Each day, organizations accumulate vast amount of data from various sources. This created an opportunity for monetizing data in ways unimaginable.
How to strike a balance between opportunities and risk
According to PwC’s19th Annual Global CEO Survey, 68% of CEOs regard data and analytics technologies as generating the greatest return for stakeholder engagement. This finding unsurprisingly makes sense since using data in innovative ways can have a substantial upside for an organization and its customers. But of course, it also comes with these new risks and obligations that may not be easier to manage than before.
1) Lack of knowledge of data collection and retention activities. It is not uncommon for organizations to be not fully aware of how much data they have collected and are collecting. What types of data are we collecting and why? How is data protected? Where is data stored and processed within the many systems in the organization?
Such questions will remain unanswered for most organizations. In fact, only 51 percent of respondents to PwC’s Global State of Information Security Survey 2016 reported having an accurate inventory of where personal data for employees and customers is collected, transmitted and stored.
2) Possible data compromise, misuse or theft. In the past few years, high-profile data breaches have affected billions of records, making organizations fully aware of what can happen when they don’t properly secure, manage and protect their data. Closer to home, one can still remember the so-called “COMELeak” and the unimaginable and undesirable scenarios that could happen if voters’ personal information was used maliciously.
3) Little or no visibility on how data use affects individuals and customers. It isn’t always clear to individuals or groups of individuals how an organization’s use of their data affects them.
4) Inaccurate decisions due to poor data quality. Data being stored or held by an organization could be old or inaccurate, and might be from unclear and dubious sources, too. This may put an organization in an awkward position if it decides to use that data in a high-impact or high-profile way, such as growth-oriented activities, improving product development or enhancing customer insights. The resulting situations can range from relatively non-threatening to extremely serious, and subsequent decisions may affect someone’s rights.
5) Failure to appreciate complexity of local or global regulations. As governments step up their response to concerns over data privacy and use, overly complex and burdensome regulatory provisions have become prevalent.
Wrong or inaccurate interpretation of these regulations, both local and cross-border, can result in hefty fines and reputational damages. In fact, relatively minor gaps in privacy controls, for instance, could lead to substantial financial damages.
In the EU, for example, for violation of the General Data Protection Regulation, an organization may be fined to up to 4 percent of its global revenue. Policymakers in other countries are also looking to increasing their regulators’ power while courts of law are becoming more activist. Approaches to regulating privacy also vary significantly across the globe. Here in the Philippines, our very own Data Privacy Act of 2012 also imposes sizeable monetary fines and sanctions for certain violations.
6) Inability to capture opportunities due to conservative use of data. Some organizations are overly cautious and simply choose not to use their data. Whether that’s because they have an unclear vision of how to safely take control of these data or they fear possible major negative consequences associated with data collection and use, the result is the same – missed actions that would create value for competitive advantage.
The need for data use governance
Organizations of different sizes are struggling to balance and put in place appropriate systems, policies and processes to maintain an effective and efficient data governance use model.
In most cases, organizations are just starting to appreciate and institute basic privacy practices and capabilities to protect data while figuring out how to use data better to create greater value and impact on the organization and other stakeholders, such as shareholders, employees and customers, among others. Not surprisingly, the right capabilities and skills to effectively use and control data to create significant business value are not yet present in many organizations.
The way forward in this digital age: Achieve the right balance
As organizations progress to become the first in their respective markets and industries in taking advantage of what data can do for them, their practices and capabilities on data use governance should ultimately be able to effectively balance opportunity and risk. That is, to be in a state where individuals, customers and regulators expect them to be.
Roberto C. Bassig is a director from PricewaterhouseCoopers Consulting Services Philippines Co. Ltd. Email your comments and questions to firstname.lastname@example.org. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.