#139: Data Laws and Data and Privacy Health Checks for Loyalty Professionals

Three years after the introduction of tighter data regulations & GDPR in Europe, the world of data protection and privacy is only getting more complex. In fact, my guest today described the privacy challenges we face today as a “perfect storm”.

From changing cookie laws, to complex data transfers, to the latest class action law suits being brought on behalf of professional footballers, there is now doubt that the tectonic plates in our industry are shifting.

So how can we ensure we’re professional, prepared and protected as much as possible?

While we continue to cope with COVID, our industry is facing rapid changes, such as the increasing use of facial recognition technology & biometrics,  so listen to learn all about the approach you can take to ensure “custom privacy protection by design, which will endure by default”.

Richard DuttonManaging Director of the Elias Partnership joins me on today’s show to explain the concept of a “Data Health Check”, what it does, how it helps and how your company can ensure a legally defensible position should a data breach ever occur.

Show Notes:

1) Richard Dutton

2) Elias Partnership 

Audio Transcript

(42m)

Welcome to “Let’s Talk Loyalty”, an industry podcast for loyalty marketing professionals. I’m your host, Paula Thomas, and if you work in loyalty marketing, join me every week to learn the latest ideas for loyalty specialists around the world.Hello and welcome to today’s episode of let’s talk loyalty. One of the most fascinating and fundamental topics of conversation for loyalty marketing professionals is the whole area of privacy and data protection. It’s an essential pillar of our business, but in my experience can sometimes be overlooked or neglected over the lifespan of a loyalty program.
49s
0

So to help you understand the context for privacy today in our increasingly data centric world, I’m chatting to Richard Dutton, managing director of the Alliance partnership, and they have extraordinary expertise in this whole field. So I’m delighted to welcome Richard onto the show and let’s get on with the conversation. So Mr Dutton, please do tell me, first of all, what is your favorite loyalty statistic? Well,
1m 19s
1

Paula I’ve thought long and hard about this, and I’m going to fall back on what I think is one of the fundamentals of loyalty, which was shared with me by an old friend who happened to be the co-founder of air miles, feather called Phillip beard. And he said, Richard, whatever, you’re doing loyalty, make sure you focus on these three things, lift, shift, and retention, everything else falls away from that. So that was great advice. And I followed that since then.
1m 51s
2

Goodness. Wow. And what incredible credentials? I mean the air MA’s brunt a little Richards. I mean, it’s just extraordinary what they created and quite a long time ago, I think the company originally set up maybe 20 odd years ago
2m 5s
1

And yes, beyond that, I mean, I think certainly in the nineties it was there. So we, you know, Phillip been there and done it all. So certainly somebody to learn from particularly, particularly, particularly given his partner at the time P smells then went on to launch nectar and he was involved in that as well. So yeah, some really good credentials. Wonderful,
2m 27s
2

Great stuff. So speaking of credentials and your coming to talk to us today from a legal perspective, which I think are confessed to you, Richard is the part that scares me the most about working in loyalty. And I’ve often actually remembered getting a phone call in Ireland from the data protection commissioner, which back in I’m going to say the early two thousands certainly focused my mind on the amount of attention that was coming on data, data protection. So tell us a bit about, you know, your career from a legal perspective and looking at loyalty programs.
3m 4s
1

Right. Well, I actually had a degree degree in law and one of my fellow students at the time was a fellow called Dean Armstrong who has since become a Queen’s council. And one of the leading barristers and lawyers in the world of data and cyber blockchain, crypto assets and crypto currency. So short-term about six years ago, we teamed up and formed LIS partnership, which is the business we currently own. He’s the chairman.
3m 44s
1

And we focus very much on data rights, all aspects of data protection and across multiple sectors. And the reason I got there was, you know, my, my world while I got a law degree, I, I didn’t follow it except for the commercial world. So I’ve been in a commercial and therefore 30 odd years of practice as it were in dealing with commercial law contract law. And part of that experience was very much in retail marketing for about 20 years.
4m 27s
1

And that was where I discovered I had a lot of affinity with technology getting involved with radio-frequency identification early on in the mid nineties, which soon became smart card technology. And in the early two thousands, we were, we were one of the first organizations to introduce multi application smart card into Liverpool as part of a loyalty program, which had the transport application as well. So similar to the oyster card, it was a transport application, which sat on a, on a loyalty card. So I’ve always enjoyed the technology element, the applications rather than being a technologist per se.
5m 14s
1

Yeah. And that has translated certainly into the area of data governance and the way in which certainly the data regulations are being applied today. Yeah.
5m 27s
2

Yeah. Okay. Brilliant. Brilliant. And we’ll get into that now, Richard, but just before that, I think it’s always great to mention you are a colleague and a friend in the customer strategy network. So we share our global colleagues. We all work together obviously on, on various things. So that’s another feather in your cap and you’re also a board member with the loyalty academy, if I’m correct.
5m 52s
1

That’s right. Yes. I’ve been a member of the customer strategy network since 2008 and on the board at the loyalty academy for about five years now. That’s right. Wow. With, along with Mr. and, and others. Yes.
6m 10s
2

Well, I, I recorded an episode with Mr. QPC recent dates, so he’s on the show tomorrow as well. So yeah, we’re all, we’re all a good, good friends. So tell us about the context for the conversation, Richard, because as I said, it’s a long time since I’ve been responsible for data and have that their phone call from the data protection commissioner, but so much changes, you know, and I think we all have to pay very close attention, but at the same time, the sheer complexity of what’s happening is, is really what makes it am such a big concern, I think at all levels of the business. So tell us what’s going on and globally as, as easily as you can, because I suppose I’m conscious that, you know, UK is, is where you do a lot of work on the U S I believe, but then there’s stuff going on in China and all of that.
6m 60s
2

So tell us a bit about what, what is happening.
7m 2s
1

Well, I think one of the first things I’d like to say, it’s a rather grandiose statement, but one of the, one of the challenges we’ve got is the internet is broken. And you have a situation, frankly, where the current pandemic apart from COVID is data breaches and ransomware where companies all over the world are being targeted largely because the internet itself, the way it was designed was not designed to cope with the volumes and, and the nature of the beast right now. So in the internet given so much now relies on it.
7m 46s
1

Yeah, it is part of the problem. And you also have a real divergence in terms of data regulations and some of the major continents. So in Europe we have the GDPR in the us that JJ law is effectively, what was privacy shield was invalidated by the European union last year, which created a significant amount of problems. Yeah. So the data transfers between the EU and the U S are subject of a lot of current stress and tension. The Chinese have decided that Chinese data stays in China and they are making a play to be privacy centric.
8m 37s
1

The Russians similar, everything stays in Russia. You have state surveillance in, in those. So you have competing entities, state entities competing with the big tech from America, which has been yeah. All in all embracing really. And some people listening to this may also recall that in, in the last month or two China have taken a very aggressive stance against their big tech companies, effectively telling them you need to relocate back to China rather than listing yourselves on the American stock exchange, for example.
9m 26s
1

And it’s a very overview situation there, but nonetheless, it was a crackdown coming from China.
9m 34s
2

Is there more that I should worry about? Or, I mean, I don’t know how far to let you go. And
9m 43s
1

One of the things I would say polar is that when the GDPR first came out in 2018, there was an awful lots of scare mongering going on about the fines and everything. And justifiably. There were also an awful lot of people in the data protection space who became self appointed experts. Okay. One of the flaws in the way in which the GDPR was deployed was that they didn’t have any way of certifying expertise.
10m 25s
1

So, so you had, you had a huge numbers of people who appointed themselves as experts, advise companies without understanding the law. And one of the difficult challenges of the GDPR is unlike a rule-based law, like speeding. If it’s 30 miles an hour speed limit. Yeah. That’s rule-based, you can’t go above it. Right. You get fine. Yeah. Well it’s the GDPR is principle-based. So it’s about interpreting it. And that is where there’s a significant difference. And a lot of people have interpreted it incorrectly. And that’s what we’re seeing now as case law over the last three years, since the GDPR was introduced, is having significant impacts.
11m 14s
1

Going back to what I said about the transfer of data between the EU and the U S yeah. It’s causing a lot of problems. The cookie laws have changed as Europe is taking a stance against big tech. So the most recent being the Luxembourg data protection authority, even the smaller than your Irish equivalent has just find Amazon over $800 million for a breach, which effectively was all about cookies. So the regulators are emerging from their COVID induced inactivity, and they are going to put a marker down.
11m 58s
1

So that, and the advent of the class action lawyers I think is, has made it a very feisty environment now in terms of the data protection regulations.
12m 13s
2

Yes. Yeah. And just for anyone not familiar with that acronym, Richard GDB whore, am I right? It’s general data protection regulation is the acronym wonderful. And that applies across the European continent.
12m 28s
1

Yes. And also if you are a European data subject, wherever you are in the world, you have rights about your data. So even if you were in the U S for example, okay. So there is a jurisdiction element there, which people sometimes are unaware of.
12m 43s
2

Yeah. And I think what caught my attention again, back in 2018, Richard was how high the stakes were. So without being familiar with how laws work or are imposed or assessed the fact that there were fines, I believe being mentioned as percentages of turnover, for example. And so the principles of how the fines were going to be calculated were all of a sudden, extremely frightening. I think for, for companies, you know,
13m 10s
1

Yes, it’s a fair point. And, and the problem that GDPR has faced is that the regulators haven’t really enforced it certainly in the first few years and a large amount of that is due to the fact that they have been challenged resource wise and COVID has had an impact as well. Yeah. But, but the unfortunate thing for many of the GDPR privacy activists certainly is that even the companies that were fine, like British airways, I think there was a fine, there are about $283 million or pounds. I can’t quite remember, but nonetheless it was reduced to about 20 million in the end.
13m 51s
1

Wow. So you have a situation where lots of companies, frankly, have just taken the view that, you know what, I’ll take the fine as a cost of doing business. And there is a, an attitude there in many companies that, because the regulator isn’t really going to enforce this,
14m 14s
2

Okay, risky strategy, I’m hearing
14m 18s
1

Well risk. If you certainly, if you take that view, I suppose you, you either you either live by it or you die by. It certainly is. As far as I’m concerned, th th th the threat vectors are coming from a number of areas. So the regulator is all over Europe, waking up. The second thing is the class action lawyers are really being aggressive in Europe, particularly in the marketing services where you’ve got a full blown assault on programmatic advertising and programmatic marketing. So anybody that’s involved in those sectors, particularly with the IAB in Europe, who are, who are under real pressure, you know, you’ve got hundreds and hundreds of companies who have followed their guidance about the GDPR, and it is clear to anybody that really understands the law that they misinterpreted it.
15m 24s
1

And all of those companies I think, are, are in a potentially very vulnerable situation. Okay, I’ll leave it at that.
15m 35s
2

Yeah. And the other piece I know you’re doing a lot of work on, on it is in the class action space. You mentioned it to me, and this is professional athletes such as footballers and their rights to their own data. So I’d love you to explain this, because this sounds like a very new area of concern for again, companies that are capitalizing on what I might’ve interpreted again, as a non-legal person, as publicly available data, but all of a sudden that that’s, that’s being classified as data that’s owned by somebody else that I couldn’t possibly access or use.
16m 11s
1

Yeah. W w we’ve been involved since the start of this particular case, which is no more generally as project reg card, we provided the legal opinion through to Dean Armstrong QC. And, and this is about professional footballers who have had their poor performance and tracking data effectively processed and used by sports data companies, gaming companies, and betting companies without the player’s consent. And there is a wholesale industry here, which has brought up over the last decade and the players are not benefiting in it from the amount of money that’s being made by these companies.
17m 7s
1

And we are actively involved in making sure that they are represented and they can in fact be compensated for the use of their data by these companies. Yeah. So, so that’s, you know, we’ve been involved with it. I can’t say too much moment about it because it’s ongoing, but it is nonetheless, as you say, reflect a fundamental shift turning of the dial in the way in which data and personal data rights. And this is something that Dean has, has emphasized is that personal data rights will become one of the most valuable asset in the world.
17m 52s
1

Within the next three years, we’ve actually seen a Supreme court verdict in the U S recently, which effectively releases all these college basketball and college football players allowed to use their name, image and likeness and profit from it. Whereas previously it’s all been done by the colleges in a sort of collective bargaining agreement. So there’s, there’s the tectonic plates are shifting Paula in sport and we’re right at the heart of that. Okay.
18m 27s
2

Well, yes, I can see the scale of the, I don’t know what the right word is to use here, the challenge and the, the level of awareness and education, I suppose, that’s required. And, and one of the reasons I love the way you work is that you do come in from an external expert perspective to advise, you know, whether it’s a loyalty program manager, director, anyone who’s working with data, I know you work in a particular way to do essentially a data health check to help people and to help companies, I think more, more accurately to assess where they are in terms of their compliance with the various rules and regulations, and I guess, advise areas for improvement.
19m 13s
2

So I’d love you just to talk through. And first of all, is that an accurate description of your data health check?
19m 20s
1

Yes, it is. I said in essence, there’s probably four, four aspects to, to this health check. Okay. And, and there’s plenty of people out there who can conduct this. There’s there’s no, there’s no doubt about that. What’s unique about ours is this is that once you’ve been through what we call the documentation review, and there’s probably about five documents, which really give you a sense in it, of the organization, from the privacy policy through to the data flows and the data protection impact assessments, you, you get a feel. And once you also had a look at their internet facing security, which we do through some open, open source intelligence tools, you get a feel for the business.
20m 17s
1

We write the report and we come in and we offer the C-suite of, of the organization, a 19 minutes session with Queen’s council under legal privilege. So it’s an independent assessment, and it’s the opportunity for the organization to ask those questions about, do we have a legally defensible? And they can do it in the knowledge that whatever is said is said under legal privilege.
20m 58s
1

And it can let, can therefore be addressed in private because so many, so many organizations get really, really stressed and irritated by people coming in and saying, well, yeah, you’re doing, you’re doing it a law finally. Totally. And, and so that’s one of the special areas that we address. And particularly then in 90 minutes session, there’s an awful lot of your questions you can get, get in front of one of the leading authorities in the world on data.
21m 31s
2

Brilliant. Brilliant. And yeah, no, as I said, I’ve definitely been in the casual grief, people getting stressed because you know, so much of it feels subjective and it’s hard to know who to trust. And it’s an ongoing problem. Like any loyalty program I’ve ever worked on it rears its head constantly. And I feel like, I wish we could just have some people that would just take ownership of this so I can get on with doing the business, you know, in the way that is compliant. So that members are comfortable with, without wondering if I’m going to trip over myself constantly. So I think that that’s an extraordinary opportunity to have that C-suite visibility, as you said, address any particularly sensitive subjects and review it and get it fixed, you know, because it just can’t be ignored any longer if I’m correct, you know,
22m 20s
1

No, you’re right. I think ignorance is no defense, certainly. And one of the things that Dean says on a regular basis to the C-suites that he addresses it is if you are in the courtroom, the first question that you will be asked by leading counsel will be, did you take independent expert advice? Yes. And the answer to that is an interesting one, because if you say no, then you’re clearly not taking the ICO’s guidance.
23m 1s
1

If you talk about the UK is data protection authority, but if you haven’t taken it, you’re in trouble immediately on the back foot. And if you have taken it, then it’s a great way then of demonstrating how you have achieved a legally defensible position. Because one of the challenging things about the GDPR, Paula is there is no certification process to say we are GDPR compliant.
23m 35s
2

Yeah. Trained and expert and knowledgeable. Exactly. Yeah,
23m 38s
1

Yeah. And no company, there is no company certification process island. Wow. So yet it’s yet to be deployed. Yeah. So we maintain that. The best position you can have is to have a legally defensible one. Yeah. And that’s, and that’s what we’ve offered and delivered to several of our clients, particularly in the more challenging areas around facial recognition technology, where we work and, and you have these areas of really sensitive depth feature, special categories of data, they call them the regulation where you’re dealing with biometrics and other special categories, which, which ironically also includes trade union membership.
24m 31s
1

Interesting. Extraordinary, really. But anyway,
24m 36s
2

Indeed. And, and you’ve reminded me, I know it has been mentioned, for example, in, in, you know, COVID pandemic context, for example, about contact data tracing data. So despite everybody’s obviously alarm and concern about the virus in some countries, and I believe Norway was one and they were unable to capture the data they wanted to for tracing purposes, because that would violate a data protection. So again comes back to the same point. I think Richard, where you do need, you know, expert guidance and the point that actually did surprise me that you said there about the opening question is the independent legal counsel.
25m 19s
2

Because my experience, again, working for a lot of big companies is, you know, there would be an in-house legal counsel. So is that is not, not considered sufficient.
25m 30s
1

Well, there’s, there’s no doubt that lots of companies have general counsel and internal legal expertise. They will also have solicitors in advising them. So I’m not for one moment suggesting that that isn’t appropriate. It is. But our argument is that if you want to achieve the belt and braces approach gotcha. Independent to challenge that because one of the things that’s happening is case law is happening all the time. And you’ve got a very, very developing situation.
26m 10s
1

And by that, I mean it changes. And so therefore having an independent assessment.
26m 16s
2

Okay. Okay, perfect. I got it. So talk me through this key documentation that you mentioned is, is normally what you, you look at. And so I think you said there’s three or four and, or maybe even five pieces of data and that you would look at if you were brought in to do an independent health check. So tell us just at a high level, what exactly do you look for?
26m 39s
1

So the first thing we’d look at is the privacy policy. Okay. Because that’s, that’s the policy that is the window to the world. You know, everybody, you have an obligation to, to put it on your website. Yeah. And so that’s the document that we, we scan, we look at to, to check whether it’s been updated since may of 2018, for example, because so many companies did it up to 2018 and have left
27m 7s
2

It posted and presented it. Yeah.
27m 10s
1

When you say you made it, you immediately know if it, if it’s, if it’s dated May 2nd, 2018, that they have not taken into account any of the case law. And so, you know, that there’ll be operating unlawfully, they won’t be controlling their data. So that’s the first cookies is a second. There’s been a case law over the last couple of years, which has changed cookie the cookie laws. And it’s really obvious to spot those people who haven’t changed their cookie consent. Cause it’s all
27m 40s
2

About, that’s quite visible. Yeah. I’ve seen that one. Yeah.
27m 44s
1

The third one would be the data protection impact assessment, which again, needs to be a living document iteratively in the sense that it changes the fourth is the data flows. And it’s really important because if you don’t understand where your data is going, you can’t ensure it’s being protected properly. Yeah. So we looked to see that, and then the final document, lots of organizations rely on something called legitimate interest is their lawful basis of processing data. And if you do that, then you have to have done a legitimate interest assessment, which in itself is a document that requires quite special attention.
28m 33s
1

So those are the five. And then we’ll, we’ll marry that with, as I said earlier, open source intelligence tools, which we use to check the internet facing security of a company. And we’ll also do a search of the dark web as well to see if there’s any evidence of data breaches or emails that may be compromised. Yeah. So there’s the first two elements within writes up the report. Yeah. And, and the Q and a session follows, follows that with the QC.
29m 15s
2

So like from start to finish, then Richard, let’s say somebody is listening to the show. And from what you’ve said to me before, my understanding is it could be from the brand side, it could be from the platform side, it could be in the context of mergers or acquisitions or IPOs. And how much time do you think any company should allocate to bring in you guys to go through this entire kind of health check?
29m 43s
1

Typically it takes somewhere between 30 and 45 working days in terms of timeline that polar as opposed to the number of days. Yeah. Yeah. So, but it all, it depends on two key things. Number one, you have to have the buy-in from the CEO and number two, you have to have the availability of the key personnel in the organization. So that might be the data protection officer. It could be the CTO CMO, but you need a buy in. Otherwise it doesn’t work.
30m 25s
1

We’re currently advising an organization whose CEO is insistent on going through an IPA and they need to have, they need to be in a position where they can’t be compromised when they go to market.
30m 45s
2

Okay. So it’s kind of their own due diligence actually, even before they go through the IPO process.
30m 52s
1

Yes. Because they enlist in this particular organizations case, the firm of lawyers look to their data protection situation and said it wasn’t up to scratch. So they came out to us as an independent organization to do the health check and remit and recommend and remediate where appropriate.
31m 16s
2

Wonderful. Wow. Well, I mean, I can hear, you know, the potential for peace of mind. I think I said to you, I was kind of like going, oh my God, I don’t know where to go with this topic because it is so fundamental to the loyalty industry, but yet I feel the scare mongering. I think he used that word yourself earlier. Richard, I hear much more of that than I hear solutions. So I’m really happy to hear that you do have solutions recommendations. And I suppose just that expertise to know, okay, what is the first question I’m going to be asked? You know, so, and can I answer it in a way that at least chose responsibility? And I think intention, if I’m right, Richard is a word that seems to come through, you know, w you know, you said it’s not a fixed measurement.
32m 3s
2

It’s more like, where were you as responsible as you could have been, or should be expected to be?
32m 8s
1

That’s a very good point actually, because one of the key aspects and principles of, of the data protection regulation in Europe is transparency and accountability. Yeah. So those, those two, and within that as well, it’s about being proportionate, proportionate to your business. We always say, I mean, there’s, there’s the, the principles of privacy by design. Well, we talk about custom by design and enduring by default. So each business is different. So you customize by design for the business to ensure that it’s enduring by default, you made a good point earlier enduring by default means you can, it happens as part of business as usual.
32m 59s
1

What, what, what so many organizations are faced with the moment is the pressures of business as usual. Yeah. Right. But still trying to then remediate some of the issues they’ve got around the data protection. So if you build it, design it right. Becomes part of business as usual. And that’s what, what would be a real slam dunk for any organization? Yeah.
33m 24s
2

Yeah. And I do remember seeing it again, you know, having done a bit of reading around GDPR when it came out, you know, there were companies positioning it as an opportunity to really showcase, integrity around taking care of your customers. And even certainly in my part of the world, Richard, which, you know, from what you said earlier, I’m possibly covered under GDPR, but I’m not in Europe, but many companies, I believe here in Dubai, for example, in the UAE would follow GDPR practices and principles, even though not legally required, for example, for, for local customers, but just to be seen to be doing what they can do in terms of global best practice.
34m 5s
1

Yes. I think that’s right. I think the, the opportunity is competitive advantage. If you are, as an organization, you’re looking at best practice and I mean, your rights as a European citizen, you have the men in Dubai. So, but it doesn’t matter where if, I mean, you might be in the far east as an ex-pat, for example, my, my nephew’s in Singapore. So you have this challenge of Singapore law and the data protection laws in the UK. I think there’s an awful lot of, if you look at some of the web services companies, you know, they they’re hosting all over the world and they can shift between between continents and that’s what’s happening, particularly when you look at some of the solutions to the problems of data transfers between the EU and the us, that lots of us companies and are saying, right, we will move our hosting to Europe or to the UK, for example, rather than having it go to a map to the U S
35m 17s
2

Yeah. Yeah. And you’re certainly Ireland has, has done extremely well. Now, now not mainly, you know, from a privacy perspective, it’s more of a taxation incentive that, well, we do have Facebook, we have Google, we have HubSpot. We have, I think most of the biggest, you’re sorry, tech companies in the world have their European headquarters Ireland. So we do get, am I think a lot of attention around, you know, how our data protection laws are being enforced particularly for American companies. So yeah, it’s certainly top of mind and yeah, I certainly feel like it’s not going anywhere soon.
35m 55s
1

No, you’re, you’re a commissioner in Ireland is under a lot of pressure at the moment. Paul are getting a lot of stick, even from the European data protection board, because they haven’t been able to process so many of these complaints. And I think they’ve been taken to court along, you know, the privacy activists are, in fact, I think it’s the IRS civil liberties who’ve taken them to court, but the UK ICO is also being taken to court for not enforcing. So there’s a lot of tension apart from, you know, the COVID pandemic induced attention. You’ve got a lot of tension building up in Europe about this and increasingly the European data protection board, looking at ways in which they can get consistency of decision-making and in rulings, across Europe as well.
36m 53s
1

So that’s one to look out for.
36m 55s
2

Okay. So I guess the only other question I have then Richard was for anyone who is listening, if they do want to, first of all, you know, maybe do a bit of their own kind of research preparation. Are there, you know, general areas that they can stay up to date or would your advice be generally, actually it’s quite specialized. So, you know, whether it’s internal counsel or external advice, what do you think at loyalty professionals should be doing with this whole and increasing awareness let’s say, and the tectonic plates a situation?
37m 30s
1

Well, I, I think that from, from a loyalty marketeers perspective, that’s just tell you what, anybody who’s in the space or a loyalty program. Yeah. If you haven’t looked recently, you know, you need to review your own privacy policy. The first thing I would be doing is saying, right, well, if you, if you just follow that train, you’ve got to know what you’re looking for. One of the things about training and the knowledge of the GDPR, there’s plenty of, of training modules out there.
38m 10s
1

It’s very easy and there’s some really good stuff. Yeah. But it’s the refreshing because of the case law changes. And that’s where, you know, people may have missed the case law that, that we’ve referred to previously. I think the data transfer and data sharing, sharing is something that people overlook and into, into their supply chain, particularly because outside of the whistleblowers internally, the data sharing is where the problem has been.
38m 51s
1

If you look at some of the big data breaches that have happened in the last six to nine months, solar winds in, in the U S where Microsoft, where ha had their source code compromised, which has impacted companies globally, you, there are too many unknown unknowns right now, you know, too many sophisticated hacks, which I come back to, the internet is broken, and this is a combination of checking your security, but also checking your governance and your compliance.
39m 28s
2

Okay. Well wise words, indeed. Richard, and thank you for those. Are there any other kind of important points that maybe I haven’t asked you about before we wrap up? And, and of course, then I do want to make sure people know where to find you. So maybe address those two for me.
39m 47s
1

Now, my final, my final point would be, I’d just like to reiterate, remember, your company is unique. So custom by design enduring by default should be your mantra. The second thing is you can find us Alliance partnership. I’m on LinkedIn. So happy to have an initial chat with anybody, no obligation. We know it depends what sort of organization you are. If we can help. What we do say is if you, if your philosophy is I’m happy to take a fine as a cost of doing business, please don’t waste my time because we can’t help you.
40m 29s
2

Well, I’m actually relieved to hear that Richard, because, you know, it’s a reality. So I mean, clearly you’re speaking from experience, but, but they’re not the kind of people I want to do business with either. And I know it’s impossible to be perfect given what we’ve talked about in terms of the perfect storm, but yeah, let’s at least, you know, set out with our integrity and our intentions intact so we can do the best possible job. So yeah. Thank you for that. So wonderful. Okay. So Alliance, partnership on, make sure we link to that in the show notes. And obviously if anybody wants to reach out to me directly, Richard, I’ll make sure to send them your way. And yeah, I just really want to say, thank you so much for all of the incredible work you put into preparing for today.
41m 12s
2

I know you do this data health check and probably day in and day out, but I really needed to be spoonfed a little bit of the, the process to understand exactly what you do, because again, I’m just coming at it from a practitioner’s point of view. So yeah, really
41m 26s
0

Wants to say thank you so much for your time. So Richard, Dolyn managing director for Alliance partnership. Thank you so much. Thanks Paula. I’ve enjoyed it. This show is sponsored by “The Wise Marketer”, the world’s most popular source of loyalty marketing news, insights and research. The Wise Marketer also offers loyalty marketing training, both online and in workshops around the world through its Loyalty Academy, which has already certified over 150 executives in 18 countries as Certified Loyalty Marketing Professionals. Thanks so much for listening to this episode of “Let’s Talk Loyalty”. If you’d like me to send you the latest show each week, simply sign up for the show newsletter on Let’s Talk Loyalty.com and I’ll send you the latest episode to your inbox every Thursday, or just head to your favorite podcast platform, find “Let’s Talk Loyalty” and subscribe. Now, of course I’d love your feedback and reviews and thanks again for supporting the show.

Publisher’s Note:

This transcript was generated with the help of AI and podcast publishing tools such as Apple Podcast’s transcription service.

In the interests of efficiency and minimising our costs as a small business, it has not been checked by a human.

If you have any comments or concerns about the accuracy of this content, please do contact us for changes or corrections.