Hello, I'm Richard Hill, a senior Analyst at co Cole. And today we're having a webinar about how the sphere identity platform could help improve user experience and privacy.
Well, helping the business with customer onboarding and joining me today is Katherine no CEO of sphere identity. So before getting into the webinar topic for today, here's some information about co Cole co Cole was founded in 2004 as an independent Analyst Analyst firm with offices around the globe. We offer vendor neutral guidance, technical expertise, and thought leadership. We support end user organizations across the industry and provide tactical and strategic advice.
We specialize in information and cybersecurity, IAM, identity governance, risk management, and compliance, and all other areas of digital transformation. Cole has three major business areas. First we provide vendor neutral research on IAM and security topics, as well as giving up to date. Objective advice.
Second, we conduct conferences, webinars like this one and other special events on relevant and leading edge topics. These events provide insight into industry trends, give good networking opportunities and a chance to meet the experts in the field.
And then lastly, co Cole offers consulting engagements worldwide that could help make your business more successful, which we give the most current advice in the area of digital transformation,
Co Cole's advisory areas, cover benchmarking and optimization that helps organizations to clearly understand the maturity of their processes and systems such as readiness assessments of security technology areas or product shortlist.
We also support strategy support for that helps provide direction for organizations to speed the decision making process architecture and technology support to give clear vision and roadmaps for it. Architecture and products and product guidance on project implementation through evaluation of the organization's projects. The next upcoming co coal event will occur in mid-May in 2019, the European identity and cloud conference will be held in Munich Germany. The blockchain enterprise days will be held in Frankfurt, Germany on September 18th to the 19th.
And then the cyber summit will be held in Washington, DC in the us on October eight through the 10th 2019. And now here's some quick guidelines for the webinar. Everyone is automatically muted. So no need to worry about muting yourself will be recording this webinar, which will be available sometime tomorrow on the Cooper Cole website.
Also, we will save time at the end for some questions and answers. So in the go-to control panel, there's an area where you could type in your questions at any time
Regarding the agenda. I'll start out by talking about the balance between user experience and privacy and how to limit the risk of mishandling customer data. And then I'll turn the webinar over to Katherine Noll to talk about Howe identity could speed up an organization's customer onboarding by eliminating online forms while collecting clean, reliable customer data, regardless of the company size or data requirements.
And then finally, as I mentioned, there will be time at the end for any of your questions, which will answer.
So I thought I would start off by talking about user privacy since privacy of an individual's digital identity data has become really critical issue of our times, not just for the individual that would like to keep their identity data private, but also as we'll see in some upcoming slides, that it also has an impact on the organization that collects and maintains that data as well
Up till now, it seems that you can't interact with any type of organization with an online presence without giving up some form of your identity or other information about yourself to the organization.
And this could lead to loss of control of your identity information, making your information vulnerable to data breaches. For example, Facebook, where there was over 87 million records that were breached or Marriott hotels, a breach that could affect at least 500 million of their guests were Uber with information with over 500 or 50 million customers and drivers in which their data was exposed. And really the list just keeps getting longer every day. Now we're starting to see some pushback in a number of countries to help give greater accountability to organizations that collect in individuals.
Digital information. GDPR has gotten a lot of attention lately, given Europeans the right to control their personal information collected by organizations, but GDPR will not only apply to organizations within the EU, but also outside the EU that operates within the Eurozone increasing that territorial scope of GDPR and making it necessary for most organizations to comply with this regulation.
In other parts of the world, the Asia Pacific economic cooperation, which was established back in 1989, initiated across border privacy rules, which focuses on an individual's data as it flows between these APEC economies and requires APEC participants to implement data privacy policies that conform to their privacy framework
In the us personal data breaches, such as Experian and Facebook, as I mentioned, are compelling individual states to implement their own data privacy laws.
For instance, like this state of Vermont, which passed a law that required data brokers to register with the state, inform people on how to opt out what is collected and when their data has been breached, as well as given these individuals legal recourse, when their data has been abused, the state of California is going a little bit further by enacting the California consumer privacy act, which take effect in 2020. And this introduces new rights for the California consumer regarding their privacy and use of their data.
And I would expect that sometime in the distance future, it's anticipated that the growing momentum of the individual data privacy rights will eventually lead to a more uniform law at the federal level to provide consistency across all states in the us. The current model of identities is such that as people go from one organization to another organization they're using as they're using their different services information that makes up their identity gets copied across these different organizations, but not always in the same way.
For example, names may be slightly different or have different ID numbers, making it nearly impossible to reuse your identity from one organization to another. So you have these multiple identities associated with you across multiple organizations and the organizations you interact with. They hold and control these identities, not you
Self-sovereign identities offer a different paradigm.
It gives the individual power over their identity, where they can control what it contains or who you give it to, or even how it's used a self-sovereign identity can provide a verifiable credential that could be used in a safe way that maintains your privacy and the information that individual provides, or the claims that you make about yourself could be verified by organizations that this person has a trust relationship with this self sovereign identity provides value to the individual in that they are given an accessible place to store their identity, giving them complete control over the data they provide, as well as their privacy.
A person interacting with an organization has certain user expectations and these expectations need to be met by the organization that wishes to gain and keep those customers. For example, a user of a business service may expect that the service is accessible from anywhere or that it's easy to register and use that service or else the business may risk losing that customer.
And today, most online users prefer to use their mobile device to interact with services. And if it's an international service they're using, they should provide users options for the major languages of choice, providing economic incentives for users to share their information is also a benefit too, as well as a user must be assured that their information is secure and it maintains their privacy.
See for the business, they have the challenge of meeting a long list of compliance requirements, which contributes to their overall compliance risk for GDPR organizations must now contend with gaining user consent for processing their data or providing portability that data or supporting the indivi individual's right to be forgotten.
And the list goes on in some cases, organizations are required to comply with no year customer initiative by verifying identities, as well as monitoring for potential risk of illegal use of their business relationship in the anti money laundering initiative.
That's mainly used in the financial and legal industries has really meant to detect and report money laundering activities for organizations that must comply with these laws and regulations. That must now be careful about what personal data they collect, monitor the accuracy of that information, and really to ensure that this information is only relevant to the organization's true needs and really nothing else. They must also incur the cost of proof of compliance through documentation and periodic reviews. A failure to comply can lead to fines and damage to the organization's reputation.
So there's a balance that must be struck between the business and the individual using their service users need to feel that their expectations are being met and businesses need to be able to lower their regulatory compliance risk and keep their customers. Organizations can also benefit from self-sovereign identities in that they provide value to the organization by not having to validate the individual. Since they've been already been validated by another trusted organization, such as a bank or a government entity.
Another benefit is the organization doesn't need to manage the individual's credential, saving costs and risk to the organization. Let's not forget security and privacy breaches can have a huge impact on organizations. For example, earlier this year, we saw Facebook stock drop roughly 20% to the tune of 120 billion, not entirely, but largely due to user privacy concerns. So what are some of the ways to help organizations protect user privacy through security?
Well, blockchains have a number of characteristics that are beneficial in the beginning. Blockchain's main use case was to reduce the need for multiple organizations to maintain that same copy or ledger of information providing one source of truth. Since blockchains are decentralized, there is not one point of failure which helps ensure data recovery and the data on the blockchain is also difficult to compromise or corrupt.
Since there must be a consensus among nodes in the blockchain network to accept any new or updated information, a as well as encryption helps to secure and maintain the ownership of that data.
Another way of reducing security risk is by using strong multifactor authentication rather than using a password alone, which we know by now that alone, it provides very weak authentication due to brute force attacks or social engineering, but by using two or more factors, you strengthen your authentication using something, you know, which could be a password passphrase or a pin code, something you have like a personal device such as your mobile phone or something.
You are like a fingerprint or some other biometric encryption is another good way to provide defense against data exposure by keeping things like your data and credentials on your mobile phone encrypted at rest, or your data in transit to, and from the service you're using. And again, encrypting the data at rest this time where the service stores your information, and then finally at the organization where users allow or give consent to use their data
To help mitigate security concerns.
Security by design should be adopted security by design means that software has been designed from the ground up to be secure in the open web application security project, which is an organization focused on advancing software security. It provides security by design principles that could be applied to any it project such as realizing each added feature adds risk to the overall application.
So make sure that each feature is secure to minimize potential attack vectors, make sure default settings are always secure and out of the box, ensure that accounts have the least amount of privilege required favor multiple layers of security controls to reduce risk.
Make sure that if an application fails that it does so securely don't implicitly trust, external running systems, they may have different security policies or postures than your system does in separation of duties for fraud control hiding system security details alone is a weak security control and overly complex approaches to security could lead to larger attack surfaces. So really just keep it simple and then finally fix security issues quickly, correctly, and then test it. The idea of privacy by design started back in 1995.
And the published framework has been around since 2009 and is now gaining traction by organizations primarily due to privacy regulations like GDPR so quickly, I'll go over the privacy by design principles.
So first try to anticipate and prevent privacy breaches make a user's data protected automatically with no action from the user start design with privacy in mind, rather than as an afterthought support, full functionality that balances both security and privacy have a strong security in place. First is essential to supporting privacy.
Transparency helps privacy verification, audits and governance, and keep the user in mind from design through operations.
So in order for a self sovereign identity solution to be successful, there really must be a compelling reason or incentives why individuals and organizations should use it for the individual. There must be assured that their identity is secure and they have control over their data. The solution must also be simple and easy to use as well as knowing that they could use their identity with a wide range of organizations to make it worthwhile for them and for the organization.
It must reduce the organization's compliant, risk and cost, provide trust in the platform, security, reliability, and performance, and allow low friction interaction with their customers to ensure that they don't lose them. It must be easy to integrate with as well as having a large population of users that could potentially use with their service. And for every stakeholder, there must be an underlying assurance that proper governance of the self-sovereign identity platform is being maintained to still trust for all. So now I will turn it over to Katherine, no from sphere identity.
Thank you, Richard. It's great to be able to discuss the changing things in the world as a result of GDPR and apex cross border privacy rules and all the other emerging regulations, we're in a new space where lots of software and practices need to be redesigned at the same time, we've got new technology, which we can use to solve these problems.
So I'm really happy to talk to you about the current problems and spheres analysis of those, our view on customer onboarding and what future best practices to talk a bit about self sovereign identity and the use of blockchain, because I think there's still room for clarity around that. Of course we will cover compliance and some of the challenges with that. And lastly, I will talk to you a bit about what we are doing and our up and coming launch. So let's look at the problem.
So the current problems that we are relate to the web world, but also used in mobile.
So whenever you sign up for a product or service, you use online forms and in some industries, there's also a KYC requirement that leads to a terrible customer experience. And what we are seeing as a result of that is that customers abandon processes will talk about that more in detail. We also have an issue that we are still using typing as a means of input into systems that's notoriously error prone. And that leads to the third problem, which is the ongoing cost for businesses dealing with data quality. That's not something that's gone outta fashion or disappeared.
Those are enormous costs for enterprises. And if you have less than happier customers that are typing, then that slightly to continue. So we looked very specifically at abandonment rates and it's clear that they very wildly between businesses.
It's also clear that business has have either a fantastic understanding of them or a rather confused and have no specific data on this. But what we have seen around the world is that they tend to range from 30 to 80%. It's really useful to think of what this would mean in the physical world.
This would mean that the customer goes into your physical shop, has money in their pocket, finds the product. They like goes up to the counter and then decides to walk outside without completing the purchase. That's almost unthinkable in a physical setting yet in the online environment, anywhere between 30 and 80% of customers abandoned. So this is a huge area that needs to be addressed for businesses to do better in the online world.
Now, what you'll see from this slide is that there are really varying numbers on abandonment rates and there is no global consensus what we do know, and this is fairly consistent, regardless of where you look in the world is that research has shown that 22% of users abandon their cart when they're asked to create yet another account.
So this confirms that users hate signing up online forms. And I'm sure I don't need to tell any of you because I haven't yet spoken to a person that says that they enjoy the experience.
So what we are doing as businesses is really creating speed bumps on websites, and that is a really strange approach to customer nurturing. So we've looked at ways of addressing that. What's also important to point out is that the abandonment rates per industry alter a lot. So in gaming, for instance, where there's high motivation of people to participate and not many alternatives, then you have a relatively low abandonment rate still just under 50%. So this shows that we as multiple industries have high tolerance for unhappy customers, which is odd given the direct relationship with revenue.
So we've looked more closely at what are the common reasons for high abandonment rates. Firstly, as mentioned before customers needing to create an account, it's not something that all customers are prepared to do anymore. Many find the checkout process too long and too complicated. And we've seen some changes in this businesses with typically long checkout forms have now cut those up into multiple steps on multiple pages.
But the feedback from customers is they do not enjoy the signup process, even if they're not confronted with a huge form to start with the actual fact of clicking between screens is really aggravating. Thirdly, customers really have a problem trusting businesses with particularly their credit card details. Now that's obviously they're the last step of a sign up or purchase process, but you can see that customers are rethinking what they do online and up until now, there have not been tools to address this.
So it's looking back at the physical world.
Again, it's important to realize where we are now and where we were back as far as the eighties. So paper forms were digitized into online forms. And although there have been a few changes in UX and the user interface, there really hasn't been a lot of development and it's those forms that customers don't appreciate. So what we're predicting is that over the next five years, we will see the emergence of technologies that replace online forms as a means of customer interaction and sign up. And that we will, although it will probably be a slow death, see the death of online forms.
So what does great customer onboarding look like? Firstly, it doesn't involve typing. It must in order to be compliant and install trust in users, incorporate privacy by design. And the great thing is that privacy by design and security by design are very complimentary.
And those are things that we've embedded in not only our technology, but the entire way we run our organization. What is also essential is that onboarding is future compliant.
And Richard pointed out that there's a whole range of very clear, but new privacy and data protection regulations, and suggested that we were going to see some momentum and some consistency occurring. We could already identify trends to do with identity data, portability, interoperability. It's reasonable to expect that K Y C and AML requirements are more likely to increase the decrease. And by looking at these future trends, we can design onboarding solutions. That don't mean that you are interrupting customers with requirements to comply for, with new things.
There really is an opportunity given what's happening in the global landscape to look further and build things that satisfy most general requirements in the world today and in the future.
What's really essential because we are dealing with personal information is to use better technology to do that. And we are very passionate about the use of blockchain and distributed storage technology for the storage and processing of individual data. And I'll talk a bit more about that later.
So self sovereign identity is very much seen as a consumer issue and yes, it provides consumers with significant increases in privacy control the ability to manage their identity. But what is not a ways understood is the fact that it provides businesses with new options. There are new ways of receiving data that consent, which is a huge issue, particularly under GDPR is almost embedded in the solution, which is great. What's also important is that self-sovereign identity really wouldn't be possible if it wasn't for blockchain.
Now that technologists are out there will argue that there were previous self-sovereign attempts and that's true, but they would not have been very secure. And going back to a point that Richard made about users wanting to be able to interact with businesses from anywhere blockchain provides the opportunity when incorporated as part of the technology stack to really reach a global market, a global audience and engage. So you're not placing the geographic limitations on your customers that traditional technologies allow you to do.
So it's interesting to look at how self sovereign identity has emerged and the path of identity. So it obviously started with centralized identity and all of you will be familiar with that. There was an emergence of federated identity where groups of organizations get together and share ID and verify identities amongst each other, which is great, but it requires a lot of cooperation and a more complicated implementation.
We saw the emergence of user-centric identity, where users were given control and were able to participate in decision making and then emerging from that is self-sovereign identity. So it's a relatively new concept it's distributed as opposed to centralized and really offers new ways for both individuals and businesses to interact in the online world.
So it's really important to understand the sec enhanced security that's self-sovereign and blockchain based identities provide, and the opportunity that they have for allowing validation of data, self sovereign identity also changes the way that software providers operate.
This has been very interesting journey for us because unlike traditional software providers that develop some software, then manage the users and have full access to the data and may choose to monetize that we have built software that is so secure.
And so self sovereign in the true sense of the word that we do not have visibility of user data, that it is fully encrypted and multi encrypted throughout the processes that goes through on our platform. And therefore our role is to provide excellence software and not have the distraction of a data business on the side of that. And I think particularly because of around data and that liability burden, we will increasingly see new software providers that are purely software focused.
So going back to what's evolved in identity.
The fact that we've gone through that journey means that we now have different identity solution options, and blockchain has further contributed to that. So centralized or distributed, and depending on a business's data, risk appetite, security stance, different technologies might be useful. We also have now options for single implementation of identity solutions or federated, depending on the industry you are in different types of solutions are available and different ones may suit your business in terms of what the identity solution can do.
There's a whole range of things, either from simple onboarding like ours and KYC like ours or AML, like some of the great solutions out there that support financial services. So there's really a huge choice now. And I can appreciate that that landscape can be confusing as mentioned earlier, there's a really a need to be future compliant.
And one of the things that we have aimed to do is be future compliant to not have to retrofit solutions every time there's a regulation change.
I recently learned that every seven minutes, somewhere in the world regulations change, but what we are seeing is that through really strong themes occurring and from a technological point of view, if you take a very broad view, it's relatively easy to incorporate these from the beginning. And if you can do that in the software, then that means less change is necessary for individuals and businesses. So we are really committed to enabling future compliance. And we have a very strong legal team that is constantly scanning the global landscape to make sure that we continue to achieve that.
One of the key elements in GDPR, another privacy legislation is data minimization. And that's something that's not very well understood when it comes to consumer onboarding.
So if the aim is to collect lots of data and the cost of that is high abandonment rates, then looking a business' bottom line, there's obviously going to be a move to data minimization. I E only asking for the data that you require and not creating speed bumps that stop your consumers from interacting with you.
So it's 3d interesting that data minimization automatically leads to higher security and obviously privacy, but there's also need for data flexibility. And our solution offers either full data in a traditional form or zero data, which is something that is enabled by blockchain technology, where you, for instance, want to know if somebody is old enough to use your service, or has a license to drive a car before you rent them one, those types of use cases, it's no longer in all industries necessary for you to have all of the data and do internal verification from that.
So we have intentionally built in lots of data flexibility because businesses and particularly businesses operating in different jurisdictions will have very different data needs. And it's not the place of the identity provider to tell them which data they can have.
So now, to talk a bit about sphere, identity, and what we have built and what we are up to. So to start with, we have utilized privacy and security by design from day one, we are GDPR compliant and we've continued to been focusing on building self sovereign identity to the extent that we have a fully distributed system that is highly compliant and secure.
Now, one of the important components of our system is consent that we enable users to manage. And we've been working very closely with the Canara initiative, contributing to the global standard on consent, which has been an exciting and very productive process. And something that we've also tried to do is take away some of the complexity of consent from users by simplifying things. And what's most important in because we are a global solution and support businesses anywhere in the world is that we can really manage and notify users of risks of cross by water data transfers.
So how does it work? So our, we have two solutions, one for businesses, and one for consumers, the business solution is simple to integrate in your existing website and using your existing systems, unlike a traditional identity access management, we're not looking to replace any of your current software. So what we do is enable an alternative signup on your website. What that means from a user experience is when they go to your website, all they need to do is click on a button. They will then see all of the data that you require from them, from for signup.
And then they will be able to consent all of that without doing any typing. What then magically happens is that our distributed and encrypted platform manages things between your business and the consumer.
So the, the data that you have requested and that the consumer has consented to arrives into your business systems, and I'm happy to discuss more of this.
Should you have questions later, but at a high level, that's what our system does. And we've tried to make security embedded and reasonably invisible privacy by design. And blockchain is part of our technology stack, but not something that we complicate user experience with. So we've been busy building this new technology over the last year and are really happy to be launching on the 8th of January.
We will be launching our consumer app first and then on the 28th of February, our business solution. And it's been a really exciting journey. And we're very pleased with the products that we've developed and proud that we've been able to maintain the standards and the level of ambition that the team and I've had since day one. So I'd be happy to answer any questions that you have later.
So we do have some questions. I think we have plenty of time.
So the, the first question was how could we build a solution to be future compliant as we don't have a way to see the compliance or how we're unable to see what compliance shall be released in the future?
That that's a really impressive question. So the answer is, of course we can't see what's happening in the future, but we do see general trends and extremes. So there are now countries that have made data protection, particularly in relation to cross-border data transfers a criminal offense with potential jail time.
We've seen a country that makes you pay for cross-border data licenses, so have been monetizing it, but all of them, regardless of how they treat outcomes are really implementing similar things. And if we see GDPR as a high standard and can imagine how that might be further strengthened, then it's reasonably easy to create a vision of what compliance will look like two years from now.
Now, of course, that's not going to be complete, but we really need to get away from a situation where businesses are crippled every time new regulations come out, because lots of the requirements are transferred from other regulations. So what we've seen with P S D two and data portability is likely to flood over into data protection and privacy legislation and not just be financial. So that's an easy one to predict.
Okay. The next question that came up is where do you store the user data?
Yeah, very important question. So we store it in distributed blockchain based storage, which is different to a blockchain, and there's an world emerging of distributed storage, which enables us and other businesses to store their data encrypted and basically cut into chunks and distributed around the world and then pulled together when it's decrypted. So we use blockchain based, distributed storage, and feel very strongly about that. And going back to security by design that's because it significantly minimizes the attack surface.
And so that's probably been the reason that we've, despite the challenges with this emerging technology have been really vigilant in only using distributed storage and not having any centralized depositories of user data.
Okay.
And, and here's a kind of a follow on question to that. How do you provide user information to the appropriate audience, which needs to know the customer like KYC or AML?
Yeah, so we provide that and it's triggered by the user consent. So the moment a user consents to provide a list of information, then that then triggers our platform to share it with businesses. So that's quite automatic. What's important is that we've done verification on our platform of that identity before that it hits the business.
Okay. The next question is what difference does cell software identity provide?
Well, quite a few in terms of user experience, the, you know, there is the ability for somebody to have their identity with them and be able to use that and make decisions about it. What is also important is that if you have a self sovereign consumer app, that it allows people to reshare information and also keep all of their information in one place, which is a bit different to other identity solutions where you need to log in each time. What's also important is that self sovereign identity offers, offers businesses a new way of managing data and managing risk.
And that is probably the most significant and not a always well understood aspect of self-sovereign identity.
The next question is what things do I need to keep in mind when selecting and an identity vendor?
So I think that's almost something that keeping a coal would be more qualified to answer, but perhaps one of the most significant decisions is whether you want a centralized or distributed solution. That really depends on your business requirements. And in particular, your security and privacy stance.
Also importantly, whether you want to collaborate with other people in your industry, or perhaps your suppliers and use a federated solution, or whether you want to be able to make independent decisions and independently install one solution. I suppose those are the major changes. The rest of the requirements are usually driven by,
And it looks like we have a next question coming up. What does the future of identity look like?
Wow, exciting to start with, because even though we've been doing a lot and working really hard on this, so have more than 700 different projects around the world. And it's clear that the identity problem isn't solved yet. I also firmly believe that there's not going to be one solution that the use cases are so diverse that we will need multiple solutions to solve current identity problems.
What I do predict is that we will start to apply emerging technologies, and there's a whole range of them, not just blockchain to identity solutions, so that we can come up with new ways of doing things rather than just automating existing practices. And so I think we'll see a lot less typing. I think we will over time see the death of online forms because there are better ways to sign up. And I believe that the future of identity is a lot more distributed than it currently is.
Okay.
How do privacy and security by design help businesses,
Privacy and security by design, if used by a vendor show that a business is taking care when making decisions about vendor selection and therefore managing their own internal security and privacy. And if businesses apply them, then their risk of data breaches is significantly reduced. So that's from a compliance angle from a customer angle. It's going to create a lot more trust in an organization if that can be communicated to customers.
And in terms of suppliers, if a business applies this, and I'm speaking from experience, then you put much greater demands on your suppliers. So it's not just that you are regulating privacy and design for your business, but you're actually doing that across your supply chain. And I believe that there's a lot of reward for doing this, but it's not easy. It's a new way of working, but the benefits of really high,
What are the future requirements for compliance?
The future compliance requirements are likely to be things like data portability, data interoperability.
We are seeing a lot more in terms of privacy. So I believe that there will be an increase in the amount of encryption used businesses will be increasingly required to store data responsibly, to minimize the data. Those are fairly strong themes, but result in significant changes for some businesses. Other than that, we are going to need to see which regulations emerge. But so far they're all saying similar things.
Okay. So question that earlier on, you mentioned data minimization. So how will your solution accomplish that?
So whether to minimize data or not is really a business decision, but with our solution, we have that as an option. So should you want no data at all? Then we can provide a zero knowledge proof and confirm whether whatever attribute you think is significant exists or not. Now that's an extreme scenario and only works in some use cases. So we haven't presumed to know which data businesses need. We provide the ability to minimize data and choose zero knowledge proofs, but should businesses want full traditional data or somewhere in between, then we provide that flexibility.
Okay.
And it looks like we're coming up to the last question earlier on, you mentioned collecting consent. Could you tell us more about how that's done?
Sure. So it's really important that consent is explicit. So in our business solution, we've created a presentation of the consent items. So for instance, a business might want name, address, telephone number, copy of a driver's license or some other form of ID and maybe a credit card. And it's really important that that's explicitly listed and it's also listed how long that's going to be used for, and for which purposes.
And we display that in a really clear way that it enables users to make a decision about whether they want to consent to that or not. As soon as they have, then that consent is captured according to the standards and both the consumer and business have a record of it.
Very good.
Well, Catherine, thank you for joining us. And I believe that is all of the questions. So we would like to thank you and the audience for this webinar.
And again, a reminder that the webinar should be up on the Cooper call website sometime tomorrow. Thank you.
Thank you, Richard. It's been great.
