This week, the latest results have been presented in The Netherlands on Transparency in the Banking area. And although some institutions score really good, others really need to take it at least one mile further to get a good or even fair score.

We agree with the recommendations of the report that compliance regulations can help/force in being more transparent, e.g., the SEC in the USA is enforcing more detailed information than their Dutch peer, the AFM. And also for Basel II the financial institutions need to know who they are dealing with in the end. The phrase - in the end – makes it even more difficult for the CSR, because not only the ultimate legal entity is now needed, but additional details per region and per sector are required.

In our daily practice in implementing Customer Data Integration (CDI or MDM for Customer Data) projects, we face these challenges at our customers. They are absolutely willing to provide the right figures, however it’s far from a trivial task. There are many underlying systems that were never created to aggregate this kind of information in an easy way sufficient for reporting the CSR. There is a huge demand on bridging the gap between these systems in an non-intrusive way. To combine individual records in and across systems in so-called Golden Records, so on these can be used both for compliance and transparency on your social responsibility.

]]> http://datavaluetalk.com/data-governance/know-your-customers-improving-your-corporate-social-responsibility/feed/ 0 http://datavaluetalk.com/data-governance/6-year-girl-on-no-fly-list-of-suspected-terrorists/?utm_source=rss&utm_medium=rss&utm_campaign=6-year-girl-on-no-fly-list-of-suspected-terrorists http://datavaluetalk.com/data-governance/6-year-girl-on-no-fly-list-of-suspected-terrorists/#comments Fri, 02 Jul 2010 07:51:00 +0000 Holger Wandt http://datavaluetalk.com/?p=1447

When the Thomas family from Ohio embarked on a recent trip from Cleveland to Minneapolis, they were in for a huge, but unpleasant surprise. It appeared that 6-year old Alyssa Thomas’ name was on the Homeland Security no-fly list; a list that is used to prevent individuals with known or suspected ties to terrorism from flying. The girl’s father, Santhosh Thomas, states that the worst thing his daughter has ever done, is probably been mean to her sister, but that this should hardly be a matter for the Department of Homeland Security.

The Thomases were eventually allowed to fly that day, but they were told to contact Homeland Security to clear up the matter. Now Alyssa just received a letter from the government, notifying the six-year-old that nothing will be changed and they won’t confirm nor deny any information they have about her or someone else with the same name.

According to the Transportation Security Administration, the body responsible for the Secure Flight List, it is likely that Alyssa never had problems flying before. The TSA used to check only international passengers’ names against the no-fly list, but since earlier this month has decided to check domestic passengers as well. To us data quality professionals, this very much sounds like a case of incorrect identity matching…. Could it be that Homeland Security is in need of some intelligent data matching tools?

For more information realated to this subject, please read the blogposts Your name is too “common”…. and Attempted bombing Christmas Day could have been prevented!

Lack of understanding of the complexity of international names caused a near-accident successfully prevented by the Dutchman Jasper Schuringa.

On Flight 253, on its way from Amsterdam to Detroit, a passenger tried to explode the airplane. This passenger was not called John Smith, or Peter Johnson. No, his name was a little more complicated: Umar Farouk Abdulmutallab. Easy to misspell, and that is exactly what happened. A misspelling of the name of Umar Farouk Abdulmutallab resulted in the State Department believing he did not have a valid U.S. visa.

We love damage control, not prevention

Now we are introducing bodyscan devices, to detect at the airport what could have been detected earlier, if only we would have applied proper technology to detect the misspelling of the name. Government and also ompanies I speak with seem to be satisfied with simple old-fashioned comparison algorithms to “comply”. If we compare the name against the watchlist or against database X, we have done our duty…..

Well, I don’t believe so! It is your responsibility as a governmental organization or company, to act responsible and do the best you can to prevent terrorism. This is not: “let’s do the absolute minimum to comply to the regulations”. This sad example again shows this is irresponsible. A safer world starts with responsible behavior and thinking about prevention. One of the keys for prevention is using sophisticated name-search technology. This will keep us from introducing more expensive solutions for damage control, or worse: me having to fly naked the next time when I visit the USA.

A major bank in Dongguan (China) refused a potential customer because his name is Li Jun. Apparently, there were already over 300 bank accounts assigned to the name Li Jun. Not that this particular Li Jun was responsible for opening all these accounts, there were just too many men with exactly the same name. The bank states that the refusal is nothing personal, since nobody with the name Li Jun will be accepted as customer in the near future….. In the meanttime, Li Jun is taking legal action against the bank.

When I read this news article this morning, my first thoughts were that it was perhaps a hoax. It turns out , however, that the news fact is true. From a data quality point of view this strikes me as really strange. How does this particular bank manage its customer data? Are there no additional identifiers (address, date of birth, etc.) to determine that you are actually dealing with the customer you think you are dealing with? Imagine that every John Smith would have a hard time to open a bank account, to apply for a job or to buy a product via the web. Or Jenny Jones? Bob Johnson? When is a name too “common”? It is common misbelief that the complexity of ideographic characacters such as Mandarin Chinese makes it harder to identify. At Human Inference we carried out some pretty serious dedups of Chinese files and-taking into account that Mandarin Chinese is a tonal language and other priciples of fault-tolearnce apply- the duplicate identification was rather accurate.

It is all a matter of using an intelligent data matching method and knowing what kind of data one is working on. Every name can be identified; even “common” names.

This watchlist was created in 2004 from several other lists and at that time it consisted of about 68.000 entries. I use the word entries, because in the years after it became fuzzy if one record is the same as one individual. By the end of 2008 the list had grown to over 1,1 million entries. In 2008 after the American Civil Liberties Union (ACLU) mentioned that the list had passed the 1 million, the government came with an explanation. Although we have recorded over 1 million entries in the database, the net result is that these records correspond to about 400.000 individuals. Terrorist often use different and thus multiple identities, use several (falsified) passports etc. But adding entries with only the first initials and last name, while an entry of the full first names and last name already exists will result in unwanted side-effects.

We all know, as being interested in data quality and identity resolution, that J. Robinson will result into much more matches (hits) than James Robinson. Indeed the number of found matches will sky-rocket and have to be evaluated manually. Might this be the reason, that we see more and more security personnel on airports?

In the latest audit report of the U.S. Department of Justice about this watchlist one other problem was analyzed. While extensive procedures were made for nominating and adding suspects to the watchlist, there is no procedure for removing people from the list. Based on a sample of almost 70.000 entries and investigation of the individuals an astounding number of 35% omissions was found. People who had died were still on the list, people who were no longer investigated upon, cases which had been closed etc. So this watchlist is growing and growing. Resulting in screening personnel who ensnare many innocent travelers as suspected terrorists. And wasting their time and divert their energies from looking for true terrorists. It seems to me that FBI and TSC can benefit from better Data Governance, what do you think?

A happy new year and be sure to visit DataValueTalk.com in 2009 for continued data value.

No need to convince ourselves that data really brings value in BI! Still we see BI projects struggling with the foundation. The obvious statements as “garbage in is garbage out”, can we really trust the actual figures generated from our BI tool, and did the change management investments on the people providing the data really convert them in ‘data friendly persons’. I still need to smile internally if people complain about the garbage quality of the other departments and are completely convinced of their clean data - challenge them to cleanse and dedup their outlook contacts!

Another pitfall related to data quality is that people trust too often on keys or IDs. I’m sorry but data quality is much more than data matching on keys or IDs, even on official keys like social security numbers.

A recent blog from Oracle’s Frank Buytendijk “The Crisis Was Caused By ‘Performance Management’, And Performance Management Will Have To Solve It Too.” brings this whole strategic technology in the right after ‘crisis dip’ perspective. How come that with all these new BI tools we didn’t see a economic crisis popping up in our windscreen, or were we too much focused on the rear mirror. Hope to read soon more from his analysis!

They even offer services including protection from so-called “Identy theft”. All those services are marketing-wise labeled as “privacy matters”.

But when privacy really matters to you, have a look at the following video-clip or visit the site http://www.privacymatters.nl. On 14th May Human Inference will organize a breakfast meeting in the Netherlands on this very topic together with the expert Alexander Singewald (breakfast meeting).

Cloud Computing or Cloud Services that’s the ultimate dream we have. It doesn’t bother anymore where services are running, we need a handle to it and it can start raining. Pending on which part of the world you live, you like clouds or not. For someone with lastname “van Holland” it’s almost hard to believe that he needs to trust the clouds!

Number 3 on Gartner’s list on Top technology strategies for 2009 is dealing about Cloud Computing. And a more detailed blog with the challenging title “Delivering Cloud Services: ISVs – Change or Die or both!” on that topic can be found on the blog of Daryl Plummer.

Cloud computing and cloud services will change the data quality landscape. More and more smaller companies can now utilize the analyzing, cleansing, standardization, enrichment and deduplication services that in past were only available om premise for larger companies. By using the cloud, massive parallel computations can be executed to bring solutions for huge volumes of data belonging to large companies. Next steps will be that the cloud will execute data cleansing more efficient. Why cleanse in total 200 million contacts for a dozen companies while the region itself has only 100 million citizens (or households).

Steps we still face in light of Cloud Computing are how to differentiate the services for individual need per customer, and the whole serious issue of privacy and security.

David Cearley at Gartner comes with a fascinating other angle. Basically he sees virtualization also as strategic technology to virtualize the data. And by that twist, data quality and data governance appears annoyingly in the middle of your radar screen. In order to use this strategy for your operational excellence, to eliminate the number of redundant data on your real storage devices, and make a virtual layer between your applications and this virtual data storage, you need to be sure that all your applications can work seamlessly with that virtual data.

To significantly reduce your amount of redundant data you need to make it more agnostic. Your apps will still expect the data in a specific format, while your virtual data is stored in another way. You need tools to convert it quickly – back and forward – from the standard virtual way (e.g. first-name, prefix, last-name, zip-code, thoroughfare, etc) to the specific application way (e.g. name in one field, zip-code, street).

Virtualization of data is not only about deduplication of the data! The challenge is more on how to use the virtual data in your existing applications in a non-invasive way. This can be done by using good data quality tools for your cleansing and deduplication, and for your – back and forward – standardisation.