Data Republic Co-Founder and CEO Danny Gilligan shares his thoughts on robust data governance and how to motivate organisations to shift from pain avoidance to data ownership.
There is no such thing as a cookie-cutter approach to effective organisation-wide data governance implementation because every business is different. Even if you were to compare the internal data governance approach of two online retailers, you would likely find differences in their preferred approval workflows, technology stack, enforced privacy controls, and data culture in general. While a cookie-cutter approach to organisation-wide data governance may not be possible, a good starting point for most businesses is to apply agreed upon industry standards and best-practice frameworks to your business over time via the formation of a cross-functional data governance council or centre of excellence.
When it comes to governing specific data collaboration projects across teams, or with external partners, best-practice governance technology vendors can take the headache out of designing and building manual approval workflows for legal, commercial term negotiations and secured analytics environments. You can license governance software that allows robust data governance, that aligns with industry best practices, to be applied and configured to your individual project needs.
Most businesses are approaching data collaboration in two ways. Data exchange projects never get off the ground because it is considered too difficult and risky, or data is being shared without proper governance processes and technology in place to be compliant and secure. Neither of these approaches are going to help organisations remain competitive and innovate. Organisations that see data as a valuable resource are the ones that are ahead of their competitors in building business operations and a governance strategy to unlock data within and outside the organisation.
International standards and hallmarks of best practice implementation
There is not an international standard right now that manages data governance in a holistic way. Some frameworks are now emerging showing that governments are seeing the value and potential of the data economy. For example, Singapore’s IMDA recently released the Trusted Data Sharing Framework. This framework not only delivers clear and accessible data sharing guidelines for Singaporean companies, but also outlines how business leaders can prepare for the unique risks associated with data collaboration. It offers actionable guidance on setting up legal agreements, building a data strategy and managing data sharing projects.
Look beyond Singapore and you will see that at this year’s G20 meeting in Osaka, Japan’s prime minister Shinzo Abe proposed a unified model for global data exchange, which he called “data free flow with trust” (FFT). What that looks like in a practical sense is yet to be known.
Data governance comes down to some key questions and considerations for organisations:
- What data is available and what is the organisation allowed to do with it?
- What is the organisation’s data governance process and chain of command?
- What are the privacy and legal concerns?
- What are the use cases and goals for data collaboration projects; and
- What are the InfoSec and technology considerations?
With these questions answered, organisations can start accelerating data collaboration projects.
Performance by industry
Data governance practices have varied widely across industries for a number of years. Just because you are a “data and analytics savvy” digital retailer or media firm doesn’t necessarily mean that you have data governance in order. Generally speaking, the industries that have always relied on managing accurate, sensitive customer data, such as financial, health or insurance data, have been incentivised to follow data governance best practices for a longer period. As a result, they have been far more effective at responding to the tidal wave of global regulatory reform we’ve seen in recent years when it comes to data and privacy-protection (i.e. GDPR, CCPA and Open Banking).
At a macro level, we are seeing these mass data reforms level out the implementation of data governance best practices across industries, which is a definite win for consumers, businesses and society as a whole. Regulators are now paying closer attention to breaches of personal information (PI) because of the material negative impact it can have on individuals. It comes down to incentivising data security best practices.
In light of this, the question quickly becomes: how do we resolve identity to enable personalised services in an increasingly digital, open world without risking PI? We envision a world where PI is completely removed from the data economy to help protect privacy. Our decentralised, privacy-preserving, matching technology allows organisations to separate customers’ personal information from attributable data and apply information security best practices to PI, while still allowing for data collaboration and identity resolution between organisations.
If we collectively believe that data is the lifeblood of our future economy, then enforceable fines to protect against data breaches are appropriate, not problematic.
Data ethics is very important. We built our technology platform to help organisations exchange data securely and with the right governance processes to mitigate the misuse of data. In the past 18 months, consumers have become hyper aware of how their data has been used and misused. There is a lot of fear, but we see the positive benefits to business and society as a whole that can be achieved when data collaboration is made possible.
To get this right, three things need to be in place. First, proper, companies must be transparent in obtaining and recording consent from consumers on how their data is used. Secondly, a data governance strategy needs to be in place to manage external data collaboration and ensure adherence to the permitted use and license terms. Finally, companies must implement secure technology and infrastructure to facilitate data collaboration and manage the governance process.
Data ethics gets complicated when considering things like medical data sharing. We don’t want to find ourselves in a world where people are discriminated against because of their data. That is why PI should be removed from the data economy, and consent and permitted use strictly followed.
Aggregation can also help protect the individual, while still enabling data-driven insights to be derived. We believe that the net positive outcomes for society and individuals vastly outweigh the perceived negative impact of data sharing, so long as the right consent controls, governance processes and secure-by-design technology are in place.
(Featured image of Danny Gilligan provided courtesy of Data Republic.)