It can sometimes feel like chief data officers are being pulled in about ninety different directions, mainly because data is something that is so valuable as a business asset. You will get requests often from a variety of different departments within your organization and it can be tempting to try to service them all, but these requests deserve a thorough vetting—each and every one of them. Why?
Because the data you keep represents people. These people have privacy rights but perhaps more importantly, they have privacy expectations. They expect you will not share their data with completely unrelated parties. They expect you will not harass them with solicitations multiple times a day. They expect you to safeguard their personal information from both threats internal to your company and from the outside world. And when they feel these rights and expectations have been abridged, they will complain to regulators—and in today’s environment, it does not need to be said that tangling with regulators is not a productive business practice, does not increase productivity or add results to your company’s bottom line, and does not drive new business forward.
What would a roadmap for a new CDO look like when it comes to data and privacy? Here are three key tips for those who find themselves in the CDO role to make sure your data lakes are as protected as they are useful.
- Balance the need to monetize your data with the protection of the people that data represents. Ensure that your affiliate partners, subsidiary companies, and anyone else with access to your data either on a one time or on going basis has strict internal controls. Ensure you have documented these companies’ access in your annual privacy policies. Ensure that you are sending out these privacy policies regularly and that the information within them is accurate. When negotiating new data sharing and insight analysis deals, insist upon clauses that guarantee these controls, indemnify your organization against malicious or negligent actions on the part of the subsidiary company, and consider requiring an independent audit to ensure privacy practices at the affiliated companies are sufficient based on the relevant federal and state laws.
- Understand and organize the corporate compliance and governance needs and tasks that surround keeping increasingly huge amounts of data on individuals and their actions. If you’re just sinking into the role of chief data officer, or you find yourself the de facto data manager (or mangler, as the case may be) of your organization’s data assets, you may well find yourself surprised and taken aback at the compliance requirements and governance controls needed around data. You must be able to respond to lawsuit discovery requests, produce accurate and timely reporting for any regulatory bodies that require your information,
- Insist on clear business cases for the storage and the use of accrued data. Too often we find companies in all industries just collecting information and dumping it into a data warehouse or a data lake on a sort of “just in case” basis. “Maybe we will need this some day,” they say, or a committee decides to put in place a giant data lake and hopes that its mere presence will be the catalyst for all sorts of business insights and revolutions. From privacy concerns to data security concerns to simple cost reasons, this is not the way to operate, and as the chief data officer, it is your role to establish the data programs your business will accept and operate and decline to simply store data for data’s sake. Instead, partner with your lines of business to determine their needs and what a business case for using the data you already possess would be, or what the business case for acquiring and retaining new data might look like. Work with the current users of your data to determine what they are doing with it and how they are using it, and see if you can streamline their processes or eliminate duplicate efforts from separate departments. Finally, draw a line in the sand and ensure your office is consulted for any future data projects, including acquiring, retaining, servicing, and disposing of any data. If you feel the need, get executive sponsorship to change the processes and workstreams within your organization so that your office is inserted into these processes to keep a better handle on data in your company.
Adopting privacy practices that respect and protect consumer privacy can build better customer relationships. At DataSift, we believe a privacy-approach is vital. Our mission is to provide insights while protecting the consumers identity. To learn more about a privacy-first approach, take a look at our white paper, Balancing Human Data Intelligence and Consumer Trust.