SASSA controversy and “creepy” data


sassaMany South Africans will be familiar with the recent controversy over the renewal of the Net1 contract to pay social grants.

I prefer not to engage with the merits of the Net1 decision – ultimately the I do not have access to the facts. The realities of whether an alternative could have, or should have, been found, and whether this alternative would have been able to deliver the required service are complex, and I am not able to make this judgement.

Last week, I posted a fascinating lecture by Professor Thomas Lumley, in which,he highlights how data management issues affect data scientists.

One issue that he raised, that of so-called “creepy” data, is relevant here. Prof Lumley discusses how the use of data to analyse customer behaviour, or preferences can creep customers out. Too much insight can be counter productive, as consumers may be alarmed by your knowledge of them as discussed in Does poor big data governance make you a Target? Prof Lumley suggest, as I do, that data scientists must consider whether their use of data is ethical, and whether insights derived may offend or upset the target market.

How is creepy data relevant to the SASSA / Net1 decision?

A key issue raised by the opponents of Net1 are allegations that the company abuses its position, and access to grants data, to sell products such as micro-loans and insurance.to grant recipients.

Net1 claims  not to use the data nor its position to market to grants recipients. But, as per the Daily maverick article referenced above, the company in fact derives nearly 80% of its revenue from financial services products sold only to grants recipients, and delivered via the Grindrod bank accounts that grant recipients are required to open in order to receive their payments.

The Constitutional Court ruling, ordering Net1 to continue to delver the payments service in the interim, specifically addresses this concern ordering:

6. SASSA and CPS are directed to ensure payment of social grants to grant beneficiaries from 1 April 2017, for a period of 12 months, on the same terms and conditions as those in the current contract between them that will expire on 31 March 2017, subject to these further conditions:
6.1 The terms and conditions shall:
(a) contain adequate safeguards to ensure that personal data obtained in the payment process remains private and may not be used for any purpose other than payment of the grants or any other purpose sanctioned by the Minister in terms of section 20(3) and (4) of the Social Assistance Act 13 of 2004; and (b) preclude anyone from inviting beneficiaries to “opt-in” to the sharing of confidential information for the marketing of goods and services.

It is important to recognize that this ruling impacts both the data provider (SASSA) and teh data consumer/ service provider (Net1) and that both parties are required to provide these safe guards.

Abuse of personal data carries risk

The ruling doe snot explicitly find that Net1’s use of data to date has been illegal but orders that similar behaviour will be illegal going forward.

The financial implications are significant – Net1 makes 79% of its revenue through services delivered to the poor.

The reputation of net1 shareholder, Allan gray, has also been impacted. The company has been forced to do damage control, reassuring the public that it is not unfairly profiteering through the investment – as outlined here.

Allan Gray COO, Rob Dower: “If Net1 doesn’t use the grant data to improperly sell financial products to the poor, then the difficult question that remains is whether it is bad or wrong to sell financial products to the poor at all and / or to allow poor people to pay for these from their bank accounts.”

The Protection of Personal Information bill will increase both the visibility and the potential penalties associated with the improper use of personal data.

Yet, this judgement shows that consumer’s right to have their data protected and used fairly are already entrenched.

Companies need to clearly define their ethical and legal obligations to protect data, and ensure that both operational and analytical use of this data meets “fair use” tests if they are to avoid similar risks.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s