Data Management

Featured Article – Coronavirus Tracking

Posted on by Andy Miller

Following recent Wall Street Journal reports that phone data from tech companies and data providers is being used to track the movements of Americans in order to better understand the spread of COVID-19, here’s a look at how data and apps are being used worldwide in the common fight against the virus.

Americans Tracked By Phone Location Data

As has recently been reported in the Wall Street Journal, phone data from tech companies and data providers is being used to track the movements of Americans in order to better understand the spread of COVID-19.

The phone data, which is reported not to have any personally identifiable elements, thereby retaining privacy, has been analysed (according to the WSJ) and compiled into reports which have been sent to the ‘Centers for Disease Control and Prevention’ as well as other offices.  The data will also be added to a portal for official use.

500 Cities

The reported goal of making a portal available to officials which contains the analysed phone data from 500 U.S. cities is to be able to help improve America’s response to the unfolding COVID-19 crisis.

Privacy Concerns

Although it could be argued that these are unusual times when all manner of methods of tracking and controlling the virus are likely to be considered, the fact that phone data is being used this way has led to concern among privacy groups and activists.

Not Using Phone Data

However, a spokesperson for ‘Centers for Disease Control and Prevention’ is reported to have said that phone data is not being used but public health surveillance data from sources such as the World Health Organisation (WHO) is being used to help track the spread of COVID-19.

Letter

Back on March 19, Senator Edward J. Markey wrote to Michael Kratsios, the Chief Technology Officer of the United States, asking him to “balance privacy with any data-driven solutions to the current public health crisis”.  Also, in the letter, Sen. Markey pointed out that “a person’s location information can reveal other sensitive details, such as a place of employment, religious affiliation, or political preferences” and, therefore, Sen. Markey asked for assurances that collection and processing of phone location information, even if aggregated and anonymised, would not pose safety and privacy risks to individuals.

Location Tracking in Other Countries

In his letter, Sen. Markey also noted how America should be guided by the experience of other countries that have turned to technology to combat COVID-19 and that,  the use of location data without careful limitations could harm the privacy and civil liberties of Americans.

Singapore

The countries and methods highlighted by Sen. Markey included Singapore, where he alleges that the government publishes personal details of coronavirus, such as their age, nationalities, length of stay in hospital, where they live, and even their connections to one another.

It is likely that he may have been referring to several technological measures being used in Singapore,  such as the TraceTogether app.  The app uses location data and Bluetooth to help stop the spread of COVID-19.  Once on a user’s phone, the app records when that user goes near another person who has the TraceTogether app.  This proximity data is stored on the user’s phone and can be requested for analysis with the user’s permission – which many are willing to give to help stop the spread of the disease.  The TraceTogether app is also used by the Singapore government to send out updates to citizens via WhatsApp twice a day containing information such as the number of cases, suspected locations of outbreaks, and advice for avoiding infection.

South Korea

Another Country referred to by Sen. Markey was South Korea where he suggested that data shared about patients who were being admitted to hospital led to them being stigmatised.

This may have been a reference to the “self-quarantine safety protection” app from the country’s ‘Ministry of the Interior and Safety’ via which the central and local governments send out real-time alerts via text message, apps and online giving details of the number of confirmed cases of coronavirus (COVID-19) and of the travel histories of those infected.

Another app in popular use in South Korea is the “Corona 100m app” which has been downloaded more than 1 million times and alerts users if they breach a 100-metre (328 ft) radius of the latest tracked whereabouts of a coronavirus patient.

South Korea is also reported to be deploying a system that uses data including surveillance camera footage and even the credit card transactions of confirmed coronavirus patients to recreate their movements.

The UK

Following the example of other countries, such as South Korea, using technology to significantly ‘flatten the curve’ of COVID-19, the UK government is reported to be about to launch its own app to warn users if they are in close proximity to anyone who has tested positive for coronavirus. The app will use short-range Bluetooth to detect phones in the vicinity and store a record of those contacts and, if a person tests positive for COVID-19, they can upload the contacts and alert them via the app.  The idea behind it appears to be that, if people test positive for coronavirus, those people that they may have been in contact with can be quickly informed and can self-isolate.

It has also been reported that the data from the app won’t be shared with central authorities, thereby helping to reduce fears of possible privacy breaches.

Large Numbers Needed

For the UK app to be effective, however, it is (somewhat optimistically) thought that more than 50% of the population would need to download it.

Ethics Board To Be Appointed

Considering that the app will be collecting such sensitive information, and assuming that it does achieve a very large number of downloads, it appears likely that UK’s National Health Service ‘NHSX’ (a new unit driving forward the digital transformation of health and social care) will need to appoint its own ethics board to oversee the app’s development.

Social Media and Tech Giants

As well as whole countries and governments looking at ways to collect and use location data to help fight the spread of COVID-19, tech giants like Facebook and Google are also offering to use their collected data to help.

Facebook

Facebook is reported to be using its unique perspective as a company with access to data from 2.5 billion monthly active users to:

– Provide (anonymised) location information to feed into analysis and forecasts that could help tackle the spread of the virus.

– Produce three disease prevention maps on population movement, as part of its, ‘Data for Good’ program, to help inform disease forecasting efforts and protective measures.

– Send out a prompt on Facebook aimed at encouraging people in the U.S. to sign-up to a voluntary survey from Carnegie Mellon University Delphi Research Center that’s been designed to help health researchers identify COVID-19 hotspots.

Google

Google is also releasing ‘COVID-19 Community Mobility Reports’ to health officials, based on its own collected, anonymised data from phones, to show movement trends and insights and thereby help to tackle the spread of COVID-19.

Looking Ahead

Most people would probably agree that using what data is available, if it really is in an anonymised form that will not impact on privacy, and if it is used just to help tackle the spread of the virus is a reasonable idea.  It is a good thing that some countries appear to have been able to use apps to help gather data and inform people in a way that may save lives, and it appears that the UK will also be using the power of technology (an app) to help in the fight.

The challenge is to be able to use data from consenting people i.e. people who have downloaded the apps and agreed to have their location data used, in an ethical way, in a way that protects privacy,  and in a way that doesn’t lead to stigmatising or prejudice or is carried on for other purposes beyond tackling this particular outbreak.

Facebook Sued Down-Under For £266bn Over Cambridge Analytica Data Sharing Scandal

Posted on by Andy Miller

Six years after the personal data of 87 million users was harvested and later shared without user consent with Cambridge Analytica, Australia’s privacy watchdog is suing Facebook for an incredible £266bn over the harvested data of its citizens.

What Happened?

From March 2014 to 2015 the ‘This Is Your Digital Life’ app, created by British academic, Aleksander Kogan and downloaded by 270,000 people which then provided access to their own and their friends’ personal data too, was able to harvest data from Facebook.

The harvested data was then shared with (sold to) data analytics company Cambridge Analytica, in order to build a software program that could predict and use personalised political adverts (political profiling) to influence choices at the ballot box in the last U.S. election, and for the Leave campaign in the UK Brexit referendum.

Australia

The lawsuit, brought by the Australian Information Commissioner against Facebook Inc alleges that, through the app, the personal and sensitive information of 311,127 Australian Facebook Users (Affected Australian Individuals) was disclosed and their privacy was interfered with.  Also, the lawsuit alleges that Facebook did not adequately inform those Australians of the manner in which their personal information would be disclosed, or that it could be disclosed to an app installed by a friend, but not installed by that individual.  Furthermore, the lawsuit alleges that Facebook failed to take reasonable steps to protect those individuals’ personal information from unauthorised disclosure.

In the lawsuit, the Australian Information Commissioner, therefore, alleges that the Australian Privacy Principle (APP) 6 has been breached (disclosing personal information for a purpose other than that for which it was collected), as has APP 11 (failing to take reasonable steps to protect the personal information from unauthorised disclosure).  Also, the Australian Information Commissioner alleges that these breaches are in contravention of section 13G of the Privacy Act 1988.

£266 Billion!

The massive potential fine of £266 billion has been arrived at by multiplying the maximum of $1,700,000 (£870,000) for each contravention of the Privacy Act by the 311,127 Australian Facebook Users (Affected Australian Individuals).

What Does This Mean For Your Business?

Back in July 2018, 16 months after the UK Information Commissioners Office (ICO) began its investigation into the Facebook’s sharing the personal details of users with political consulting firm Cambridge Analytica, the UK’s ICO announced that Facebook would be fined £500,000 for data breaches.  This Australian lawsuit, should it not go Facebook’s way, represents another in a series of such lawsuits over the same scandal, but the £266 billion figure would be a massive hit and would, for example, totally dwarf the biggest settlement to date against Facebook of $5 billion to the US Federal Trade Commission over privacy matters.  To put it in even greater perspective, an eye-watering potential fine of £266 billion would make the biggest GDPR fine to date of £183 million to British Airways look insignificant.

Clearly, this is another very serious case for Facebook to focus its attention on, but the whole matter highlights just how important data security and privacy matters are now taken and how they have been included in different national laws with very serious penalties for non-compliance attached. Facebook has tried hard since the scandal to introduce and publicise many new features and aspects of its service that could help to regain the trust of users in both its platform’s safeguarding of their details and in the area of stopping fake news from being distributed via its platform.  This announcement by the Australian Information Commissioner is, therefore, likely to be an extremely painful reminder of a regrettable and period in the tech giant’s history, not to mention it being a potential threat to Facebook.

For those whose data may have been disclosed, shared and used in a way that contravened Australia’s laws, they may be pleased that their country is taking such a strong stance in protecting their interests and this may send a very powerful message to other companies that store and manage the data of Australian citizens.

The Difference Between Backup and Disaster Recovery

Posted on by Andy Miller

We’re all familiar with the value of making a backup of business data, but how does this fit with ‘Disaster Recovery’ and ‘Business Continuity’ strategies?  This article takes a brief look at how these elements fit together to ensure that businesses can survive, function and get back up to speed when disastrous events (external or internal) pose a serious threat.

Reality

Normal life rules apply to the business environment i.e. things can and do go wrong, and backup and disaster recovery are both based upon this understanding.

Business continuity in the event of a ‘disaster’, is about making sure that your essential operations and core business functions can keep running while the repairs can be made that get you back up to speed.

What Could Go Wrong?

There is a potentially huge range of ‘disasters’ that businesses could make plans to be able to overcome, and even though organisations come in different sizes and have different budgets, the risks they face are generally the same.  Typically, the more obvious ‘disaster’ threats the business include:

  • Hardware failures/server failures.
  • Outages and/or file corruption
  • The effects of cyber-attacks.  For example, 53% of senior managers believe that a cyber-attack is the most likely thing to disrupt their business (Sungard AS 2019) and the effects could include damage to / locking out of systems (malware and ransomware), fraud and extortion, data breaches (which could also attract fines under GDPR, damaging publicity and loss of customers).
  • Environmental/natural disasters e.g. fire and flood.
  • Important 3rd supplier failure or the loss of key employees.
  • Failures of part / a component of a network e.g. as highlighted by recent problems with banking and airline industry services.
  • Theft or loss of equipment holding company data.

Backing Up Your Data – Where To Store It

When it comes to backups, security, integrity, cost, scalability, complying with legislation, your own business plans, and ease of daily use are all considerations.  Where / how to store backed-up data is a decision tackled differently by different companies.  In the UK, GDPR (the data protection regulations) should be taken into account in these decisions.  Places to back up data could include:

  • On-site – storing data in the same location e.g. on an external hard drive in the workplace.  Although the data backup is close to hand, this is not a particularly secure solution and in the event of flood/fire/theft disasters, your data would be gone.
  • Off-site – taking the data away on a hard drive or another physical storage medium.  This means it’s less at risk from local issues (e.g. loss, theft, damage) but could mean it takes longer to restore data .
  • Online – backing up your data on hosted servers (in the cloud) and accessing them through an application. This is now becoming the preferred method for most businesses as it is convenient and fast (if you have an Internet connection) and it cuts out many of your on-site potential disaster risks (fire, flood, loss and damage of physical storage media).

Some businesses prefer to use a ‘hybrid’ cloud backup to help address any vulnerabilities that cloud-only or local-only backup solutions have.

There are many dedicated online backup solutions available e.g. IDrive Business, Backblaze Business, Carbonite Safem, or larger solutions for businesses with much bigger data backup requirements.

Backup Decisions

Taking regular, secure backups of your business data is an important part of good practice.  It is also an important element of disaster recovery and the business continuity process.

There are several types of backup that businesses need to make decisions about.  These include whether, if/when and how to make:

  • A full backup – one that covers every folder and file type and typically takes a long time.
  • An incremental backup – the first back up is a full one, followed by simply backing up any changes made to the previous backup.
  • A differential backup – similar to an incremental backup, requires more storage space but has a faster restore time.
  • A mirror backup – an exact copy of your data that has the advantage of removing the obsolete files each time.
  • An Image-based backup – captures images of all data and systems rather than just copying the files.
  • A clone of your hard drive – similar to imaging and creates an exact cloned drive with no compression.

In reality, many businesses make use of many different types of backup solutions at the same time.

Business Continuity, Backup Decisions and Disaster Recovery

Accepting that disasters happen and that you can plan how to maintain business continuity while you deal with them (using a disaster recovery plan) is an important step in safeguarding your business. Maintaining the ability to ensure that core functions and critical systems remain in place in the event of a disaster (business continuity) involves planning, an important part of which is the disaster recovery plan (DRP).  Creating this plan is usually an interdepartmental process, which is often led by information technology.

RTO & RPO – Linking Backups To Your DRP.

There are two metrics you can use to help you to make data backup decisions that relate to your DRP.

The Recovery Time Objective (RTO): the recovery window / how long (time) the business realistically has to recover from a disaster before there are unacceptable consequences.

The Recovery Point Objective (RPO): how far back (the maximum tolerable period of time) your organisation needs to go in recovering data that may have been lost due to a disaster.

By working out these time periods (particularly RPO), it can help you to decide upon the frequency of backups, which backup methods are most suitable and preferable to you e.g. the need to go back longer periods may favour online backups, and businesses with  large quantities of valuable historic data may struggle with a short RTO (which may require tiered data recovery).

In today’s business environment it is worth bearing in mind that your customers are not likely to be very tolerant of downtime, so recovery windows now need to be as short as possible. Many businesses, therefore, simply opt for a daily backup.

Disaster Recovery Plan

At the heart of your business disaster recovery strategy should be the disaster recovery plan (DRP) which should provide step-by-step workable instructions to ensure a fast recovery.  A DRP should be tested and kept up to date to ensure that it will work in reality in the event of a disaster and typically includes elements like:

  • A plan for roles and communications, detailing employee contact information and who’s responsible for what following the disaster.
  • A plan to safeguard equipment e.g. to keep it off the floor, wrapped in plastic away from flooding.
  • A data continuity system that details what the business needs to run in terms of operations, finances/accounts supplies, and communications.
  • Checking that your data backup regime is working, and that very recent copy is stored in a secure place but would be easily and quickly accessible when needed.
  • An asset inventory, including photos where possible, of the hardware (workstations, printers, phones, servers etc) reference for insurance claims after a major disaster.
  • Keeping (up to date) documentation that lists all vital components of your IT infrastructure, hardware and software, and a sequence of what needs to be done to resume business operations with them.
  • Photos showing that the hardware was in use by employees and that care had been taken to minimise risk e.g. items were off the floor (e.g. to avoid flood damage).
  • A supplier communication and service restoration plan so that you quickly restore services and key supplies after the disaster.
  • Details of a secondary location where your business could operate from if your primary location was too badly damaged in a disaster.
  • Details of the testing, optimisation and automation of your plan to ensure that it could be implemented quickly, as easily as possible, and free from human error.

Putting The Pieces Together

The basic difference between a backup and disaster recovery, therefore, is that a backup is having a copy of your data, and disaster recovery is the whole strategy to recover your business operations and essential IT environment in the event of a serious event e.g. cyber-attack, equipment failure, fire or flood.

Creating a DRP involves completing a risk assessment and business impact analysis in order to identify critical applications and services, and it is from here that your business can then create its own tailored RTOs and RPOs which in turn, will link to your backup strategy and cycles.

Backups are essential files that enable a full restore, and as such are an important element of ongoing good practice and of your DRP, and your backup should relate strongly to the underlying strategy of disaster recovery.

One thing is certain about backup and disaster recovery which is that having no plan for either is means planning to fail.

Digital ‘Pressure’ For Accountants

Posted on by Andy Miller

A report by IT company Prism Solutions has highlighted how traditional accountancy firms are having to change rapidly to meet challenges such as Cloud computing, GDPR and HMRC pressing quickly ahead with ‘Making Tax Digital’ (MTD).

MTD

According to the report, the whole accountancy profession is now on the verge of an evolutionary change and accountancy firms will need to develop into digital practices in order to compete and survive.

One of the key change drivers and challenges for accountancy firms is HMRC’s ongoing ‘Making Tax Digital’(MTD) initiative which has been designed to eradicate paper from the tax filing process and to make the UK tax system more effective, efficient and easier for taxpayers to use.

The fact that an estimated 1.2 million businesses are subject to the MTD VAT rules (for VAT periods starting on or after 1 April 2019 or 1 October 2019 for organisations which are more complex), must now keep VAT records in a digital format and submit their VAT returns to HMRC using MTD compatible software (yet can’t do so using HMRC’s website) means that they are turning to accountancy firms to submit the returns on their behalf.  This leaves accountancy firms with new challenges such as having to adapt quickly to a different type of interaction with their clients who are looking for accountants to be experts on the digital process and to provide instant service and issue resolution. Accountancy firms are also facing possible problems if HMRC doesn’t do enough to communicate MTD to relevant businesses.

Always On

The Prism Solutions report highlights how accountancy clients now expect technology to be ‘always on’ 24/7 and that the ability of an accountancy firms’ productivity to be able to connect with their clients in real-time, and offer access to real-time data that’s always on is an important way in which they can deliver an exceptional client experience.

Other Challenges

The Prism report also notes that, just as Cloud computing, GDPR, and MTD are already having an impact on accountancy, other emerging challenges to the profession include the development of AI technologies, blockchain and crypto-currencies.

What Does This Mean For Your Business?

Having to digitise accounts is providing challenges to both businesses and accountancy firms and looks set to change aspects of the relationship between the two.  Accountancy firms are realising that embracing all forms of ‘digital’ is a key enabler to enhancing productivity, and that becoming part of the digital revolution with their clients will enable them to not just offer a better service, but also to grow as they take advantage of new revenue-generating opportunities and position themselves as the go-to adviser for their clients.

As well as expecting ‘always-on’ service and digital expertise from accountancy firms, business customers will still want to use their accountants as a source of business advice for business planning, strategy, and market development (for example), and getting better at using digitisation to do this could be another way in which accountants could keep delivering value to businesses.

Less Than Half of Small Businesses Ready For No-Deal Brexit

Posted on by Andy Miller

Research from techUK shows that less than half of small UK businesses consider themselves to be ready to face a no-deal Brexit on 31 October, whereas 87% of larger businesses think they are prepared.

Small and Medium

The techUK research shows that only 43% of UK small businesses think they are ready for the prospect of a no-deal Brexit, which is not too different to the mere 50% of medium-sized companies that expressed readiness.

Not Up To Date With Government Guidance

The survey revealed that although most enterprises are aware that the government has given guidance on getting ready for a no-deal Brexit, only 30% of small businesses and 33% of medium-sized businesses regard themselves as being up to date with that guidance.

Popular Concerns

In addition to the impact on the UK economy, some of the popular concerns that many businesses have about a no-deal Brexit include how they stand in terms of regulatory and any extra regulatory barriers that may hinder trade compliance, and difficulty in finding staff after an end to freedom of movement (there is already a tech skills shortage and tech ‘brain drain’).  Also, businesses are clearly worried about post-Brexit relationships with suppliers, whether contracts will need to be updated, and whether they will have enough of the right raw materials and parts to keep production running smoothly and meet their customer demands while keeping their costs and prices down.

Data Protection Guidance For Brexit

As far as being prepared to stay compliant with data protection laws, the ICO has recently stated that if a UK business or organisation already complies with the GDPR and has no contacts or customers in the EEA, that business or organisation doesn’t need to do much more to prepare for data protection compliance after Brexit.

The latest guidance for businesses facing a no-deal Brexit can be found on the website here: https://ico.org.uk/for-organisations/data-protection-and-brexit/data-protection-and-brexit-for-small-organisations/

What Does This Mean For Your Business?

It doesn’t take a study to find out that there is still a great deal of uncertainty about trading post-Brexit, particularly after the impact of a no-deal Brexit. As the businesses in the study indicated, many are aware that there is guidance available from government sources and that SMEs don’t appear to be up to date with that guidance.  It is good, at least, that the ICO has issued clear, easily accessible guidance on its website to help companies prepare to remain GDPR compliant after Brexit. Other Brexit guidance for small businesses can be found on the FSB website here https://www.fsb.org.uk/standing-up-for-you/brexit/resources  and on the main UK government website here https://www.gov.uk/find-eu-exit-guidance-business.

Tech Tip – The F-Secure Data Discovery Portal

Posted on by Andy Miller

The free online Data Discovery Portal from F-Secure shows you what personal information you have given to tech-giant free services Facebook, Google, Amazon, Snapchat, Twitter and Apple over the years.

If you visit https://data-discovery-portal.f-secure.com/en/ and click on the logo of each of those companies you will be taken straight to the page where you can download a copy of the information that they have collected about you (Apple requires a login).  With Amazon, for example, you can even discover the way to review, listen to, and delete any voice recordings associated with your account.

The F-Secure Data Discovery Portal is, therefore, one easy way in which you can take steps to protect your identity and guard your personal data going forward.

Scientists Discover How To Store Data On Matter Smaller Than DNA

Posted on by Andy Miller

Scientists from Brown University are reported to have discovered how to store data on metabolic molecules, which are pieces of matter that are even smaller than DNA.

Storage In Artificial Metabolomes  

The results of the recent research announced on the Brown University website and published in the PLOS ONE journal describe how researchers have discovered a way to store/encode and retrieve kilobyte-scale image files from artificial metabolomes which are arrays of liquid mixtures containing sugars, amino acids and other types of small molecules.  Some of these small molecules are smaller and have greater information density than DNA.

According to the researchers, although DNA is best for encoding larger datasets, the small molecule metabolite data method has low latency so that data sets can be written and read quickly.  The small molecule method is, however, still slower than traditional computers.

DNA Storage Research Not New

Research into storing data in DNA is not new.  For example, back in 2013 scientists in Cambridge spelt out a collection of Shakespeare’s 154 sonnets in DNA.

Also, last September UK scientists developed a technique to enable them to store computer files on DNA.  Scientists from the European Bioinformatics Institute developed a method whereby the basis of digital data, which is made up of ones and zeros, is changed into their own code as Cs, Gs, and Ts.

This converted code was sent to a US laboratory, which turned the letter code into physical DNA so that it could act like an incredibly small hard drive. The laboratory used DNA synthesis machines to transform the code into physical material in a similar way to how an inkjet printer lays down ink on paper. The physical result was a tiny piece of dust with the vital digital data stored inside. An estimated 215 petabytes (215 million gigabytes) of data could be stored in a single gram of DNA.

Why?

The reasons for developing ways to store data in DNA and even smaller molecules are that we are generating vast quantities of data with no practical and cost-effective way to store it for the future.  For example, it is estimated that there are now 3 zettabytes (3000 billion bytes) of digital data, with more being generated all the time. Storage media such as hard disks are expensive and require a constant supply of expensive electricity, and even the best ‘no-power’ archiving materials e.g. magnetic tape degrade within a decade.

The advantages of DNA and smaller molecules for storage are that:

  • Sensitive data stored in DNA and other small molecules won’t be vulnerable to hacking.
  • Data stored in this way could survive in harsher climates and environments where traditional hardware can’t.
  • DNA provides a highly effective, ultra-compact space-saving solution, that doesn’t require large amounts of costly electricity.
  • DNA can keep for hundreds of thousands of years if kept in a cool, dry place. Data stored in DNA won’t degrade over time, and it can be decoded relatively easily.
  • DNA won’t become obsolete, and unlike other high-density approaches, new technologies can write and read large amounts of DNA in one go.

What Does This Mean For Your Business?

The incredible science involved in this could give businesses a way to store and back up vast amounts of data in a very convenient and secure way (safe from hackers) with dramatically reduced space, equipment, and electricity costs, and with the assurance that the data could be stored, without decay, for many thousands of years.  Some tech commentators have estimated that commercial DNA storage devices may be on shelves in the next few years.

You could be forgiven for thinking, however, that DNA storage of data sounds (and probably will be) expensive, and it may be the case that most businesses will be sticking to cloud storage for quite some time yet.

Accounting Systems Too Complex (And Lack Investment)

Posted on by Andy Miller

A recent Barclaycard survey shows that 48 per cent of Chief financial officers (CFOs) think that current accounting systems are too complex.

Complex Systems

According to the survey, some of the main reasons that CFO’s find their accounting systems to be too complex are that they are not digitised enough and too are labour intensive.  This is the reason why 44% of CFOs say that they would want more automation when they upgrade.

Not Investing Could Be Affecting Bottom Line

The Barclaycard survey also found that a Chief Financial Officer’s (CFO’s) leadership style and willingness to invest in their financial and accounting software has a real impact on their businesses’ bottom line.  For example, over a fifth (22%) of finance heads believe their accounting software is out of date, which, according to Barclaycard, could mean that UK CFOs are missing out on £6.7 billion each year by not taking advantage of early payment discounts.

Complex And Out Of Date

According to Barclaycard’s survey results, even though 85% of the CFOs surveyed said they recognise the need to continuously invest in their accounting systems, this is clearly not happening and this may be because more than three-quarters (77%) admit to not having time and resources to find the right one.

This lack of investment and time, coupled with apparent resistance to change in many businesses appears to have led to a situation whereby 22% of businesses are using out-of-date accounting software, with 40% of businesses not having upgraded their accounting software for five years!

Missing Out

Barclaycard’s survey indicates that because many accounting software systems are outdated, companies can’t automate payments to meet supplier conditions for an early settlement discount, and this could mean that UK corporates are missing out on of £14.4bn of saving per year (the equivalent of £75,389 per business).

The Survey

This survey, conducted on behalf of Barclaycard conducted by Opinium Research in February 2019, was carried out among 500 senior financial decision makers in companies with turnover of £6.5 million or more and who do not outsource their accounts payable.

What Does This Mean For Your Business?

Even though the research was conducted by Barclaycard, which has an interest in accounting systems, it does highlight some of the challenges and barriers to upgrading that many businesses face, such as not having the time, money, and other resources to help them invest in a new system, thereby making them miss out on possible savings from early settlement discount.

It is not just with accounting systems that businesses would like to reduce complexity and increase automation where possible but struggling with accounting technology and systems is certainly not uncommon.  For many small businesses, it’s often a case of using desktop accounting software with related third-party apps and integration without much software training and asking the accountant for technology advice.  For example, a recent Zoho and AccountingWeb report showed that small businesses ask their accountants for technology advice 83% of the time, and 40% of those accountants say they are asked technology questions up to 20 times a month.

Employee Subject Access Requests Increasing Costs For Their Companies

Posted on by Andy Miller

Research by law firm Squire Patton Boggs has revealed (one year on from the introduction of GDPR ) that companies are facing cost pressures from a large number of subject access requests (SARs) coming from their own employees.

SARs

A Subject Access Requests (SAR), which is a legal right for everyone in the UK, is where an individual can ask a company or organisation, verbally or in writing, to confirm whether they are processing their personal data and, if so, can ask the company or organisation for a copy of that data e.g. paper copy or spreadsheet.  With a SAR, individuals have the legal right to know the specific purpose of any processing of their data, what type of data being processed and who the recipients of that processed data are, how long that data stored, how the data was obtained from them in the first place, and for information about how that processed and stored data is being safeguarded.

Under the old 1998 Data Protection Act, companies and organisations could charge £10 for each SAR, but under GDPR individuals can make requests for free, although companies and organisations can charge “reasonable fees” if requests are unfounded, excessive (in scope), or where additional copies of data are requested to the original request.

Big Rise In SARs From Own Employees = Rise In Costs

The Squire Patton Boggs research shows that 71% of organisations have seen an increase in the number of their own employees making official requests for personal information held, and 67% of those organisations have reported an increase in their level of expenditure in trying to fulfil those requests.

The reason for the increased costs of handling the SARs can be illustrated by the 20% of companies surveyed who said they had to adopt new software to cope with the requests, the 27% of companies who said they had hired staff specifically to deal with the higher volume of SARs, and the 83% of organisation that have been forced to implement new guidelines and procedures to help manage the situation.

Why More Requests From Employees?

It is thought that much of the rise in the volume of SARs from employees may be connected to situations where there are workplace disputes and grievances, and where employees involved feel that they need to use the mechanisms and regulations in place to help themselves or hurt the company.

What Does This Mean For Your Business?

This story is another reminder of how the changes made to data protection in the UK with the introduction of GDPR, the shift in responsibility towards companies, and the widespread knowledge about GDPR can impact upon the costs and workload of a company with SARs.  It is a reminder also, that companies need to have a system and clear policies and procedures in place that enables them to respond quickly and in a compliant way to such requests, whoever they are from.

The research has highlighted an interesting and perhaps surprising and unexpected reason for the rise in the volume of SARs, and that there may be a need now for more guidance from the ICO about employee SARs.

Salesforce Adding Blockchain Platform To CRM

Posted on by Andy Miller

The Salesforce cloud-based CRM platform is adding a low code, blockchain-powered service that will allow users to share data with third parties in a secure, transparent, and auditable way.

Blockchain

Blockchain, the technology that was famously behind the bitcoin cryptocurrency, has been described by its Co-Founder Nic Carey as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.  Blockchain is an open-source, free technology that acts as an incorruptible peer-to-peer network / a kind of ledger that allows multiple parties to transfer value in a secure and transparent way.

Salesforce Blockchain Platform

Salesforce is positioning its Blockchain platform as a low-code system that has been customised to fit with Salesforce’s flagship Lightning CRM product.  The Blockchain platform has been built on the open source technology developed by Hyperledger Sawtooth. Salesforce Blockchain is currently only available to select design partners but will have its general release in 2020.

Why Blockchain?

Many businesses and organisations are now finding that they need to harness and share large amounts of data with a growing network of partners and third parties.  This sharing needs to be accomplished, however, in a way that is secure and incorruptible, and transparent and with a clear audit trail.  There is, of course, also the need to save costs, reduce inefficiencies, and make the process of sharing data as fast and easy as possible.

Also, in terms of the broader function of a CRM system, companies and organisations need the most up-to-date and effective way to verify and maintain contracts, send transactions, and essentially “automate trust”. Blockchain offers all these benefits.

Blockchain-as-a-Service

Salesforce is one of a growing number of tech brands getting in the rapidly growing BaaS market which offers enterprises the chance to deploy distributed ledgers without the cost or risk of deploying it in-house, and without needing to find in-house developers.

Tech commentators have noted, for example, that Microsoft and many other big tech companies, including Amazon and Oracle, are now looking to make the most of the growing blockchain as a service (BaaS) market. Microsoft was one of the first software vendors to offer BaaS on its Azure cloud platform as far back as 2015, but the predictions are that from the end of this year onwards, the market (estimated to be worth $7billion) will start to grow rapidly.

Real World Examples

Salesforce is already reporting ways that its new Blockchain platform is making a positive difference, such as at S&P Global Ratings which is using the service to reduce the time it takes to review and approve new business bank accounts.

There are now plenty of other examples of how Blockchain technology is being used (and is about to be used) in the real business world to add value, increase efficiencies, create opportunities and provide innovative ways of meeting old business challenges.  These include:

  • Using the data on a blockchain ledger to record the temperature of sensitive medicines being transported from manufacturer to hospital in hot climates. The ‘incorruptible’ aspect of the blockchain data gives a clear record of care and responsibility along the whole supply chain.
  • Using an IBM-based blockchain ledger to record data about wine certification, ownership and storage history. This has helped to combat fraud in the industry and has provided provenance and re-assurance to buyers.
  • Shipping Company Maersk using a blockchain-based system for tracking consignments thereby offering visibility and efficiency i.e. digitising a formerly paper-based process that involved multiple interactions.
  • Start-up company ‘Electron’ building a blockchain-based system for sharing information between those involved in supplying energy which could speed up and simplify the supplier switching process. It may also be used for smart grid processes, such as local load-balancing of supply and demand.
  • Data storage solutions company Seagate Technology (Seagate), and IBM working together and using Blockchain and advanced cryptographic product identification technology to reduce disk-drive product counterfeiting.
  • Facebook is reported to be developing its own blockchain-based cryptocurrency that will enable its users to have a PayPal-like experience when purchasing advertised products, as well as providing authentication and an audit trail.

What Does This Mean For Your Business?

For Salesforce customers, particularly the smaller customers, having Blockchain-as-a-Service as part of their CRM should enable them to solve some of their biggest data-sharing challenges (security, trust, and transparency) in a way that doesn’t require lots of code, and in a way that doesn’t require the considerable cost or risk of trying to develop and deploy it in-house.

The benefits of blockchain technology are just starting to be realised and exploited by many different companies around the world, and the BaaS market looks set to grow rapidly with the big tech companies and brands all looking to compete by offering different Blockchain-based services to businesses and organisations of all sizes.

Blockchain has already proven itself to be a technology that can save time and costs, provide fast and secure traceability, visibility and efficiency, and provide a real competitive advantage for companies that are willing to investigate how it could be used to add value to their particular business.

Even governments and cities around the world have realised the benefits and are committing considerable resources to Blockchain. For example, Dubai has committed to putting all of its documents on blockchain in the next few years and has founded a public-private initiative called the Global Blockchain Council to foster the development and use of blockchain technology in and between local government teams, local businesses and international start-ups.