Imagine Your Customers' Sensitive Data...Exposed
Dozens of life insurance customers' sensitive data that my wife and I wanted nothing to do with, right there, on my wife's iMac.
Crazy story follows.
My wife and I were overhauling our life insurance plans recently and — pardon the Buzzfeed-like hype here — YOU WON'T BELIEVE WHAT HAPPENED NEXT.
Here's the story...
It was a weeknight. My wife and I had completed the insurance application process and were sitting at our kitchen table to go through the quick medical exam.
After this wily, 32-year veteran examiner took our blood, he fidgeted with his Android tablet a few times, furrowed his brow, then asked if he could use our Mac to login to his company's system and print off the "Medical Supplement II" form to fill out by hand.
"I can't seem to connect to the Internet, so we'll have to go with these printed forms," he said, maybe relieved that he could work with the documents he's more accustomed to anyway versus the dedicated app he wanted to use. "Are you able to print these for me?"
We printed the forms and he pulled out two copies of another old-school, carbon-triplicate-press-hard-to-sign form to record our medical exam details.
"I'll fill in the other details later," he added. He had another appointment after ours at 7:30PM and then he’d hand-write our other details into the form at home, ending his day at around 8:15PM.
I told him what I do for a living (make paper-based tasks like this ridiculous one we just went through much more streamlined and secure) and I asked what he has to do next as part of his process.
"After I fill everything out, I'll fax this information over for the agent to do whatever they have to do. I'll give them the originals later next week," was his reply.
I was stunned. Fax? Seriously?
Then he left. I was surprised at how outdated this process was.
The plot thickens...
My wife sat down at her Mac while I had to leave for an evening activity. This brief text exchange took place…
She closed the tab out immediately out of a sense of duty to the other customers/patients.
It’s hard (and not hard at all) to believe this actually happened in 2020.
On one hand, we read all the time about updated privacy policies and GDPR in Europe and so on. In that way, it’s shocking.
On the other hand, we also read about data breaches and I frequently talk to companies grappling with overly complex digital transformation initiatives. In that way, it’s not shocking at all. IBM reports that the average total cost of a data breach alone is $3.9 million USD.
Now, I’m slightly concerned that my data will be on display on the next person’s computer screen when that medical examiner's custom app fails because it doesn’t allow for offline access or whatever. But I don’t fault him entirely — he’s been doing this for so many years.
He's been accustomed to following a very manual, paper-based process, where documents are in his possession (except for that whole faxing part) and then mailed directly to the person who will process them. This was once "secure," albeit very slow and time-wasting.
He probably had a whole new system thrust upon him after 18 months of a pilot program and its related revisions elsewhere. A system that was no doubt end-to-end, and complex, and yet didn’t have a contingency for no Internet access (and he didn’t take us up on the offer to help connect to our Wifi) nor for pandemics like we're now going through, and so, in the end, the process he had to follow was lacking in both security and efficiency. Double whammy.
As a result of all of that, dozens upon dozens (more?) of customers’ sensitive data was right there on display.
An incomplete digitization project made matters potentially worse. Potentially horrifically worse.
How many sensitive document workflows are still reliant upon loose papers floating around in your company?
How efficient are your processes for not only moving documents from one group of employees to another, but securely transmitting the data from those documents as well without making that data available to be captured by others?
If you have begun to plan a digital transformation, how well-suited, prepared, and trained for your digital transformation initiative are your existing employees? Will it take a miracle for them to adopt, let alone enthusiastically embrace, your new program?
And if you have digitized all of this, what kind of contingencies do you have in place for when the new Plan A for processing a document can't work in real-time?
I’m all for digital transformation efforts. But my experience highlights how at least one major insurance provider has failed to cover all the bases from a document process and security standpoint. And yet, I'm certain they've invested countless hours and millions of dollars on digital initiatives, and for what, if it fails in the simplest of moments like a new customer signing up?
The lesson here is about "microtransformation"
Sometimes it makes more sense to pursue smaller wins in order to modernize your operations and processes. Small wins that improve single processes by 25-75% rather than swing for the fences. Sometimes the massive overhaul that you have in mind that will digitize every aspect of your business isn't the right call if you can't execute it properly in the real world.
Think lightweight. Think nimble. Think microtransformation.
What do you think about this?