Identity Resolution Daily

You may have heard the recent news that an Albertsons group is canceling their customer-loyalty card system. As with similar CRM deployments, the cards were mainly a way to collect customer data. However, according to Bob Colgrove, Albertsons Southwest division president, their aim in canceling the cards “is to give all the consumers in the marketplace the same great deals regardless of having to have a loyalty card” (quoted on RetailNet).

Presenting a compelling case, eWeek’s Evan Schuman argues that “the program got pulled because grocery managers weren’t bothering to use the data.” Schuman says that while many retailers love the idea of CRM data collection, few do much with it after installation. Then, when the business doesn’t see much ROI, they conclude that the CRM solution doesn’t work, and they pull the plug without really trying to figure out more effective uses for that collected data.

Richard Boardman says on The CRM Consultant that organizations shouldn’t even deploy CRM if there is insufficient executive sponsorship, insufficient financial and manpower resources available to run a long term program or instability within the business. The third element seems pretty obvious, but the first two got us wondering about how and why a lack of resources and support spells doom for CRM and all the data attached to it.

In a typical CRM deployment like Albertsons’, the amount of data is huge, and that volume means that the amount of waste is potentially huge as well. The reason for that waste (especially in deployments that lack the proper infrastructure) is that a lot of businesses still don’t have the tools to pull useful information out of their data. Maybe the data is just sitting in silos. Maybe it’s in several databases and in varying formats. Many companies see the resolution of that data as an overwhelming task, but it doesn’t have to be.

One way to extract that data is by using identity resolution software. It can resolve data across remote, disparate databases and turn it into manageable, usable information. By giving a real-time view of that data, it provides a cost-effective way to gain identity knowledge from the data. With CRM in place, you’ve collected lots of useful data; you’ve just got to put it to use.

Share This

[Daily Post from Infoglide Software] The many meanings of data in the retail industry

The hard part is then resolving those multiple instances into one, accurate identity. Thus, navigating the field of identity data is pretty tricky. A good identity resolution system then has to. . .

BusinessWeek: Big Business Knows Us Too Well

“Computer makers, media corporations, and telecommunication giants are assuming new roles as infomediaries, making money not only from providing information to consumers but also selling information about consumers.”

workforce.com: Patients Wary of Employer- and Plan-Sponsored Personal Health Records

“So far, the public has yet to embrace personal health records, or PHRs, in part because the main push to promote them appears to be from health plans and employers. The problem with this approach was illustrated by a 2005 California HealthCare Foundation survey, which found that 52 percent of the respondents were worried about employers using medical information to limit job opportunities (up from 36 percent in the 1999 survey).”

Share This

Well, OK this post isn’t about the meanings of all data in retail, but there are a few specific ways that data is being used that have special relevance to us. Specifically, an article by Cathy Langley, director of loss prevention analytics for Rite Aid, about data-mining and exception reporting got us thinking about how crucial data is in the retail industry and, tragically, about how not everyone with a database (or databases) makes the most of the data they have.

The article appears in this month’s Loss Prevention Magazine and uses a great metaphor for data stores as haystacks in a field full of haystacks.

“The pieces of straw making up each stack are the thousands of transactions generated by that store each week. Now, picture yourself standing at the edge of that field, and you have been tasked with finding the ‘rotten’ straws of hay.”

Langley’s focus is mainly on transactional analysis, but it translates well into several fields (pardon the pun) of data mining, including identity resolution.

Like a transactional analysis system, a retail identity resolution system requires a very specific architecture. If the metaphor of the haystacks is applied to identity resolution, many of the haystacks are actually the same person trying to fraudulently pass themselves off as another person. The hard part is then resolving those multiple instances into one, accurate identity. Thus, navigating the field of identity data is pretty tricky. A good identity resolution system then has to get access to each data source, apply the right decision-enhancing analytic algorithms and combine results from multiple databases to arrive at a coherent and credible decision.

Then, of course, you have to protect the data and make sure it’s used correctly, but not everyone puts enough emphasis on that part. A post on InfoWorld (citing a study by the Ponemon Institute) says that

“57 percent of [649 IT workers] surveyed said they do not believe that their organizations have taken adequate measures to protect [data] against insider threats, with 55 percent of respondents indicating that their organizations are not doing enough to stop data loss in general.”

That means that while it’s a great thing for retailers to start making the best use of their datastores, they’ve also got to put up measures making sure that only the right people have access to the data.

Share This

[Daily Post from Infoglide Software] Is privacy an issue of getting what you pay for?

In a broader sense, that brings up another interesting question: is privacy vs. security a balancing act or does it have to be a quid-pro-quo consumer market?

RSO:: Labor Management: Screen Once, And Again (And Again)

“The University of Florida’s National Retail Security Study suggests that 85% of retailers large and small currently execute some semblance of a background screen as part of the hiring process. Some execute background checks better than others though, with the best retailers integrating the task tightly with their overall recruiting and retention campaigns.”

Azstarnet.com: Gov. defends stance on DNA database

“The idea behind the database is to provide samples that police can compare with evidence at the scene of unsolved crimes. It is that database that concerns Rep. Kyrsten Sinema, D-Phoenix. That sample would remain there if the person were later acquitted — or never even formally charged — unless that person could convince a judge to remove it.”

Insurancenewsnet.com: The New Jersey Consumer Affairs Division Has Gone Too Far, Says PCI

“This legislation […] includes provisions pertaining to security freeze on a consumer report by consumer reporting agencies, breach of security, notification procedures when there has been a breach, and the proper destruction of records.”

Share This

Like lots of blogs, we wrote recently about the privacy vs. “cool-factor” of Google’s new Street View function. That post was more than just a snapshot of interesting new software; it was an open-ended question about how and when citizens are willing to compromise privacy for the sake of functionality or convenience. In a broader sense, that brings up another interesting question: is privacy vs. security a balancing act or does it have to be a quid-pro-quo consumer market?

For example, lots of people want “off” of Google Street View. They somehow came across their picture online, and contacted Google about getting it taken down. One of these people happened to be privacy advocate Kevin Bankston who works with the EFF, and he documented the entire procedure. However, Google’s requirements brought his campaign to a screeching halt.

To make sure you are who you say you are, Google requires picture ID, an affidavit, e-mail addresses and a statement of your association with the photo. Bankston says that what concerns him is that “there’s no apparent policy limiting Google’s use of the information I’m being asked to provide to them.” He worries that in protecting part of his privacy, he might unwittingly be giving up an even greater amount, most likely for marketing purposes. You can read a full account of his attempts on Privacy Digest or Wired. The sources also report that evidently Google has since revised its “take-dow” policy.

Does that mean that privacy has to come at a price? Probably, if a recent study by the Carnegie Mellon Usable Privacy and Security Lab (CUPS) is any indication. In a nutshell, it found that consumers are willing to pay a little extra for online goods and services if it means they get hassled less from data-buying marketers. CNET reports that test subjects “were willing to pay about 60 cents more for each $15 item purchased to protect their privacy.” The results indicate that we not only want privacy, but that we are willing to place a distinct monetary value on it.

Ideally, everything - privacy included - would be free. Since ours is a less than ideal world and things cost money, we want to know were our readers stand on the issue. Leave us a comment and let us know.

Share This

[Daily Post from Infoglide Software] Trouble with the Texas insurance database

“The delay is primarily because the proposed database, with records on the 16 million motorists in Texas, has yet to be put into action. However, the reasons behind the slow deployment demonstrate some common database concerns: avoiding false-positives and protecting individuals’ privacy.

Silicon.com: National ID Scheme an “essential defence”

“As well as these issues, a huge amount of personal information is now in the hands to private companies, potentially creating risk to borders, communities and individuals.”

PogoWasRight.org:: GAO: Health Information Technology: Efforts Continue but Comprehensive Privacy Approach Needed for National Strategy

“GAO recommended that HHS define and implement an overall privacy approach that identifies milestones for integrating the outcomes of its initiatives, ensures that key privacy principles are fully addressed, and addresses challenges associated with the nationwide exchange of health information.”

Yahoo! News: Govt pledges to reduce passport waiting time

“Harty acknowledged officials had failed to predict how many Americans would apply for a passport immediately once the new rules affecting air travelers — aimed at increasing border security in the aftermath of the September 11 attacks — took effect in January. Some 5.4 million passport applications were filed in just a few months, and extraordinary measures have been taken to try to cope with them, she said.”

Share This

Here in Texas, insured drivers spend “nearly $900 million a year to protect themselves against those without coverage,” according to a Terrence Stutz of the Dallas Morning News. Texas is trying to sniff out those 3-million or so uninsured motorists by creating a massive database, but it’s been slow going.

The delay is primarily because the proposed database, with records on the 16 million motorists in Texas, has yet to be put into action. However, the reasons behind the slow deployment demonstrate some common database concerns: avoiding false-positives and protecting individuals’ privacy.

Some potential good news for the Texas insurance industry is that those are great concerns to have. Jerry Hagins, a spokesman for the Texas Department of Insurance, said recently that “We don’t want people flagged for not having insurance when in fact they do.”

Those “flags” leads to false tickets or even arrests, and that leads to big lawsuits once the error comes into the light. False positives become an especially large concern since counterfeit insurance cards often make in-the-field verification tricky. One major aim of the database would be removing those fraudulent cards from play.

As we wrote about yesterday, one of the biggest factors in a database like this is the sheer volume of individual entries. However, one of the things that makes the data in a database like this one even more slippery is what Jeff Jonas calls “semantic reconciliation.” He explains that semantic reconciliation, the ability to determine that two entities are the same even though they are “described” differently, has to have perfect deployment even “before other analytical processes (e.g., statistical analysis, market segmentation, link analysis, etc.)”

The Texas insurance database (and similar ones in other states) has to be able perform identity resolution to determine - well - who is who. If it can, counterfeit insurance cards are less effective, there’s a vastly decreased risk of false-positives and the database will meet the “goal of at least 95 percent accuracy” that Hagins calls for. Based on the problems the media reports about the database, it seems that kind of data reconciliation is a long way from being ready.

Share This

[Daily Post from Infoglide Software] Got passports? Thoughts on identity resolution and high-volume data

It’s true that a rigorous data comparison can cause inconvenience and expenses, but consider the cost of a security breach. Which one of those costs are we more willing to pay?

Realtime IT Compliance: Medical Identity Theft and Bill Requiring Criminal Background Checks In LTC Facilities

“If signed into law this would require long-term nursing facilities and providers to perform criminal background checks on job applicants who would have direct access to patients. […] “disqualifying information” means “information about a conviction for a relevant crime or a finding of substantiated patient or resident abuse.”"

Baltimoresun.com: Flaws may hinder wider screening program

More than 17,000 employers have access to the [immigration] database - a fraction of businesses nationwide. But from October 2005 to September of last year, those employers executed more than 1.7 million searches of Social Security data.

Recruiting Trends:: Mission Critical: International Background Screening

“Because of the perceived difficulty in performing international employment screening, some employers have not attempted to verify international credentials or to perform foreign criminal checks. However, the mere fact that information may be more difficult to obtain from outside of the U.S. does not relieve an employer from their due diligence obligation.”

Share This

You’ve no doubt heard about the recent overload of passport applications the US is experiencing. You know: about how the government recently announced that passengers traveling to Mexico, Canada and parts of the Caribbean suddenly needed a passport? And about how that created a backlog of about 500,000 unprocessed passport during the height of the summer travel season? Now Congress wants to allow some people without passports (but who have applied for one) back into the country, and DHS thinks it’s too risky (according to Mimi Hall at USA Today). In response, the State Department issued a special accommodation for some travelers, but that hasn’t mitigated anyone’s anger yet.

In addition, lots of folks are upset because, not only can the State Department not process the regular requests any time soon, but people who paid for expedited requests aren’t getting their passports any more quickly. People have lost money because of plane tickets and reservations and time, and everyone wants to know what the hold-up is. Well, the hold-up is pretty obviously the 500,000 unprocessed passports.

OK, that may sound a little self-fulfilling, a little circular in its logic, but consider what’s involved (not to mention at stake). Just one aspect of processing passports, or any other internationally recognized identification, means comparing disparate data-sets to one another, and that is a huge task. Put another way, and to quote Jeff Jonas, “Data Happens.”

Jonas explains that

“Every organization has an ocean of historical data and with each passing moment new data continues to stream in via one channel or another. Different streams lead to different silos and these silos are organized to serve different missions… rarely are any two silos alike.”

The recent influx of 500,000 new data pieces (each with a variety of subsets) into the passport office’s already vast data-stores seems like an almost unswimmable “ocean” of data, to borrow Jonas’ metaphor.

More importantly, it illustrates the desperate need for a fast, efficient means of resolving identity over multiple platforms. It is a complicated process that demands rigorous scrutiny. In the case of these passports, the pursuit of national security has to fit within citizens’ expectations of privacy, and that’s an incredibly tall order. It’s true that a rigorous data comparison can cause inconvenience and expenses, but consider the cost of a security breach. Which one of those costs are we more willing to pay?

[Update: A reader pointed out that we inadvertently said the DHS was issuing passports. He was right; we were wrong, and we’ve fixed the error here. Thanks, Matt.]

Share This

[Daily Post from Infoglide Software] Will the US and EU get together on data-mining for airline security?

While Teufel’s remarks don’t necessarily go as far as some privacy advocates would like, it does seem that DHS is interested in finding a balance that keeps passengers safe and protects their personal data.

InfoWorld: Homeland Security to detail IT attacks

“In a hearing labeled ‘Hacking the Homeland: Investigating Cyber-security Vulnerabilities at the Department of Homeland Security,’ officials including DHS chief information officer Scott Charbo and Gregory Wilshusen […] are scheduled to detail their findings in response to requests from Congress to test the agency’s IT security defenses.”

Sequence Inc. Forensic Accounting - FRAUDfiles: Credit industry fighting against piggybacking

“Lenders say that piggybacking is fraud, which is why it shouldn’t be allowed. They say it’s gaming the system to the benefit of someone with poor credit. It is true that those with higher credit scores are generally offered more favorable lending terms. So to the extent that the piggybacking allows someone to enhance a credit score, the person may not really be entitled to those favorable lending terms.”

Keeping the World Safe: The inside threat

“American Surveyor just published an article titled Surveying Equipment Theft. The author, Bryan Baker, discusses theft by outsiders, but he points out that: “It is a sad fact that some equipment is stolen by company employees.” That’s not just true for surveyors. It’s true for you, too. Here are four reasons why untrustworthy employees are especially potent theft risks.”

BBC NEWS: A journey into personal privacy

“Privacy campaigners are convinced that big companies, from Google to Tesco, know too much about us - and are not careful enough with our data. We asked a young Londoner to find out what three big organisations knew about him.”

Share This