Grey matters ethical dilemma: Knowing your clients too well?

A lack of IT experience among staff at Financial Planning XYZ has led to a new app unexpectedly collecting customer data from their devices. Does this constitute a data breach, and what should Danni, the CEO, do next?

Grey matters

Danni is the founder and CEO of Financial Planning XYZ. She has always been adamant that knowing her customers is the key to her success, and it seems to have paid off. She now employs 56 staff members over three offices in Birmingham, Liverpool and Manchester, with more than 400 clients.

Every year, Financial Planning XYZ conducts a customer satisfaction survey. In previous years, surveys have been sent out by post, and clients have returned them anonymously. However, Danni and her executive team, consisting of the heads of the three offices, finance director and HR director, agree the business needs to modernise, and decide to develop an app which their customers can use to complete the survey and submit feedback.

Start-up firm, Easy as ABC, which specialises in creating apps for small businesses, is appointed to build the app. The most attractive part of their pitch was their simple ‘back-end’ platform, which they promise is simple enough for even a tech novice to use to edit content. Development progresses quickly, and Danni and her team are pleased with its intuitiveness for clients, its simple system interface, and especially its functionality of downloading survey responses directly onto the Financial Planning XYZ servers.

Once development and testing are complete, control of the app is handed over to Financial Planning XYZ, to finalise and input the customer survey questions.

Meanwhile, most of the staff at Financial Planning XYZ are busy preparing for the implementation of General Data Protection Regulation. So, the head of HR, Mike, suggests hiring an intern to assist with the app launch. This is agreed, and Sam is hired for a month. He is young, enthusiastic, and reassures Mike that he knows exactly what is needed, having assisted with similar data collection via an app before. 
Not only are the responses not anonymous, but each client’s response has been downloaded, in full, into their files

The app launch goes better than expected, and responses from customers start pouring in. But Danni is confused when Sam approaches her and asks what he should do with a couple of specific questions that have been received from Mr Smith. Danni asks how he knows the questions were submitted by Mr Smith, and Sam replies that the information has been saved straight into Mr Smith’s folder.

Danni is worried, and investigates further. She is dismayed by what she finds – not only are the responses not anonymous, but each client’s response has been downloaded, in full, into their files. Furthermore, some clients have clicked ‘yes’ to a standard pop-up asking if the app could access their camera role, contacts, and location services, and therefore some personal data has also been stored in their folders.

Easy as ABC explains to Danni that the download functionality was built in because they were told it was for a customer satisfaction survey, but this needed to be activated in the back end. It transpires that Sam, put in charge of inputting the survey questions, had selected to collect the full amount of data after Mike told him how important it was at Financial Planning XYZ to know as much as possible about their clients.

None of the clients have complained about being asked for permission to access their camera roll and location services. Although the app never said that the survey was anonymous, there was an option at the end to leave your name. Some clients did so, but most did not. Additionally, some clients clicked ‘yes’ to the pop-up but did not leave their name, and vice versa.

How should the firm handle this dilemma?

  1. All the data collected by the app should be deleted. A message should be sent to the clients from Danni noting that there was an unexpected technical glitch, no erroneous data will be retained, and that clients should delete the app from their devices. The survey questions should be sent out again by post.
  2. Each client must be informed immediately about exactly what data has been accessed. These responses should be tailored to each client, especially for those who clicked ‘yes’ to the pop-up, therefore giving consent for the app to access their wider personal information.
  3. All personal data should be deleted, even if the client consented to the pop-up request, but the responses from the survey questions can be kept in the client folders, especially since it can be used to improve customer service and fix small problems experienced by individual clients.
  4. The responses to the survey should by anonymised by deleting names and moving information from client folders into a central ‘survey’ folder. Where consent was given, some personal information, such as location, obtained by the app can be used. However, the information should only be used for its intended purpose, and its use should be reasonable and proportionate, and any unnecessary information should be deleted.

This dilemma appears in the Q4 2018 edition of The Review. The results of the survey and the opinion of the CISI will be published in the Q1 2019 print edition of The Review

All members, excluding student members, are eligible to receive the quarterly print edition of the magazine. Members can opt in to receive the print edition by logging in to MyCISI, clicking on My account, then clicking the Communications tab and selecting ‘Yes’.
Published: 05 Dec 2018
  • Integrity & Ethics
  • Grey Matters
  • GDPR
  • ethical dilemma
  • data breach

No Comments

Sign in to leave a comment

Leave a comment