Customer Experience (CX) & Privacy
- TYPE: Combined Session DATE: Tuesday, November 28, 2017 TIME: 15:00-16:00 LOCATION: New York
The combination of Identity & Access Management and Customer Relationship Management continues to be a core element for any digital business. Because of all the different data sources, Customer Identity & Access Management (CIAM) needs to be secure, clear and user-friendly at the same time. This combination must be taken seriously to provide a smooth Customer Experience (CX) and to guarantee that every consumer can control the access of his personal information. This panel will discuss what is important for good User Experience and how you can create it without getting trouble with privacy regulations.
While today’s connected world undoubtedly brings with it an extensive range of opportunities and benefits, the sheer volume of identification information that is now shared is cause for concern as it is vulnerable to misuse. For example, personal details can be sold on to other companies to be used for soliciting and to track an individual’s movements. If it is not protected appropriately, this information can be susceptible to unauthorized third party access for malicious use.
Compliance with data protection legislation is not just a matter of best practice; the penalties for non-compliance are serious – and are about to become a lot worse. As an example, with fines of up to 4% of global annual turnover proposed, the new EU regime will put data protection on a par with anti-trust and anti-bribery sanctions*.
In addition, the introduction of multiple applications on the same device has implications on privacy as different applications have different privacy and security needs. For instance, applications stored on a mobile device may share access to the Secure Element (SE) but have different access rights. This presents a complex situation as strict rules need to be implemented to ensure different policies can coexist without the whole platform reverting to the privacy level of the application that requires the least protection. This is important as information leaked by one application in a trusted device will be used to compromise the privacy of the device itself. The challenge the industry faces is to keep the information stored on the device secure and increase control on data that is sent to or used by a third party or service provider, for example, without it being access intentionally or unintentionally by an unauthorized party.
Each market sector has defined specific criteria and associated Privacy Impact Assessment templates that are adopted to their own domains. GlobalPlatform – as a neutral entity – has taken the decision to develop a cross-market solution with the possibility to define different sets of criteria as required.
As an international, industry association, GlobalPlatform is in a privileged position of being able to draw on expertise from multiple markets to enable it to understand the needs and regulatory requirements of a variety of market sectors in regards to privacy.
Within this presentation, GlobalPlatform will introduce its strategy to help the digital service market to grow with new tools to easily manage privacy rules and regulation. It will also explain how the Consumer Centric Configuration positions end user consent as the corner stone of the management of the SE.