data privacy

Leveraging Big Data

I was quoted in the May 2014 issue of Personal Money.


Leveraging Big Data
Personal Finance
Written by Emily Chow and Sarah Voon of The Edge Malaysia
Friday, 16 May 2014 00:00

UPLOADING photos on Facebook; making an ATM transaction; operating a machine in a factory; making a call from a handphone. On the surface, these activities do not seem to have much in common. But they all contribute to the accruement of big data.

Everything and anything that is, and has ever been, linked up to the digital realm constitute big data. Big data analysis is what many businesses are doing today to enhance their business process.

“Big data isn’t so much the content or amount of the data, but [data on] who is contributing towards it and how often,” says Queenie Wong, head of data management at SAS Institute in Malaysia. The international company is a leader in business analytics software and services, and helps organisations turn large amounts of collected data into information they can use.

“[Companies] have been capturing this information, but it’s expensive to store. Most of the time, you just store and archive it. But with the new trend of big data analytics, how do you capture it [in a meaningful way] to get ahead of the competition and differentiate yourself?”

According to Wong, big data analysis has existed for some time and is being used especially by banks and telecommunications companies. The term was coined and came under the spotlight relatively recently, and businesses are starting to use it in making decisions and maintaining customer relationships.

“When you deal with consumers in today’s business world, it’s not about high value anymore. As a business, I don’t want you to spend thousands or millions of dollars [per transaction]; I’d want you to spend multiple [transactions worth] hundreds of dollars, that add up to more than the [initial] thousand that you might have spent,” she says, emphasising customer loyalty. “It’s easy to acquire customers, but it’s difficult to keep them and make them happy.”

Big data analysis helps in target marketing: Gone are the days of cold-calling and salesmen going door to door to sell their products. Today, a company can anticipate a customer’s need by studying his previous purchases or activities.

“For example, when a bank calls you offering loans and insurance, it isn’t a targeted offer because they don’t know if you’re an existing customer or not, or whether you own any other product in particular,” Wong explains.

“It’s just an outbound call, making it is expensive, and it’s only effective if it gets to the right person [who needs a loan]. The company also wants to make sure that within the first minute of the conversation, the customer wants to hear what it has to say.

“But with big data, we can comprehend the way customers use your service,” she continues. “If you are at a car sales online portal, the bank would want to give you relevant information on car loans [on the website itself]. Say, a customer uses an app on a mobile phone service to buy a train ticket. The information is captured when the ticket is purchased, so the next natural thing to do is to offer hotel stays, which the customer will appreciate. Big data is about anticipating the customer’s next move. It might not be of high value, but it’s very targeted.”

Examples of big data a bank would examine include customers’ ATM transactions and banking details. For a telecommunications company, it would be the way customers use their phones.

Unfortunately, this flood of information can be overwhelming, so companies need to know how to make use of it.

“Every time I make a call, send a message or access broadband, this information is being captured by the telco,” Wong says. “It’s a big dump of information, so businesses need to know what is relevant to them. Data will be used differently based on the maturity level of the companies.”
Such data can also add value to customer interactions.

“Banks have been analysing customer behaviour through credit cards [usage] and are able to detect fraud by notifying customers [of charges made] through text message,” adds Wong.

“But they can do more than this. If you’re travelling overseas and charge something to your card, data will be captured [regarding] your location. Instead of just sending customers a message verifying that they have just charged their card, banks can bring added value by telling them what promotions are [available] nearby if they use their credit cards there.”

Ballooning industry

As big data analysis grows in popularity, or even by necessity, it is predicted that businesses will direct significantly larger sums of resources towards big data analytic tools and solutions. According to the International Data Corporation (IDC) Predictions 2014 report, worldwide spending in this area is likely to increase by 30% this year, exceeding US$14 billion.

“The potential of deriving valuable insights and real-time decision-making from this data avalanche will drive massive investments and create new data-centred analytics and content services,” says the report. In Malaysia, the big data market is expected to reach US$24.2 million (RM46 million) this year.

“Malaysia is moving towards capturing more data — it is starting to recognise the people, process and technology,” observes Wong. “We see an increase in customers asking us to analyse and digest information. Big data isn’t a big bang thing; it is a journey for a business’ internal growth.”

For leading banks in the region, which may already have insight into what customers want through cross-channel banking transactional behaviour analysis, big data allows for increased targeting precision by extending their view of customer behaviour.

“This includes website activity, social engagement, contact centre voice interactions, and location data,” says Donald MacDonald, head of group customer analytics and decisioning at OCBC Bank Singapore.

“New technologies also enable us to react to this data faster than before — in some cases, in real-time — so we can directly engage customers with messages based on where they are and what they are doing right now.”

Apart from customer service and consumer sentiment, OCBC uses big data analytics in marketing analytics, fraud detection, credit quality optimisation and financial forecasting. The bank has spent over S$100 million (RM259 million) on data analytics since 2004, with investments on integrating data from multiple sources to one source, and on tools for analysis.

“Through the use of data analytics, we are able to significantly raise the quantity and targeting sophistication of our marketing activity. We can directly quantify the success of our marketing campaigns by monitoring customers’ individual behaviour to understand who responded to our offers, and then attribute a financial result to each contact,” shares MacDonald.

“Two major [big data] trends we’re focusing on now are speed to insight and contextual awareness.”

Speed to insight refers to the bank leveraging on “data-in-motion”, or data captured when direct interaction occurs with a customer. As this data is put into the bank’s system, its analytical engine updates the bank’s existing knowledge of the customer, and is able to recommend the most relevant products or services in real-time.

“Contextual awareness refers to leveraging additional information on the customers’ current circumstances to improve the relevance of our communications,” MacDonald says. For instance, OCBC could use big data to locate where a customer is, and then recommend merchants based on his preference as well as current location.

“Another example is leveraging voice logs within our contact centre to identify factors such as the increasing frustration of a customer on the line, which might be missed by a staff member,” he continues. “These factors enrich our existing view of the customer… ensuring that our sales and service offers are more targeted and relevant to each individual’s current situation.”

CIMB Group is another bank that leverages on big data initiatives to increase customer satisfaction, and appeal to their needs and lifestyle. The bank, for example, links customers’ Facebook data with its internal data to provide targeted offers to credit and debit cardholders.

“As a result, we discovered that there is an 80% correlation between merchants that customers ‘like’ on Facebook and our existing transaction data of merchants with whom they charge their cards,” says Iswaraan Suppiah, group chief information and operations officer, CIMB Group.

“Additionally, we have noted that banks in other countries are using big data techniques to reduce fraud incidents, or even use social network analysis to determine the creditworthiness of borrowers.”

According to CIMB, big data can also grow revenues faster by better matching its offers to customers’ needs.

“[This is] to the extent of designing better products and services that are directly relevant to various customer segments. Instead of using a traditional marketing campaign targeted at hundreds of thousands of customers and getting a 2% conversion rate, we can now target 30,000 customers and get a 50% conversion rate,” says Iswaraan.

“By using big data to really get to know and understand our customers, we can cut down on unnecessary ‘marketing’ and have real conversations about real customer challenges that will lead to benefits on both sides.”

Privacy protection and consumer rights

From a social perspective, big data could also benefit the public sector when used by the government, albeit allowing surveillance with an Orwellian touch. Authorities worldwide have been using such information in policy design and logistics planning, and to monitor crime and public security.

In Malaysia, however, data collected by companies cannot be sold or shared with a third party without the subject’s consent, as stated in the Personal Data Protection Act 2010 (PDPA).

Other laws such as the Communications and Multimedia Act 1998, the Computer Crimes Act 1997, and the Penal Code also ensure that collected data must only be used for the original purpose it was lawfully obtained for. This means customers should have willingly imparted their data to companies, with their knowledge.

“It’s fine for a person to use big data for business marketing research purposes, provided the data was acquired lawfully,” says Foong Cheng Leong, a lawyer at Foong Cheong Leong & Co, who specialises in cyberdata cases.

“There are many cases where data is purchased without the knowledge of the subjects within the data,” says Foong. In this case, the subject may exercise his right and file a complaint against the company or person that has been selling the information. Complaints can be made with the Personal Data Protection Commissioner.

“The information includes personal data, such as your name, identity card number, email address, images, your address, and so on, [used] in a commercial transaction,” he says, adding that this is all covered under the PDPA.

However, before a subject exercises his right, he should always read the privacy notices or policies provided by businesses explaining how they will use his data, Foong advises. A company is obliged to disclose how it uses personal data in a privacy notice or policy. This is also to enable the consumer to make informed decisions when sharing information requested by the company.

“With PDPA in force, consumers have a say in how their data is to be treated. They can even control the amount of data being flown out of a company.”

According to Foong, however, there are some cases of companies disclosing certain information necessary to deliver their services to the subject. For example, a telecommunications company may pass its customer’s data to a subcontractor. “[This is in the event] that the subcontractor needs to perform certain services. However, before a company [shares the data, it will make sure that the customer’s] personal data will be kept securely.”

This should also be disclosed to subjects during the time of data collection. Anything beyond what is stipulated in the initial privacy policy that is shared to subcontractors or other third-party services is considered illegal.

Foong says the only way to secure one’s personal data is to only use trusted service providers. Apart from that, he also advises that one should maintain a separate email to sign up for goods or services.

“Make sure you have strong passwords, and do not reuse passwords for different platforms. Phishing is common nowadays. Any email that goes into your junk or spam folders should be read with caution. It is unlikely to be true. Fake calls from unknown parties are also common. Many such callers ask for personal details on the pretext that someone is misusing your data.”

Otherwise, Foong believes that there should not be much to worry about. If users continue to take precautionary measures to protect their data privacy, they should not fear sharing their information online.

However, as an urban population moves towards a technologically driven lifestyle, rapidly expanding digital footprints are inevitable. From SAS Institute’s perspective, a company that chooses to use big data and its analytics has to make it relevant to its customers.

“If you want to use big data and big data analytics, whatever you give back to your customer must be relevant,” Wong says.

“Companies are very cautious with the kind of information they have and I think now with guidelines from Bank Negara Malaysia and the Malaysian Communications and Multimedia Commission, there are clear lines on what you can and cannot do. [Sometimes] there is a grey area, because that has to do with the company’s obligation to the customer and the public. The company then has to decide how they want to address that.”

This article was first published in the May 2014 issue of Personal Money — a personal finance magazine published by The Edge Communications.

Sherrina Nur Elena bt Abdullah v Kent Well Edar Sdn Bhd

Kota Kinabalu High Court Suit No.: K22-187-2009-I

The Plaintiff, who was a beauty queen, sued the Defendant for publishing, without consent, her photograph and image appearing on packaging of the Defendants’ products, particularly packages of rice being displayed and sold in various retail shops, grocery stores, supermarkets and hypermarkets in Kota Kinabalu.

The Plaintiff also discovered that her photograph and image on the Defendant’s packagings appeared on a large advertisement board
located at Kota Kinabalu, Sabah.

The Plaintiff sued for for copyright infringement and invasion of privacy.

The High Court held that:-

  1. The Plaintiff’s action for copyright infringement fails because she is not the owner of the copyright. The photographs of her were created by organizers of events where she attended or by the photographers who took them. Therefore, she has no locus standi to initiate the action.
  2. In Malaysia, the law on the invasion of privacy has developed. It is desirable especially in this internet era of Facebook and YouTube where lives can be destroyed by such unwanted invasion of privacy.
  3. Although the Plaintiff is at liberty to sue the Defendant for invasion
    of her privacy, in the instant case the Defendant did not intrude
    onto private property and took the photographs of the Plaintiff
    without her consent.
  4. The photographs were taken many years ago by someone else at beauty pageants where she participated willingly as a contestant and in public. It was not a private affair on a private property. The photographs as exhibited were also not offensive.
  5. The Plaintiff did not complain then that she had been humiliated or ridiculed or scandalized by the photograph or image.
  6. From her affidavits, these pageants were reported and the photographs were published in the local newspapers. The particular photograph or image which the Plaintiff complained was an invasion of her privacy was also published in the book by the Sabah Tourism Board in 1992. It was reproduced by the Defendant on its products. These photographs are in the public domain and cannot amount to an invasion of her privacy.

[Full Judgement: Download]<

The Legal Implications of Social Media: Defamation and Libel

Foong Cheng Leong, Senior Associate, Lee Hishammuddin Allen & Gledhill discusses the legal aspects of social media, focusing in particular on online defamation, admissibility of online data in courts, cybersquatting, domain disputes, and whether there should there be regulation of the Internet and social media, whether directly or indirectly.

He also discusses the fine line between fair Internet policing and control over the Internet, proposed Amendments to the PPPA and the perceived threats to online publications and bloggers.

He also talks about the Malaysian Personal Data Protection Act 2010 (not in force yet) and explains its implications for the ordinary layman.

Life Online Show 16: Naughty things

Podcast interview at the Life Online Show podcast on 2 February 2011.

The following topics were discussed with host John Lim, David Wang from theclickstarter.com, David Lian from Text100, journalist Niki Cheong:

1) Groupon coming into Malaysia by acquiring GroupsMore.com

2) Google establishing a bigger foothold in Malaysia with an office in KLCC.

3) The Malaysian Prime Minister has sent citizens Chinese New Year greetings, but how did he get their e-mail addresses in the first place?

Right to Privacy in Malaysia: Do we have it?

First published on “LoyarBurok and republished on Malaysia Insider on 21 February 2011

If someone installs a CCTV in front of your house, can you stop him from doing so? If our Prime Minister sends his best wishes for the festive seasons to your email and mobile, is he invading your privacy? Whats the state of the right to privacy, and invasions of your privacy, in Malaysia?

Long story short, yes, our constitution recognises the right to privacy under article 5 of the constitution according to the recent Federal Court case of Sivarasa Rasiah v. Badan Peguam Malaysia & Anor [2010] 3 CLJ 507 at 519. Article 5(1) of the Constitution provides that “No person shall be deprived of his life or personal liberty save in accordance with law.” According to Gopal Sri Ram FCJ (as then he was) in the Sivarasa case, the right to personal liberty includes the right to privacy.

What is a “right to privacy”?

The right to privacy is basically the right to be left alone and to live the private aspects of one’s life without being subjected to unwarranted, or undesired, publicity or public disclosure. It is also a right of an individual to seclude oneself or information about himself and thereby reveal himself selectively. For example, the right of being strip searched (and probably do some squats and get recorded see: squatgate).

Invasion of Privacy

However, althought the right to privacy provided by the Constitution, is there an actionable right against someone who invaded your privacy?

Notwithstanding the recognition of such right, such right may not be enforced by an individual against another private individual for the infringement of rights of the private individual as constitutional law (substantive or procedural) will take no cognisance of it (Beatrice Fernandez v. Sistem Penerbangan Malaysia & Anor [2004] 4 CLJ 403).

The tort of invasion of privacy is not a recognized tort under common law (Malone v MPC [1979] Ch 344; Kaye v Robertson [1991] FSR 62 (CA); Khorasandjian v Bush [1993] QB 727, 744 (CA); Wainwright v Home Office [2003] UKHL 53, [2003] All ER (D) 279 (Oct), House of Lords).

The tort of invasion of privacy is not recognized in Malaysia. This basically means that you cannot sue someone for invading your privacy.

The Malaysian High Court cases of Ultra Dimension Sdn. Bhd. v. Kook Wei Kuan [2004] 5 CLJ 285 and Lew Cher Phow @ Lew Cha Paw & 11 Ors v. Pua Yong Yong & Anor [2009] 1 LNS 1256 Johor Bahru High Court Civil Suit No. MT 4-22-510-2007 had held that invasion or violation of privacy is not a recognized tort or a cause of action in Malaysia. In the former case, the Plaintiffs failed in their action for invasion of privacy against the Defendant for taking a photograph of a group of kindergarten pupils, including the Plaintiffs child, at an open area outside the kindergarten and published it in two local newspapers. As for the latter case, the Plaintiffs failed in their application to restrain the Defendants from having a CCTV which faces their house and to remove the same.

Similarly in the High Court case of Dr Bernadine Malini Martin v. MPH Magazines Sdn Bhd & Ors [2006] 2 CLJ 1117, the Court again stated that invasion of privacy is not an actionable wrongdoing.

However, the Court of Appeal judgement of Maslinda Ishak v. Mohd Tahir Osman & Ors [2009] 6 CLJ 653 gave light to the tort of invasion of privacy. Some of you may recall the incident where a guest relations officer (GRO) was photographed easing herself in a truck by a volunteer reserve corps member (Rela) after the GRO was detained in a raid at a club in 2003. The GRO sued the Rela member, Director General of RELA, the Director of JAWI and the Government of Malaysia. She was granted damages for the wrongdoing. However, the case was not on point as to whether the tort of invasion of privacy is a recognized tort in Malaysia.

YB Elizabeth Wong, YB Dr Chua Soi Lek & Actress Nasha Aziz were all victims of privacy invasion.

The case of Lee Ewe Poh v Dr. Lim Teik Man & Anor [2010] 1 LNS 1162 is the first reported Malaysian case that recognizes the invasion of privacy as an actionable tort. In this case, the doctor had taken picture of the Plaintiff’s anus during a medical procedure without informing the Plaintiff. The doctor’s reason for taking such picture was for medical purpose and claimed that taking of photographs during the course of the medical procedure without the consent of the patient is an acceptable practice.

The Court of Appeal judgement of Maslinda Ishak was referred in the judgement of Lee Ewe Poh and the learned Judicial Commissioner relied on the said case to hold that invasion of privacy rights is actionable in Malaysia.

The Learned Judicial Commissioner held in the case of Lee Ewe Poh that (at page 6 of judgement):

The learned trial judge found for Maslinda Ishak against the 1st defendant but not against the other respondents for whom she appealed. The Court of Appeal allowed her appeal and held the respondents to be jointly and severally liable for the wrongful act of their agent as well as vicariously liable. Although Maslinda Ishak’s case is not directly on point, the fact remains that the High Court in so finding has departed from the old English law that invasion of privacy is not an actionable tort and our Court of Appeal indirectly, though this issue was not canvassed, seems to endorse such cause of action when the pleadings were specifically referred to and C.A. did not overrule invasion of privacy as a cause of action on ground that it is not one in line with the English law. Since such a cause of action has been accepted as a cause of action under our common law, it is thus permissible for a plaintiff to found his/her action on it. Drawing an analogy of this Court of Appeal case, I am inclined to hold the view that since our courts especially the Court of Appeal have accepted such an act to be a cause of action, it is thus actionable. The privacy right of a female in relation to her modesty, decency and dignity in the context of the high moral value existing in our society is her fundamental right in sustaining that high morality that is demanded of her and it ought to be entrenched. Hence, it is just right that our law should be sensitive to such rights. In the circumstances, Plaintiff in the instant case ought to be allowed to maintain such claim.

Both Maslinda Ishak and Lee Ewe Poh’s cases are in respect of women’s modesty. It will be interesting to see whether how our right to privacy would extend to. For example, will it extend someone’s surfing habits? If someone had recorded everything you serve on the Internet, would that be an invasion of privacy? (On an interesting note, Google does store your Google search keywords).

Lee Ewe Poh’s case is a High Court decision thus may not be followed by other courts of the same or higher jurisdiction. However, Sivarasa’s case was not referred in the decision of Lee Ewe Poh. With Sivarasa’s case, it will be interesting to see whether the recognition of tort of invasion of privacy will be strengthened by it.

Misuse of Private Information

The recognition of right to privacy in Sivarasa’s case may be a stepping stone to the expansion of the tort of breach of confidence to include “misuse of private information”, a term coined by Lord Nicholls in the House of Lords case of Campbell v. MGN Limited [2004] UKHL 22, in Malaysia. In this case, the House of Lords held that the publication of articles by the Mirror newspaper regarding well known model Naomi Campbell’s attendance at Narcotics Anonymous meetings and her efforts to overcome her addiction to drink and drugs was a misuse of private information. Basically, this tort protects information that is “private”. It affords respect for one aspect of an individual’s privacy.

Closing

If the tort of invasion of privacy or misuse of private information is recognised in Malaysia, this may be used as a remedy against those who had breached the Malaysian Personal Data Protection Act 2010 (which is not in force yet). The present Personal Data Protection Act 2010 does not provide for damages to data subjects for the breach of the said Act unlike the UK Data Protection Act 1988. With such torts, this may bridge the gaps in the Malaysian Personal Data Protection Act 2010.

The effect of the recognition of the privacy rights in Malaysia is far reaching. It may, in no particular order, affect the following:

  • Employees’ rights especially when it comes to employee monitoring;
  • Authorities’ right to conduct searches such as strip searches or search of a premise or vehicle;
  • Internet users’ rights such as the right to remain anonymous (note: bloggers have problem claiming anonymity pursuant to the case of The Author of a Blog v Times Newspapers Limited [2009] EWHC 1358 (QB) where the UK Court held that blogging is a public activity);
  • Details of relationships such as intimate details of partners including intimate pictures;
  • The right of the media to report news regarding individuals;
  • Rights of public figures such as politicians and celebrities; and
  • The position of the admissibility in Court proceedings of illegally obtained evidence which infringes’ an individual’s right to privacy

Well, if you ask me whether the Prime Minister has infringed your right to privacy or had committed misuse of private information, when he sent festive greetings (although I understand it is for good intention) to your emails or mobile phone, my answer is that, it will be an interesting test case in Malaysia!

 Scroll to top