Professional Documents
Culture Documents
GDPR, and
disclosure
A practical guide for creditors and advisers
Page 1
Contents page
TECHNICAL GUIDE 3
1. What is this guide about?
November 2020
2
THE GUIDES
The Money Advice Trust and Money
Advice Liaison Group exist to improve “The Money Advice Liaison Group
the lives of people in debt. and Money Advice Trust are delighted to
To do this, they offer leadership and share this series of guides.
guidance on key issues. We hope they bring together the right
We are therefore pleased to support this blend of expertise and vision for the
new series of guides for organisations on practical benefit of all consumers.”
vulnerability, disclosure, and GDPR.
Paul Smee, MALG Chair
Written to bring together two groups -
data protection teams, and staff working
Joanna Elson, Chief Executive,
on vulnerability policy – each guide deals Money Advice Trust
with a different practical issue.
5
PART A: RECORDING DISCLOSURES
6
3. What should we record?
any contextual information – such as Taking such steps will help firms ensure
the cause of the vulnerability – that customers do not have to repeatedly
could help provide this support re-disclose a vulnerable situation.
This can prevent situations where a
any other information to help take
customer contacts a firm, assumes the
action to prevent, minimise, or avoid
firm knows about a previously disclosed
the harm a customer is vulnerable to.
vulnerability, but discovers they have to
re-disclose all of this again.
2. ICO. https://tinyurl.com/yynjobl5
7
FIGURE 2
Adequate
Customers often disclose This is about having the right amount
vulnerable situations in detail, and quality of data to help customers.
and in ways which can It is about ensuring a good picture is
challenge our ability to respond. painted of the customer’s situation.
It is about important details not being
left out, or questions left hanging.
It is about having enough information
to decide what actions to take next.
Relevant
This is about having the information
needed to inform practical action.
It is about answering the key question
Adequate ‘vulnerable to what?’
It is about establishing what difficulties
or harm a customer is experiencing,
Relevant and what our firm can do about this.
It is about recording information that is
Limited essential, rather than ‘might be useful’.
Limited
This is about having the absolute
minimum of the most relevant data.
It is about balance - having the data
firms need to help a customer, but not
Firms respond by ensuring collecting data that is never used.
they record the absolute Data protection teams should ask
minimum of the most relevant vulnerability specialists what data and
data needed to provide insights they need to do their job.
meaningful care and support. Firms that only collect ‘support need’
data are likely to miss key insights, and
may cause further customer harm.
8
ii. Relevant information How do we act on our principles?
Relevancy is about collecting information It is one thing to have a set of principles,
that will directly inform a firm’s actions – but another to consistently act on them.
rather than just being ‘of interest’.
We would make four observations.
In relation to disclosures of vulnerability,
First, ensure one of our primary
this is about recording information that:
purposes for processing is understood by
will help improve the ways in which a all staff: to help our vulnerable
firm interacts with a customer customers.
will improve a customer’s ability to While compliance with the GDPR is key,
access (and use) a product, service, firms have a choice in how they do this.
or process
They must therefore adopt an approach
is about any difficulties, detriment, or that delivers compliance, and provides
harm a customer is experiencing that the data staff need to help customers.
affect their relationship with the firm
Second, provide staff with the tools to
answers the question “vulnerable to extract and record the most relevant
what?”, and records what customers information.
feel will prevent detriment from this.
There are several candidate tools to
Critically, all of this insight is recorded to assist with this. These are briefly
help prevent customer harm. described in Guides 1 and 2.
Third, ensure staff are trained in turning
iii. Limiting data collection conversations into data.
Limiting and minimising the amount of
This can be challenging for staff, but it is
data held about a vulnerable customer’s
important they are able to accurately
situation is an important safeguard.
summarise a customer’s vulnerable
However, it can go too far – causing situation, support needs, and what the
harm for customers and firms. customer is practically vulnerable to.
Most often, this happens where firms Fourth, careful planning and investment
introduce ‘blanket’ data policies only should be made into vulnerability flag
allowing support needs to be recorded. and data systems – these can provide a
While done to minimise the amount of useful resource for both limiting and
special category data collected, this can organising the information firms hold
– as illustrated in Guides 1 and 2 – make about vulnerable customers.
it more difficult to help customers.
Further, even where support needs are
recorded, these may still inadvertently
infer an underlying health issue, making
them special category data after all.
For these reasons, we must remember
one of our main purposes for
processing: to help our customers,
rather than collecting data that half-
explains how we do this.
9
4. How should we record this?
The purpose of a flag is to send a clear and immediately visible signal to staff.
They are not meant to provide a detailed description. Instead they simply alert a
FLAGS staff member to an issue they need to take into account.
The purpose of an account note is to give the detail/context that flags cannot.
ACCOUNT
Staff need to record the absolute minimum of the most relevant information
NOTES about vulnerability. However, they are often unsure what this means in practice.
Example: “The customer has been diagnosed with Ataxia – they have said
this can affect their speech. They say it can mean they sound
drunk. However, they can speak if given the time to do this.”
11
5. What flags should we use?
What should our flag system do? What flags should we use?
The purpose of a flag system is to: There are a potentially large number of
visually alert a staff member flags available to firms (Figure 4).
inform them that a customer has In making this decision, firms should
been identified as vulnerable to harm consider the following factors:
remind the staff member to actively flags signal a problem, they do not
take any vulnerabilities into account describe it in detail – firms should
not have too many flags for staff to
direct them to consult support codes interpret, remember, or look out for.
and account notes for vital context Keeping it simple is key.
allow staff to add, update, or remove however, a single vulnerability flag is
flags to reflect a customer’s situation too simple – customers often have
contribute to a data-set that monitors multiple problems, a range of needs,
vulnerability across all customers. and with different levels of severity.
Some of this – like customers at high-
Dashboard risk of harm, or with communication
To do this, firms need to have a series of problems - need immediate flagging.
flags that act like the dashboard of a car. One vulnerability flag cannot do this.
These should be limited in their number, others may be involved – customers
clearly visible at all times, and succinctly may be supported by a firm’s internal
inform staff about vital information. specialist team, or an external third-
Looking back party (e.g. family or debt adviser).
However, we would never drive a car by Being alerted to this from the outset
only looking at our speedometer, rather can be beneficial to staff.
than in our mirrors, or the road ahead. ‘unfinished business’ – sometimes,
Therefore we need a flag system that due to emotional upset or practical
reminds staff to look back at support difficulties, staff will not be able to
codes and account notes (as these will complete all the actions needed with
provide key contextual information). a vulnerable customer. Flagging this
can allow conversations to be broken
Road ahead into smaller, more manageable parts.
And we need a forward-looking system.
time and date stamps are key – flags
This should inform conversations with need to be accurate, up-to-date, and
customers about their current situation, reviewed for accuracy. Therefore
and allow staff control over flag setting knowing when a flag was set/is due
to reflect any ‘new bumps’ in the road. for review is important.
It should allow potential vulnerability to ‘feedback loops’ help – frontline staff
also be flagged (so that firms can ‘watch’ are in the best position to feedback
for any emerging problems over time). on how well a flag system is working,
and what flags need to be changed,
added, or removed.
12
FIGURE 4 MOST BASIC ADDITIONAL FLAGS MOST
FLAG (STAFF ‘TICK ALL’ DETAILED
THAT APPLY) INFORMATION
EXAMPLES
LIFE EVENT
Is there a HEALTH CONDITION DETAIL ON SEPARATE
vulnerability YES FINANCIAL DIFFICULTY VULNERABILITIES IN
issue? FINANCIAL SKILLS ACCOUNT NOTES AND
LONG-TERM | SHORT-TERM SUPPORT CODES
FLUCTUATING
POTENTIAL VULNERABILITY
allow staff to add, update, or remove support codes need to be visible and
codes to reflect a customer’s situation understandable – there is no point in
firms devising support codes, if they
direct staff to consult account notes if are not immediately visible to staff.
greater detail is needed (particularly Equally, visible codes are little use if
where need is complex or long-term) they are too complex to understand
use these fixed codes and categories without a reference book.
to quantify the help and support support codes can indirectly infer
given across the customer base specialist category data – where a
take an approach that requires firms code describes a form of support for
to think systematically about the a particular health condition – such
categories of support they can offer. as a hearing impairment - then this
represents special category data (and
Why codes and categories? must be processed accordingly).
Firms will often record customer support In short, if a support code infers an
needs within the account notes section. underlying health condition (or other
This is understandable – particularly if a special category data), it has to be
customer’s support needs are complex, treated as special category data.
detailed, and require explanation. account notes are still needed –
However, one disadvantage of account support codes exist to alert staff to
notes is that this information can easily customer need. However, account
be overlooked when multiple pages of notes should be used alongside to
notes and past entries exist. provide more detail (e.g. if needs are
multiple, complex, or long-term).
Using codes that visually alert staff to the
support that vulnerable customers need, time, dates, and feedback loops
can help to overcome this basic problem. stamps are key – like flags, codes
need to be accurate and up-to-date.
Equally, it also forces firms to develop
Therefore knowing when a code was
their support strategy – as in order to
set/is due for review is important.
create such codes, firms need to know
Staff should also be able to feedback
what help they will (and won’t) provide.
on how well the support code system
Doing this requires resources – however, is working, and what codes need to
its pay-off lies in the alerts staff are given be changed, added, or removed.
on the help individual customers need,
customers will usually know best
and the aggregate data produced on
about the support they need – if in
support needs across the customer base.
doubt, staff should always ask.
14
Potential support codes: an A to W FIGURE 5
Audio CD correspondence Easy Read correspondence
Requires audio correspondence/interaction. Customer has correspondence needs.
Authentication/ID issue English language support
Customer struggles with authentication. This customer may need English language
Bereavement/grief support (due to written/verbal problems).
Has had a recent death of someone close. Failed ID & Verification
Blocker Different verification route is needed.
Customer has turned on spending block. Fraud risk
Braille correspondence Under investigation/care of fraud team.
Communication in an alternative format. Hearing/induction Loop
British Sign Language interpreter Customer requires hearing loop.
BSL required. Large print correspondence
Cannot sign/signature may vary Large print required.
Customer signature may vary when they Life event support
sign a document (illness/writing difficulties). Disruptive life event (death, birth etc.).
Check before disclosure (joint product) Literacy issues
Customer does not want their details This customer might struggle with literacy.
disclosed to another party on that account. May prefer non-written support/talk.
Chip & Signature/No Chip & Pin Longer appointment time needed
Does not use Chip & Pin. More time required due to vulnerability.
Communication needs No contact via telephone
Ask customer what these are/follow advice. Cannot use/does not want phone contact.
Court Protection/Public Guardian Numeracy issues
This is registered on customer account. Customer might struggle with numeracy.
Customer contact (repeat/frequent calls) PoA/Representative Access
Customer contacts us repeatedly. Power of attorney is present.
Digital issues Text Relay
Customer might struggle with digital skills. Uses text relay service to communicate.
Decision-making limitation support Third party
This customer may struggle to make certain Customer account has third-party mandate.
decisions without our support and help.
Unable to use Interactive Voice Response
Developing situation (watch) Cannot use IVR if contacting by phone.
A potential vulnerability has been disclosed
that could emerge and develop over time. Written confirmation required
Requires written confirmation (e.g. due to
Difficulty with speech mental capacity, memory issues, etc.).
Customer has difficulties in talking/speaking
(but not in understanding what we say).
15
What about ‘disclosure outcomes’? Which outcomes could we record?
When a customer discloses a vulnerable Again, firms will need to consider their
situation, firms will want to help. own specific processes and needs, but
And support codes will help to categorise the following disclosure outcomes are
the vast majority of these responses. often recorded:
However, firms may take other actions external referral to debt advice agency
which although still helping a customer, – this signposting support code allows
may be more about following process. staff and firms to understand who has
been referred to a debt advice partner
These might include, for example, staff
signposting to an external service that external referral to health organisation
offers specialist gambling support. – similar to the above, this signposting
support code tracks referrals to either
It could involve recording that contact
specific named health organisations,
was made with the emergency services
or more general signposting
due to concern about the customer.
Or it could simply be that a transactional escalated as a complaint – this allows
problem was successfully resolved. insight into which vulnerable customers
have been escalated to complaints due
Future contact and monitoring to a report of poor service or practice
Recording such actions using a support
code can help during future contact with emergency service contact – this gives
that customer (allowing staff to see what insight into customers who have caused
signposting or processes were followed). serious enough concern for a firm to
have contacted an emergency service
It can also help – as seen in the section
on aggregate monitoring – to describe escalate to another team – firms may
this across the whole customer base. want to track referrals between teams,
so that they can establish how quickly a
This may be particular useful – as noted customer issue is resolved
by the FCA - when comparing the
treatment and outcomes of vulnerable query resolved – this allows firms to
and non-vulnerable/other customers. track how many queries from
vulnerable customers are resolved
Clearly, account notes can provide such
information. However, the visual alert ongoing/ unclear/unresolved – this
given to staff, or the aggregate picture allows firms to track how many queries
built-up by using these codes across the are ongoing/ unclear/unresolved
customer base, can be invaluable. other – an ‘other’ category is important,
as it allows staff to report actions not
covered by current codes, but where (if
there is a good reason) such codes could
be created in the future.
16
7. What account notes should we use?
What should our account notes do? What notes should we use?
The purpose of account notes is to: As account notes reflect an individual
give the additional detail and context customer’s specific circumstances, it is
that cannot be conveyed in a flag, not possible to offer generic examples.
support code, or outcome measure However, in developing staff ability to
allow staff to read previous notes, write flag notes, firms need to consider:
and add new account notes to reflect minimum / maximum ‘rule’ – staff
a customer’s current situation should aim to record the absolute
provide a data-source that – in the minimum of the most relevant data
absence of support codes or outcome possible in an account note. In
measures - can be ‘word scrubbed’. practice, this will mean thinking
about what information will be
Pinned not lost (where possible) needed to both inform meaningful
One of the key problems staff can have action, and also help the next
with account notes is that they can be member of staff (who won’t have
‘lost’ or overlooked when multiple pages had contact with the customer) to
of notes and past entries exist. provide the support needed.
Consequently, some firms allow staff to vulnerable to what? – account notes
‘pin’ the most current and relevant notes provide an opportunity for staff to
to the top of the first page of notes. record exactly ‘what’ a customer is
Where such an option isn’t available in a vulnerable to, and what actions
firm’s system, alternatives should be might be taken to avoid this.
sought (such as repeat posting of older facts not feelings – notes should
notes – to ensure they appear first). normally only contain facts (what was
said or done by a customer) rather
‘Word scrubbed’ (where needed) than impressions or feelings that a
Sometimes firms will be unable to use staff member has. If impressions
vulnerability flags, support codes, or have to be recorded, these should be
outcome measures. clearly marked as such. At all times,
In such situations, firms may choose to staff should never guess or ‘diagnose’
batch process or ‘word search’ their what is causing a customer to act in a
account notes for specific key-words certain way.
related to vulnerability. account notes can infer special
These can provide an approximate category data – as noted earlier,
indicator of how many accounts may where an account note mentions a
involve some form of vulnerability. form of support for a particular
health condition – such as a hearing
Such a measure can be used in lieu of impairment – then this represents
flags or support codes, or may be used to special category data (and must be
establish a ‘missed case’ where such a processed accordingly).
flag or code should have been applied.
17
8. What about secondary analysis?
allow firms to use these data to Routinely recording such data may
inform the design and operation of require extra staff time, and firms need
journeys, processes, products, and to build this into operational planning.
services that better meet the needs
Anonymised data
of customers in vulnerable situations.
Where a valid legal basis for processing
How might secondary analysis work? exists, firms will be able to record data
When a vulnerable customer contacts a directly on a customer’s account.
firm, or discloses their situation: Taken together with information from
other accounts, these aggregate data can
a firm’s first instinct must be to use
then be used to monitor and evaluate
any flags, support codes, or notes to
the fair treatment of customers.
best help that individual customer
(as discussed earlier in this section) However, if an appropriate legal base for
processing personal or special category
as a second task, a firm might then data does not exist (such as where
‘pool together’ data from such flags consent has been refused), then firms
and codes to describe vulnerability may wish to consider recording the
across their entire customer base information as anonymised data.
and as part of this, a firm might then This requires a firm to strip away any
require staff to routinely record identifiable information, and create a
other data about each vulnerable new record which is no longer linked to
customer to add further detail to that the original customer account, and
picture of the wider customer base. where the re-identification of individuals
The secondary analysis element will cannot take place.
then come into how a firm uses this pool In doing this, firms can ensure that data
of data to inform and guide its strategy that might be useful for aggregate
on working with vulnerable customers. monitoring purposes are not lost
(while being mindful that this can
introduce issues of ‘double counting’
into aggregate data, if a customer agrees
at a later point for their linked account
data to be used for these purposes).
18
Other indicators: A to V FIGURE 6
Addiction Length (permanent, temporary)
Age (75+) Length (short, medium, long)
Age-related issue Life event (change circumstances)
Authentication/ID issue Literacy issues
Branch assistance required Lost job
Breakdown Medical issues
Cancer Mental health problem
Care leaver Non-standard requirements
Caring responsibilities Numeracy issues
Confirmed deceased Other
Consent could not be obtained Payment issue
Consent not given/refused Physical health issue
Consent withdrawn Referred from fraud
Counter transaction required Refugee
Critical illness Rejected medical write-off
Customer contact (repeat/frequent calls) Relationship breakdown
Customer is a carer Repossession
Decision-making limitation support Risk (high)
Disability Suspected deceased
Domestic abuse Suspected or confirmed as missing
Elderly Suspected vulnerability
Financial or economic abuse Terminal illness
Financial capability Third parties (involved)
Financial difficulty Third party help to manage their account
Financial resilience Third party support (POA/EPOA/OCP)
Financial understanding Unconfirmed/unverified/
Gambling addiction Unverified observation from 3rd party
Housing problem Vital interests
Language barriers
Learning disability
19
9. How long should we keep data?
20
10. Who can we share data with?
24
11.Using data to support individuals
25
FIGURE 7
What standard
options are What are the ‘Business as Usual’ actions that we can take
open to us? with any customer (not just those who are vulnerable),
Will these help and which might address the difficulties a customer is facing.
the customer?
What
adjustments Take more time Minimise the amount of
Use simpler language paperwork to complete
could we Offer reassurance about
Find a better time of
make? day to make contact how a customer’s
or Allow contact through information will be used
an alternative channel Work with a 3rd party
What new Use the BRUCE tool to Signpost to specialist
actions could support decision making external services
we take?
What action
is needed:
- now?
- in the future?
26
12.Using aggregate data for monitoring
27
FIGURE 8
“Firms should
produce, and
regularly review,
management
information, C. REVIEWING
A. QUALITY B. CUSTOMER
POLICY
appropriate to ASSURANCE EXPERIENCE
the nature of its
business, regarding
the outcomes for
Establishing quality Testing experiences of Reviewing whether
vulnerable
assurance processes that vulnerable customers processes and policies are
consumers.” identify areas that require through processes such effective in the fair
improvement. as mystery shopping, treatment of vulnerable
auditing, focus groups customers.
and deep dives.
Allowing staff to feedback Ensuring it is easy for Using information on Provide Senior
anonymously when they vulnerable consumers to firm’s treatment of Management or the
think processes for make complaints, and vulnerable customers and Board with reports on
vulnerable consumers through multiple the customer’s progress and provide
could be improved. channels. experience to help inform challenge where
understanding of appropriate.
effectiveness of policies,
processes, training and
controls in place.
J. USE
H. FEEDBACK I. DEEP MANAGEMENT
DIVES INFORMATION
Producing MI that
Use feedback that may Select particular products,
captures outcomes for
not be directly sent to the processes or types of
vulnerable customers,
firm, including online vulnerability for ‘deep
and making sure it is
reviews and social media dives’ to help better
discussed regularly at an
complaints. understand where to
appropriate level, and
focus its services or make
improvements. escalated and acted on
where necessary.
28
13.Using data to achieve good outcomes
29
PART C: ENCOURAGING DISCLOSURES
30
14. What is a disclosure environment?
31
FIGURE 9
36
‘what works’ for a firm’s consumers, and Summary
managing demand and capacity to meet The introduction of a disclosure
disclosed need. environment approach is premised on the
does our firm have a strong sense of simple rationale that it is easier for a
the different internal support options consumer to tell a firm about a vulnerable
that can be offered to consumers who situation, than it is for a staff member or
do disclose? process to identify this.
Clearly, this not only applies to specific As we have also seen, such environments
disclosure environment approaches, but can only work where they recognise that
also more generally to any disclosure of consumers will only share such information
vulnerability that is made by consumers if firms understand the known barriers to
to a firm. disclosure, and offer clear reassurances
about the risks that consumers perceive
This is dealt with in more detail on page from talking about their vulnerable
14 (‘Support codes’) which refers to situation.
wider guidance on support, and also
covers anticipating and meeting Where implemented, firms have reported
consumer support needs. that consumers will voluntarily disclose
information about their situation that was
what signals and messages about the not previously known.
process and benefits of disclosure can
we send to our consumers (and how Furthermore, sending clear signals to
will we achieve this)? consumers about the process and benefits
of disclosing different situations is vital.
As noted earlier, the messages that are sent
While disclosure environments cannot
to consumers about the process and
represent the whole of a vulnerability
benefits of disclosure are key.
strategy (particularly given that some
However, these signals can be given via a consumers will be unaware of their
range of channels and can begin before the vulnerability to harm – as is the case with
consumer even gets in contact – written consumers with undiagnosed mental health
reassurances on websites, leaflets and problems ), an accompanying proactive
posters, for example, can be used to remind identification strategy is also vital.
consumer at an early stage that all
However, the development of disclosure
situations are up for discussion.
environments (on a ‘test and learn’ basis)
Furthermore, small reminders and ‘nudges’ provides an opportunity for firms to add
from staff in routine correspondence or another tool to their battery, make a clear
conversation with consumers can also public statement that they recognise the
reinforce this (e.g. “is there anything else realities of their lives that many of their
that you’d like to tell us about your consumers are living (and are willing to
situation”, or “are there any health or other listen, and take these into account where
issues we should know about, as we will the option exist), and most importantly to
treat these confidentially and they will help reach consumers in vulnerable situations
us to provide you with a better service?”). who may have previously been unknown to
the firm.
37
FIGURE 12
38
FIGURE 13
39
PART D: SUMMARY
40
16. What should we do next?
© November 2020
The moral right of the authors has been asserted. All rights reserved. Without limiting the rights under
copyright reserved above, no part of this publication may be reproduced, stored or introduced in a retrieval
system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording or
42
otherwise), without the prior written permission of both the copyright owner and the publisher of this report.