This post is a follow up on today’s #DataKnightsJam happening on twitter. Today’s subject was data quality and data privacy.
Diversity in data quality is a subject discussed a lot of times on this blog.
So I want to share a real life example of a good upstream get it right first time data sharing approach that might compromise privacy thresholds in other places.
The image to the right is the data entry form from a Swedish webshop used for customer self-registration. The main flow is that:
- You type your national ID (personnummer in Swedish)
- You press the following button
- The system fetches your name and address data from the public citizen hub
- The webshop gets an accurate, complete single customer view
The webshop www.jula.se sells tools for home improvement.
Thats a good technical solution for the purpose of allowing online self-registration. Its simple and easy. I assume that as long as you know the person number then everything works well. In this case, its a simple retailing service and the risks, should something go wrong, are small.
However, if the service for which someone was registering was of high value (maybe applying for social security benefits or a passport) then the risks of getting it wrong are much greater and this particular solution is probably no longer suitable. A useful principle is: “If you want more, you have to give more”. If I knew someone else’s person number, I might be able to apply for things in that individual’s identity. They probably wouldn’t like me claiming benefits or travelling internationally in their name. So building robust procedures to verify that the person registering is in fact the same identity being claimed is an important step for enrolment for high value services.
But the example you have shown is a great example for that low risk transaction.
Thanks Wayne. Exactly. Some webshops require you also enter some more. I have also worked with similar solutions in Denmark where it’s required by regulation that you enter some more. For high value interaction with public sector, banks and so there is a digital signature system in place.
The Swedish personnummer is definitely a powerful mechanism for enabling enterprises to ensure that they enter consistent personal data about Swedish citizens.
However, its use in this example highlights some serious design flaws on this input form.
The first of these is that, because it is a mandatory field, this enterprise cannot do any business with people who do not possess a personnummer.
The next major flaw is, because all of the fields are input fields, the data that the personnumber retrieves from the national citizen hub can be overwritten with, potentially, incorrect data.
Bad design is one of the major barriers to data quality when creating data.
The most common design errors occur as a result of bad designers and programmers, who see it as their role to severely restrict what people can enter.
Good designers and programmers, on the other hand, see it as their role to enable people to easily enter the correct data and provide them with a full set of tools to enable them to do this in the easiest possible way.
This is a subtle, but crucial difference.
Thanks again for the post, Henrik.
Thanks John. My guess is that this design is deliberate. They only want to do business with people in Sweden (where you can’t exist without a personnummer), and they may be OK with that you change your name to your nickname and your delivery address to a delivery point near your cottage placed on one of the thousands of small lonely islands along the Swedish coast.
Interesting example Henrik. It would never happen that way in Ireland as our laws restrict the uses that our PPSN (social insurance) number can be put to.
But from a Data Protection perspective, as this is the standard practice in Sweden, the access to the central data hub is probably well governed by laws re: its use.
Jula also has a reasonably transparent and easy to follow Privacy Statement in their Terms and Conditions. (http://www.jula.se/kopvillkor/ -thanks google for the translation)
So, there is a balance being struck between the rights of the individual to their privacy and the needs of the organisation to process data. Having to think about the Data Protection/Privacy implications gives Jula a good opportunity to improve Data Quality and related procedures… such as knowing that you get heavy duty hardware items delivered to your island cottage not your city apartment.
Re: John’s point about bad designers restricting what people can enter, I agree. And understanding the legal/cultural issues around privacy can help the designers decide what information will be captured when (or at all) and what needs to be mandatory or optional.
Human beings are a funny species. If you tell me I have to provide you with information I’ll wonder why. If you give me an empty field and say “fill it in if you want to”, people will tend to fill it in… we hate empty spaces but we hate feeling like we’re not in control.
Daragh, thanks for weighting in. I know this is your area of expertise.
Thanks for posting this example, Henrik.
I am not sure that this would work in the United States, where the equivalent would be asking for our social security number.
The US doesn’t have a citizen registry and concerns about identity theft (which I have been a victim of) would probably prevent anyone in the US from using such an interface.
Is identify theft not as prevalent of an issue in Europe?
Well Jim we have all kinds of thieves in Europe including Scandinavia as well and I have also heard of identity theft here. If identity theft is easier or more difficult with widespread use of a national ID I am not sure. If someone used my national ID I guess I will be aware very fast as many things are connected to it.
Are you automatically notified of all activity connected with your National ID?
And how difficult is it to prove identity theft is a fraudulent activity?
Jim, there is no automation on every activity and sure the discovery will depend on the circumstances.
I have no experience in how to prove an eventual theft. It is not a situation you hear about all the time, my feeling is that it doesn’t happen too often, but I have no doubt it’s a very unpleasant situation when it happens.
I think I’ve read this posting 5 times now and along with the posting about your grandchild’s personnumber I think the implementation of this form and your country’s personnummer is fantastic. I’m going to pretend in my own little world that my friend Henrik was the person who championed this effort.
To Jim’s point, I’m wondering how something like this might be implemented here in the states. ID theft is really common here, but perhaps we’ll figure out a way to make this safe, perhaps using something like what the company called “bill me later” does, where it builds you a unique “pin” number (kind of) by concatenating dates of birth with a portion of US ID number (SSN). So, instead of a numeric value (surrogate key), you’d need to know two things (composite natural key) to “trick” the system and use it.
Still mulling this and will probably end up reading this a few more times!
Rich, thanks for commenting. That’s what we all hope for, isn’t it: Recurring blog visitors (and recurring customers).
On a serious note: We people get used to what’s the way of doing things in our town, region or country.