If the GDPR dictates utilities should hold accurate information about customers, how do they go about making that information as good it can be?

Data management platforms are typically able to identify where records are missing data – for example, a date of birth – or likely to be incorrect. For instance, there may be far too many people on a database with the birthday of 1st January, which is a statistically less common birth date due to various seasonal factors. The errors could be a hangover from legacy systems where the actual date of birth was unknown, and a default has been used and replicated in subsequent iterations of the data. Alan Clay explains more: “Going back a few years, people would ask ‘how old are you?’ rather than ‘what’s your date of birth?’ because it was seen as a less intrusive question. If I said ‘40’, they would enter 1/1/1985 as my birthday.”

Just being able to spot the inaccuracy is useful, but not enough. “Some data management platform providers are good at analysing data but when they say, ‘here’s a problem’, they don’t always have the data on hand to solve it,” says Clay. To do this, LexisNexis Risk Solutions amalgamates GDPR-compliant data from around 70 separate sources and links records to the correct information. The system is updated every two weeks. “Ideally it would be real time, but that constant influx of data just doesn’t exist today,” points out Clay.

Sources include credit referencing agencies, the electoral roll, public records (such as County Court Judgments and bankruptcies), Post Office data, lifestyle data from competition entries, product guarantee forms, registers of deaths, and so on. “When we amalgamate the data from different providers we might see that the weight of evidence is that the person who had that 1st January birthdate was actually born on 7th March.” The breadth of sources is what makes the service particularly effective, Clay says.

Where should companies begin when it comes to improving their data? As a first step, a data auditing assessment can help understand the current state of the information. The audit will check for completeness, accuracy and consistency, and includes tasks such as flagging duplicate records and standardising formats. LexisNexis Risk Solutions can run a sample of the dataset through its system to create a report that features a data quality score. This is based on metrics such as completeness of data and its currency.

Clay explains, “We may have death certificate numbers which show a death has been registered and we can be certain of that, because the only time a death is registered when someone hasn’t died is in the case of a fraud. Then we consider how to update the information.” The company uses a unique numerical ID assigned to an identity – known as a LexID® – to link records together and cleanse data while protecting privacy.

Knowing for certain whether someone has died could have implications for the Priority Service Register (PSR) if a utility is basing its register on data that isn’t specific enough. “If you are registered on a PSR, it’s often done at household level. The property might still be on the PSR because the data hasn’t been updated, even though a couple has been living in the house for two years rather than the elderly lady, who has passed away,” Clay explains.

This kind of omission may muddy the waters when it comes to regulatory targets. “If you never delete anybody, by definition your PSR numbers go up every year – which may mean you’re more aligned to Ofgem’s targets, although the data is actually wrong,” said Clay. Another example of inaccurate PSR data might be data held by a distribution network officer (DNO)[MN1] that is invalidated when someone moves to a property connected by a different substation in the same DNO area. They could end up receiving a text that there is an outage when their supply is fine, Clay points out. “That’s one reason why tracing addresses is important.”

Sharing accurate data about PSRs between utilities would benefit consumers, he says. “If you think about the hassle of registering on a PSR, if I move to the other end of the country, wouldn’t it be better from my perspective if that data is shared?” Indeed, as part of a general move toward widespread data-sharing, Ofgem says it is desirable that water companies and energy providers share PSR information, so consumers don’t have to register for separate PSR services with different utilities. “We are trying to give consumers a better service, without them having to do everything all the time,” says Clay.

As well as accuracy of data, security is a major issue for businesses in all sectors. Access to LexisNexis Risk Solutions systems is designed to be completely secure. Data management services providers should also adhere to SO/IEC 27001, the international standard for information security management systems, which demonstrates an organisation's commitment to information security best practices and ability to manage risk, explains Pranjic.

“All data transfers should be conducted through secure portals: Standard emails are never appropriate for sharing customer data because they can be intercepted,” she says. “Reputable providers will have good systems and robust encryption for data in transit, ensuring that information is protected throughout the process.” Companies should have role-based permission to access data and create audit trails and practice data anonymisation where possible (this is one of the advantages of having a numerical ID for an individual, such as the LexID).

And while it is important that data is complete and accurate, it is also good practice to minimise the amount of information held, Pranjic explains. “Only information that is necessary should be collected and processed, reducing the potential exposure.”