités territoriales sont bien engagées dans une révolution numérique. Celle-ci s’accompagne d’une transformation profonde du service public de proximité visant à générer des économies tout en créant de la valeur, comme en témoignent les initiatives autour de la Smart City. Au-delà d’une simple informatisation, c’est une véritable optimisation qui s’opère, dans laquelle le digital joue un rôle central : améliorer l’efficacité des services existants, développer la transparence et favoriser les démarches participatives des citoyens.

Force est de constater que le large spectre de compétences des collectivités laisse toute sa place au numérique. Gestion  de l’état civil, de la voirie publique, mobilité et organisation des transports, collecte des déchets, distribution de l’eau et de l’énergie, enseignement, culture, patrimoine : nombreuses sont les activités pouvant tirer profit de cette modernisation, et notamment de l’internet des objets pour la gestion de l’éclairage public, de l’information urbaine ou encore de la signalisation. Si les outils collaboratifs et la dématérialisation des documents et des processus arrivent en tête des projets numériques des collectivités, encouragés notamment par l’obligation de dématérialiser les factures à partir de 2017, les enjeux d’attractivité du territoire conduisent de plus en plus les élus à investir dans les outils d’analyse et de surveillance du territoire (monitoring urbain), de services aux usagers et de modernisation des infrastructures.

La transformation numérique territoriale : un écosystème diversifié

À l’intérieur des collectivités territoriales tout d’abord, si la révolution numérique fait passer la DSI des collectivités d’un centre de coût à un rôle de créateur de valeur, elle n’est pas le seul acteur de la transformation locale. La direction de la communication est depuis toujours son interlocuteur privilégié, tout particulièrement en ce qui concerne la stratégie d’information des usagers. La direction financière n’est pas en reste, comme nous l’avons observé précédemment, avec les nombreuses dématérialisations en cours (dématérialisation des échanges avec le trésor public) et à venir. Dans certaines collectivités, on voit même s’ouvrir des postes ou des directions de la transformation numérique, sans que ses membres n’aient nécessairement toute latitude pour mettre en œuvre une stratégie propre. En interne toujours, les Directions métiers ne sont pas en reste, et surtout la direction des relations usagers, véritable partenaire de la DSI qui dispose d’une expertise en matière de parcours et de profils usagers. Se développe ainsi une approche de plus en plus transversale pour piloter la stratégie de transformation digitale.

Certaines compétences des collectivités territoriales sont également historiquement déléguées à des acteurs privés ou d’économie mixte. Il s’agit en particulier des services de transports, de la distribution d’énergie (gaz, électricité), de l’eau ou encore de la collecte des déchets. Ces opérateurs participent donc activement aux mutations profondes du territoire et expérimentent même à l’échelle locale des projets innovants pour améliorer leur qualité de service et accompagner le besoin de transparence, les nouveaux usages et les nouveaux canaux digitaux. C’est le cas par exemple du groupe EDF qui au travers de son expérimentation Smart Electric Lyon équipe les clients volontaires de compteurs communicants dits « intelligents ».

Enfin n’oublions pas le citoyen lui-même qui grâce aux objets connectés prend un rôle d’acteur de la ville intelligente et rentre dans une véritable démarche participative. S’il est consommateur de l’information mise à sa disposition, le citoyen peut également produire de l’information partagée et créer de la valeur ajoutée, qu’il s’agisse par exemple d’indiquer la présence éventuelle de trous dans la chaussée – informations agrégées dans des plateformes de crowdsourcing – ou encore de proposer à la collectivité un service de covoiturage. Si beaucoup s’interrogent encore sur l’existence d’une véritable e-démocratie, les technologies numériques et les supports mobiles viennent sans nul doute décloisonner les données et faciliter l’implication citoyenne.

Cartographie du territoire en temps réel et analyse prédictive

Petit à petit, un nouvel acteur émerge dans ce paysage. Il s’agit des start-ups dont les solutions applicatives et les objets connectés aident les collectivités à optimiser l’exploitation des réseaux : mesure des débits et de la qualité de l’eau, du bruit, du remplissage des poubelles, connaissance quasi-instantanée des données de consommation énergétique, gestion des réseaux urbains multimodaux…

Si ces capteurs permettent de visualiser et de piloter l’état réel des flux sous forme de cartes et de tableaux de bord personnalisables, l’intérêt des collectivités locales se porte de plus en plus sur l’analyse de ces données et la construction de modèles prédictifs. Toutes les administrations publiques collectent en effet des milliers de données structurées qui pourraient être mises à la disposition de tiers pour le développement de nouveaux services aux citoyens et l’amélioration de la qualité de vie. Comme en témoigne le projet de loi Touraine dont l’article 47 sur l’ouverture des données de santé au public a tant fait débat, cette diffusion de l’information (Open Data) pose cependant des contraintes juridiques dans un cadre contractuel restant à définir, et se heurte à la volonté des pouvoirs publics de conserver le contrôle des données sensibles.

L’avènement de la Métropole, et avec lui la rationalisation de la gouvernance sur le territoire, devrait cependant ouvrir la voie à de nouvelles initiatives dans ce domaine et faciliter le passage d’une démarche d’expérimentation opportuniste à la mise en œuvre d’une véritable stratégie locale de transformation digitale. Au-delà, l’État doit devenir le véritable chef d’orchestre de la révolution numérique en cours, et un organisme pourrait même être créé à l’échelle européenne, pour gérer les politiques d’ouverture des données des différents pays de manière plus uniforme.

Cet article Collectivités & digital : think global, act local est apparu en premier sur RiskInsight.