Digital Transformation

When PII Is the Coupon: Redesigning Processes Before AI Gets Near Them

Blue icon of a person with a gear, representing user settings or account configuration.
Prabal Laad
Blue calendar icon with a grid representing days and two rings at the top.
June 4, 2026

Most enterprise AI projects start at the wrong end. A team picks a process that hurts - manual review, queue backlog, repetitive judgement - and asks how AI can make it faster. The conversation moves quickly to models, platforms, agents and tooling. The process itself is treated as a fixed input. Six months later the AI is live, the queue has shrunk, and the underlying problem is still there: the process was broken before AI arrived, and AI has just made it broken faster.

Deloitte's 2026 State of AI in the Enterprise survey makes the pattern visible. Only one third of organisations are using AI to reinvent core processes or business models. Another third are redesigning key processes around AI. The remaining 37% are using AI at a surface level, with little or no change to existing processes. The same survey finds 84% of companies have not redesigned jobs around AI capabilities at all. The technology is no longer the bottleneck. The bottleneck is the willingness to redesign the process before automating it.

Michael Hammer made this argument in the Harvard Business Review three decades ago, in an article titled Reengineering Work: Don't Automate, Obliterate. The argument is sharper now than it was then, because AI can draft, decide, route, summarise, classify and act faster than any previous generation of automation. If the underlying process is broken, AI does not fix it. It just turns quiet confusion into high-speed confusion.

The discipline that prevents this has a name worth borrowing: Process First, Automate Second, Amplify with AI. Three steps, in that order. The principle is easy to state and surprisingly hard to apply, because the temptation to start with the AI step is always pulling in the other direction. What follows is a worked example of why the discipline matters, drawn from a real category of process design problem that nearly every enterprise eligibility scheme exhibits in some form.

When PII is doing two jobs at once

Consider a common pattern in eligibility schemes that grant a downstream benefit - a discount code, a priority lane access, a fast-track entitlement. The application form asks for a postcode. The postcode does two things at once. It validates the applicant's address as a gate on the form, ensuring submissions come from inside the operator's home market. And it is reused as the discount code itself, passed downstream to whichever booking system or partner platform redeems the entitlement.

The design is convenient. One field, two jobs, no extra infrastructure. The problem is that the field is personal data, the two jobs are different, and conflating them creates exactly the failure modes that an AI system cannot rescue.

The first failure is validation. If the postcode is accepted as a free-text string with only a non-empty check, applicants can submit anything that looks postcode-shaped. The form approves them. The downstream system receives an invalid code. The applicant arrives at the point of use, the code does not work, and there is no feedback loop. The process appears successful but delivers nothing. The fix sounds like an input validation improvement. It is actually a design problem: the field is doing two jobs, and the validation criteria for the two jobs are different.

The second failure is exclusion. If the postcode is a hard gate on the form, anyone without a postcode in the operator's home country cannot apply at all. International applicants, transit users, residents of neighbouring jurisdictions, people in temporary accommodation - all structurally excluded. Adding AI to the form does not solve this. AI does not invent a postcode for someone who does not have one.

The third failure is the privacy one. The applicant's postcode - a piece of personal data that can be combined with other attributes to identify them precisely - is now flowing as a coupon into a third-party system. That system was not designed to be a custodian of personal data. The data minimisation principle of the UK and EU GDPR is breached by design, not by accident. No AI tooling addresses this either.

The fix is not AI. The fix is process redesign

The redesign is structurally simple once the diagnosis is right. Split the two jobs the postcode is doing and solve each with a fit-for-purpose mechanism.

  • Replace the coupon function with an opaque server-generated code

On approval, the system generates a short, friendly, one-time identifier with no semantic meaning - a string that looks like ABC-1234-5678. The code is unique per approval, idempotent against retries, mappable to the case ID in the operator's own audit trail, and meaningless outside that system. Downstream platforms receive a code that validates against the operator's API. No personal data crosses the boundary. The third-party system goes from custodian of personal data to consumer of an opaque identifier.

  • Replace the gate function with a graceful three-tier address flow

Tier 1 uses the national postcode database for applicants with a postcode in the operator's home country - fast, accurate, free. Tier 2 falls back to a global geocoding and validation service for international addresses - still automated, slightly slower. Tier 3 routes applicants without a verifiable address to a digital-only fulfilment path - typically a wallet pass or PDF credential rather than a posted physical item. The form never hard-gates on a postcode the applicant cannot supply.

The redesign takes a few days of analysis and a small piece of engineering. Neither tier requires AI. Both tiers existed as technologies a decade ago. What did not exist a decade ago, and what changes the picture now, is that the opaque-code-plus-graceful-address pattern can sit cleanly under a downstream AI document review process - which the original PII-as-coupon design could not.

Why redesigning before automating matters more now, not less

There is a temptation to read process-redesign discipline as a slower, more cautious approach to AI - the conservative voice in a room full of enthusiasm. The opposite is closer to the truth. Process redesign before automation is what makes AI adoption fast and defensible, because it removes the failure modes that would otherwise surface in production six months later.

Take the opaque-code redesign above. With the postcode-as-coupon pattern in place, an AI-supported eligibility decisioning process inherits all three failure modes. The AI would auto-approve applicants whose postcodes were invalid. It would still exclude international applicants. It would still leak personal data downstream. The AI does not make any of these worse, but it does not make them better either - and the operator now has both a broken process and an AI implementation to defend in an audit.

With the redesign in place, the AI process inherits a clean upstream. Submissions are validated at intake. The code generated on approval is privacy-safe by construction. The fulfilment path works for every applicant regardless of address. The AI eligibility agent can do its job - reviewing supporting documentation, scoring confidence, routing exceptions to human reviewers - without inheriting design problems that AI cannot solve.

MIT Technology Review framed this in April 2026 as the shift toward "agent-first" process design: redesigning processes around AI agents rather than bolting agents onto fragmented legacy workflows. The framing is correct but the sequencing matters. Agent-first does not mean AI-first. It means designing the process to be cleanly automatable - and then automating it. The redesign and the automation are different activities, and the order is non-negotiable.

Five diagnostic questions before adding AI to any existing process

Any process being considered for AI automation should pass five tests before the AI conversation begins. If any of them fails, the process needs redesign work first.

  • Are any data fields doing more than one job? Postcode as coupon, name as identifier, email as login and notification channel, phone as one-time-password destination and contact field. Field overloading is the most common sign of a process that needs redesign. Each job should be performed by a fit-for-purpose field with appropriate validation.
  • Are any of the validation criteria implicit? If the validation logic is encoded in customer service team training rather than in the form itself, AI cannot enforce it. Make the implicit explicit before automating.

Where does personal data flow that does not need to?

Data minimisation is a GDPR principle but it is also an architectural principle. Every place personal data appears downstream of intake is a place an AI system will inherit - and where the audit will land six months later. Remove the unnecessary flows before automating the necessary ones.

Who is structurally excluded by the current process?

Address-based gates, language-based gates, channel-based gates (paper-only, phone-only, in-person-only) all encode exclusion. AI does not solve exclusion; it amplifies it by making the excluded population invisible in the dataset. Fix the gate before automating the decision.

What happens when the AI says no?

If the answer is "the applicant is rejected," the process is not redesigned enough for AI. The AI Act and GDPR Article 22 both restrict solely automated decisions with significant effect. A defensible AI-assisted process keeps a human in the loop on every decline. Design the human-in-the-loop step before designing the AI.

Closing

The hardest part of enterprise AI in 2026 is the part that has nothing to do with AI. The two-thirds of organisations achieving real impact are the ones redesigning processes around what AI can usefully do. The third that is layering AI onto existing processes is reporting little measurable value. The pattern repeats across every survey, every industry, every vendor report - and yet the temptation to skip the redesign step and go straight to the model is as strong as it has ever been.

The discipline is simple to state: Process First, Automate Second, Amplify with AI. Diagnose the process. Redesign the parts that are broken before automation. Then automate. Then - only then - layer AI to amplify what the redesigned process is now doing well. Skip the first two steps and the AI is rescuing a process that should not have been kept. Apply the first two steps and the AI is amplifying a process that is already worth amplifying. The order is the architecture.

If you are evaluating an enterprise process for AI automation and want to discuss where redesign needs to come before tooling, the VE3 team would welcome a 30-minute conversation.

Blue upward trending arrow icon indicating growth or increase.

Recent Blogs

The Four-Part Division of Labour: Where the AI Actually Sits in a Production Agentic System

Blue calendar icon with a white page and two rings on top.
June 4, 2026

When PII Is the Coupon: Redesigning Processes Before AI Gets Near Them

Blue calendar icon with a white page and two rings on top.
June 4, 2026

Deploying AI in Regulated Environments - Navigating IT Security, Governance, and Trustee Sign-Off

Blue calendar icon with a white page and two rings on top.
June 3, 2026

From Rigid to Reasoning: How Enterprise APIs Become Agent-Ready in 2026

Blue calendar icon with a white page and two rings on top.
June 3, 2026

Harmonizing Healthcare: AI-Driven Patient Intake and Claims Auditing

Blue calendar icon with a white page and two rings on top.
June 3, 2026
Blue stylized letters and number forming the text VE3.

Innovating Ideas. Delivering Results.

ServicesExpertisePlatformsSolutionsIndustriesPartners
BlogCase StudiesResearchNewsNewsletterEvents
About usCareers at VE3Life @ VE3PoliciesCommitmentsContact Us

Subscribe to our Newsletter

Woman sitting on couch wearing a white cable-knit sweater and blue jeans, holding a phone with one hand.
  • © 2026 VE3. All rights reserved.
LinkedIn logo in white on a gray circular background.Facebook social media icon with white f on a gray circular background.Gray circle with white X symbol, indicating a close or cancel button.Gray play button icon within a rounded square with a subtle drop shadow on a white background.