Convenience is the name of the game and just by the push of a few buttons, a tap here or a swipe there, you could unleash your inherent “super consumer.” Be it grabbing a taxi or finding the love of your life, matchmaking technology running on the principle of “dispatch” helps fulfill your demands by ensuring the supplier can align the right resources to your requests.   

Moreover, the value add of the “convenience economy” is even more prevalent in the post-COVID world. The pandemic is unprecedented in many ways as millions of people have been forced to rethink their potential buying decisions because of lockdown and social distancing measures. This has compelled the suppliers and retailers to pivot towards online sales, thereby adopting the dispatch system. 

The meteoric adoption of delivery tech in the last decade became possible because of enormous data sharing networks created by the organizations, fed regularly by the consumers. In the absence of adequate safeguards and controls, there is a risk personal data of consumers may be subjected to unauthorized access or reused for purposes other than for which it was collected in the first place.  

Understanding dispatch

Dispatch is the science of assigning resources such as drivers and delivery valets to facilitate delivery of goods or services demanded by users of a platform or service. Multiple sectors such as cab-hailing, food delivery, e-commerce and dating use the dispatch processes. 

The crux of this process lies in matching the consumer with the service provider based on their proximity, user profile, past purchases and the nature of the demand. The service provider captures the contact details and product request and assigns them to a dispatcher. This system enables logistics of goods or services delivery through a platform based on the network effect, where the value a user derives from a good or service depends on the number of users offering compatible or competitive products.

Personal information at stake and privacy concerns

The dispatch system uses personal data to identify and authenticate the customer through their name, email ID and contact number. The information is also critical to know their interest and buying patterns so their online personas can be created. These personas are a culmination of multiple layers of data that marketing operations depend on to deliver the right product and services.

Moreover, financial data such as credit card numbers, GPS coordinates and home addresses are also collected by organizations to complete the transaction and enable the delivery of the products.

These data elements are prone to resale to third parties or are used to target users with advertisements. Additionally, unauthorized access or use is also an impending threat as the information is shared with a variety of stakeholders, such as delivery partners, retailers and warehouse owners to effectuate the provision of goods and services.

Privacy regulations at play

Currently, the only applicable legal requirements in India flow from the Information Technology Act, 2000, and its supplementary Rules. Further, while privacy was recognized as a fundamental right by the Supreme Court of India, a comprehensive regime mandating protection of personal data still needs to be rolled out.

A joint parliamentary committee is deliberating the Personal Data Protection Bill, 2019, and will publish the findings in the upcoming session of Parliament. The PDPB will require organizations to be transparent with individuals regarding their data processing activities, obtain explicit consent from users before processing and adhere to secure data transfer mechanisms.

What can organizations do?

To better protect privacy and prepare for the potential Personal Data Protection Bill, a few best privacy practices for organizations in India to consider are:

• Be transparent: Consider developing mechanisms and procedures enabling ‘opt-in’ consent. This will notify customers about data processing activities of the company and enable them to make active and deliberate choices with respect to being contacted for marketing, or even how their data is shared with other entities. A privacy notice is a good place to start, as it can help convey an organization’s controls with respect to data privacy and protection.
• Visualize and minimize: Measures such as personal data inventory creation can help visualize the life cycle of data within the organization. This step can help identify and strictly collect only the data necessary for the services and goods marketed, adhering to the principle of data minimization.
• Consumer-first approach: Privacy-enhancing tools may be leveraged to ensure customers can access the information being collected and understand how their information is being used. The choice to amend and delete personal data being processed by an organization could also be provided to customers. This will help create confidence and trust, showcasing an organization’s bona fides.
• Periodic audits and assessments: Once you build these baseline controls, you could then initiate assessing and auditing your systems and procedures. Perhaps start with identifying types of data collected from customers and ascertain its flow within your organization’s processes. Further, map where that data is stored and for how long. Another important item to consider is the third parties (domestic and international) with whom you are sharing the information and whether adequate safeguards such as contractual obligations and access controls are in place.  

With reliance on data for an efficient dispatch system on one hand and compliance-related obligations on the other, organizations must tread this thin line between value creation through data and privacy of the customers very carefully.

Photo by Dan Gold on Unsplash