An interview with Stephen Ponsford, Qrious Chief Technology Officer.

“Against the backdrop of Covid-19 and recent changes to New Zealand’s Privacy Act 2020, the need for businesses to have robust systems in place to manage and protect personally identifiable customer data has never been greater.” 

As CTO for Qrious, Stephen is focused on delivering technology that enables a modern data approach for both our clients and for Qrious. He has considerable experience implementing cutting-edge technology environments, such as Infrastructure as a Service (IaaS) and cloud services. I chatted with Stephen to discuss how Qrious met the ISO gold standard for data privacy and why trust is the holy grail of customer data.

Tell me why the explosion of online data needs tighter regulations? 

We’ve seen a staggering proliferation in the use of digital platforms and ecommerce as the Covid pandemic rages around the world. In just six months last year, we saw six years of digital transformation, highlighted by the way people turned to technology for work, education, shopping and to connect with one another.  

Essentially what this means is that there is more data collected about us online than ever before, so the need for data protection has never been greater. For example, before Covid, there was always the option to go into a physical store, a gym, a bank, a movie theatre or to do it all online. Lockdown forced us to change our online behaviour, which opened up entirely new customer segments, causing an explosion of data. With this rapid influx of data across multiple platforms, there’s a clear need for companies to capture and transfer data accurately and securely between platforms. And not only that, they also need to be able to understand and identify what data is valuable to their business, because when data is used correctly, critical business decisions can be based on it.  

The fact is, that as more and more companies use digital services, they hold more and more really important personally identifiable information about their customers, so the protection of that data becomes increasingly critical. Consumers now expect the same customer experience from a New Zealand business as they do from an international one, so Kiwi companies need to keep up with technology and be dedicated to creating a seamless user experience.  

What does best practice look like when it comes to the new Privacy Act? 

Most of the new Privacy legislation is about personally identifiable information online. At Qrious, we see our role as being industry leaders in how companies work with and manage that information. We want our customers to trust us, and what better way to enable that than through independent ISO verification, proving that we meet global best practice standards when it comes to data security and privacy. 

What do the ISO accreditations mean in practice? 

We learnt a lot through the process of achieving ISO compliance, and we can play a role educating the market on what the gold standard looks like, rather than mere compliance. Achieving the ISO 27701 privacy certification shows we have the robust processes and systems in place to manage and protect personal data, and it builds on the information security standard, IS0 27001, that Qrious achieved last year. 

While there isn’t a publicly available register of ISO accredited organisations, we believe we’re the first New Zealand company to achieve both ISO accreditations for security and for privacy. The two standards actually go hand in hand: privacy is about complying with data protection laws and is centred on collecting, processing, storing, sharing and deleting data. Whereas security is about the steps an organisation needs to take to protect the data and prevent it getting into the wrong hands. 

Tell me about the process of achieving ISO certification for Qrious 

The ISO 27701 privacy accreditation took six months of planning and three months to execute, and it was an incredibly rigorous auditing process with many in depth interviews conducted with a broad group of the Qrious team. Accreditation required extensive training of our people, and auditing of our systems and processes, and it set an internal benchmark that we must continually improve upon. There’s also no guarantee that once we have ISO verification that we will automatically keep it, so we are constantly challenging ourselves to be up to date with the very latest developments globally when it comes to data privacy. I have to give full credit to our team, because it could probably have taken another year at least, but we had so much in place in the way of policy and procedures, that we were able to accelerate getting to the certification part. 

Our focus now at Qrious in this space is very much on supporting our customers who are handling personally identifiable information, enabling them to use our products and gold standard protocols to best protect their customer data. 

What does the future hold, now that Qrious has ISO certification for both privacy and security? 

As New Zealand’s market-leading data, analytics, artificial intelligence (AI) and data-powered marketing business, our number one priority is to keep our clients’ data and personal information – and that of their customers – safe and secure.  We also see our role as leading and educating the wider industry when it comes to working with, and managing, personally identifiable information in order to retain consumer trust. 

 It’s not just about trust in a company and its systems, but in data and AI overall, which can bring huge value and transformational benefit if people trust in these technologies. Companies doing the bare minimum with data security and privacy, run the risk that the industry as a whole could be set back years if we lose consumer trust.  

What role can New Zealand play when it comes to AI? 

We have the opportunity as a country to establish ourselves as a leader in the AI economy by developing both the people, and the technical capability, to create AI tools in New Zealand for New Zealanders.  

Our ambition for New Zealand’s business community is to create a smarter economy using quality data that showcases our unique ‘New Zealand-ness’, our diversity, language and culture. The great advantage that New Zealand has is that when it comes to AI, we aren’t hampered by our nation’s geographical isolation, so we have the opportunity to think globally as well as locally when it comes to creating AI solutions.  

Thanks very much Stephen for sharing your thoughts. It certainly sounds like there is plenty of opportunity for New Zealand businesses to harness the power of the data explosion to stay competitive and customer-focused; but clearly hand-in-hand comes the responsibility on businesses to have sound processes in place in order to build customer trust. 

To summarise: 

• The explosion of digital platforms and personal data online, combined with the new Privacy Act, means robust processes to protect personally identifiable customer information are critical. 
• Customers expect global standards from Kiwi companies when it comes to user experience online, so it makes sense for businesses to look for best practice, rather than mere compliance, when it comes to data security and privacy. 
• As industry leaders, Qrious has gone through the rigorous auditing process for ISO certification for security and privacy, and we’re well placed to support our customers, enabling them to use our products to best protect customer data. 

Learn more about our ISO privacy certification here - https://www.qrious.co.nz/news/iso-27701-privacy-certification

You can check out the key changes here - https://www.privacy.org.nz/blog/key-changes-in-the-privacy-act-2020/.