A small group of companies are leading the way in building trust in data. They offer a guide for others looking to improve their ability to extract value from their data in a secure and ethical way.
A bundle of personal services in your town at the click of an app, all day back-and-forth with your voice assistant, a warm welcome, by name, from your favorite brands the moment you touch down in a city or an effective tailored treatment plan for your chronic condition. These are real-time, customized experiences brought to you by data.
Data is the inexhaustible output of ubiquitous connections of things, people and organizations. Analyst estimates of the potential of data to transform experiences, industries and cities run in the trillions of dollars, the size of a large economy today.
If your company does not yet have a formal process for valuing its data assets, you are in the minority. Seventy-two percent of more than 3,500 respondents to PwC’s Digital Trust Insights survey say their organization already has one.
The survey respondents’ primary ambition for investing in data is to bring the highest value to customers in their industry in the form of data-enabled products and services (41%). This is followed by a desire to be the most efficiently run organization in their industry (35%).
The biggest challenge to their ambition? Lack of confidence in the quality of their data and, more important, their ability to safeguard that data by preventing data theft and leakage, protecting the integrity of data and data-driven processes and decisions and managing privacy risks. This focus on data protection is justified, as only 25% of consumers believe companies handle their data responsibly.
That’s why it’s time to shift to a data trust strategy, not just a data strategy. Focusing solely on the potential for value creation—how to use data to create new products and services or enter new markets—is not enough. Mitigating against the potential for value destruction, such as the cost of privacy breaches or the risk of relying on inaccurate data, is a must.
Of the survey respondents who have a formal process for assigning value to their data, 37% involve the data privacy team consistently in the process. They are the data trust pacesetters.
37% of those who have a formal process to value data involve their data privacy team consistently.
The data trust pacesetters show discipline in valuing data across corporate initiatives: from the launch of new products or services, to savings captured by data-driven cost initiatives, to potential acquisitions, to initiatives to increase workforce effectiveness.
Regardless of what data they rely on, or how they integrate it into their operations, these pacesetters have one thing in common: They are adept at using data to improve their bottom line. For example, among these pacesetters, 61% have successfully implemented plans for using data to make their operations run smarter and faster, compared with just 46% of all companies. As a result, they are three times more likely to see ROI (24%) than the rest (7%).
Here’s another way that the data trust pacesetters stand out. As data has multiplied, so have regulations to protect privacy and data. Data trust pacesetters see regulations as an opportunity rather than a roadblock. They can create trust within an organization and ensure that data is centralized, which encourages collaboration. More than 75% of the pacesetters we surveyed said regulations help make their business operations run smoother and faster.
The value of customer data—profiles, transactions, preferences and behaviors—is wholly determined by the organization that owns and uses the data, and it will change depending on the context, or what you want and are able to do with it.
That’s why assigning value to data is an important discipline to master. How much is your data worth? How much should you spend to acquire new data? How much more value will your data bring if it’s combined with other data? How much (ie., what percent of revenue) should you spend to protect your data?
Coming up with the right answers to these questions requires a data privacy team that can help put a value on your data. Possession and use of data create responsibilities, which in turn affect its ultimate value to the organization. Many regulations now specify the way data needs to be handled (which adds compliance costs), the limits on the use of data (which reduces commercialization potential), and the consequences of losing data or allowing it to be breached (which increases risks and concomitant costs). Privacy legislation continues to be hammered out, so it’s important to rely on a real-time inventory of privacy regulations around the world.
One decision that requires the data privacy team to work with you on the valuation is the decision to contribute to and benefit from a data exchange. For example, health information exchanges harness data on a much larger population than any of the contributors’ individual data sets. The California Consumer Privacy Act (CCPA), for example, specifies the obligations of both data contributors and data users vis-a-vis consumers.
A second decision is figuring out how to structure a deal in which data assets are significant determinants of deal value. Any deal to acquire AI, for example, has to account for arrangements to fuel AI with enough quality data to train the system. And the General Data Protection Regulation (GDPR) empowers authorities to levy fines on acquirors who fail to meet the consumer data protection obligations of the acquiree.
Deal integration plans also need to account for operational implications, such as the ability to respond to customers’ requests for their data. A PwC survey on corporate spending plans and policy approaches for CCPA, conducted in October 2019, revealed that two-thirds of respondents expect to field more than 500 customer calls per day, with 11% planning for more than 10,000 daily. That’s a good reason for the high expenditures and investments in automation associated with CCPA preparations.
Our analysis shows that pacesetters stand out in five distinct areas. They offer a guide for any company looking to improve its ability to extract value from its data in a secure and ethical way. The traits should not come as a surprise to professionals who’ve been paying attention to the tensions created inside organizations as privacy regulations take hold amid a growing appetite to “do more with the data.” Instead, these traits show how a coordinated approach contributes to handling regulations around data protection and privacy as they come, welcoming opportunities rather than fearing obstacles.
1. Consistently involve the data privacy team when valuing data. New data-driven solutions bring new vulnerabilities. By incorporating risk management into their data development efforts, pacesetters can identify potential problems and help protect against them before catastrophe strikes. For example, hyperpersonalization initiatives can be protected with identity proofing and verification solutions. High-stakes simulations on digital twins can be shielded from data manipulations that could be devastating for the real-life counterparts. And AI initiatives can be carried out responsibly to make sure that algorithms are making decisions that align with the organization’s—and society’s—values.
2. Routinely value data. Pacesetters not only effectively assign value to data, they also establish processes to ensure that value is applied consistently across data sets. Even industries such as health care and financial services, which have worked with privacy data issues and have deep experience in data collection, have not necessarily moved to the next level of extracting value from their data.
Pacesetters use marginal cost-benefit analyses on each data element to determine what data is worth acquiring. This helps them show a return on their investment, rather than simply relying on leaders’ untested assumptions. Valuing data properly can also have a direct impact on operations, such as by setting the appropriate priorities for supply chains.
The future of data trust will require refining data valuation methods. CCPA requires businesses to “use and document a reasonable and good faith method for calculating the value of the consumer’s data.” (§ 999.337) We expect this to usher in efforts to formalize consumer-data strategies and a corresponding financial model, for which there are few industry standards.
3. Adopt leading practices in ethical use of data. Pacesetters also have defined a data strategy that outlines not just plans for data’s use, but also for its integration into a platform (see next trait). And they align that plan with their overall strategic vision. They adopt a value-based approach to data, which also means keeping only the data they need and eliminating the rest. Pacesetters also have defined responsibilities across the organization to ensure data’s ethical use. As part of this practice, they embrace technology to power and direct data protection, management and governance.
Biometric sensors, facial recognition, emotion-sensing AI, autonomous devices and machines—these and other technologies will push organizations to clarify their values, define limits and address consumers who will increasingly hold them to their promises and their stated purpose around privacy. Admittedly, this will involve trade-offs. According to the PwC Digital Trust Insights survey, if asked to make a choice between profit and privacy, 60% of respondents would choose customer privacy, while 34% would choose profit.
4. Embrace leading practices in data engineering. Pacesetters create design tools that incorporate security and privacy into their systems, products and services. They create comprehensive data maps for risk assessments and controls testing, and they are continually monitoring the changing value of their data and reassessing the appropriate level of protection needed. Pacesetters also actively govern third-party vendors to ensure they adhere to the required standards for data handling, security and privacy.
Databases were once heralded for their ability to store, sort and retrieve data, but companies that still rely on databases are using yesterday’s tools. The static nature of databases limits their ability to contribute to the bottom line. The future of data trust entails developing collaborative platforms instead. These platforms enable true data discovery that pinpoints not only missing data, but also any gaps in its quality, usability, security and potential risks. With platforms, organizations can continually convert raw information into trusted, business-critical data, which can become a foundation for growth. By providing a single source of truth, a platform also provides the basis for data destruction initiatives governed by the organization’s strategic goals.
5. Form a collaborative team with the authority to act. At many companies, the responsibility for data management is dispersed among different executives. Data pacesetters build cross-functional data governance teams to understand the data and develop processes for using it ethically.
Untrusted data is a liability; trusted data is an essential asset. Data trust pacesetters bring the value creators (from the business side) and value protectors (from the risk, IT and cybersecurity sides) together to develop data policies and practices that meet the needs of customers, employees and regulators, as well as the business.
If decision-makers within an organization cannot trust their data, or their ability to protect that data, then the data is not just useless, it’s actually a source of risk. Companies that build their business models on inaccurate or unsecured data risk breaches, regulatory scrutiny and damage to their reputation. A forthcoming PwC study on internet of things (IoT) shows that companies that have made the biggest bets on connected devices and solutions are far more likely to be taking concrete steps to address privacy. Many are developing policies delineating how AI and IoT affect customer privacy or are conducting a data privacy audit.
The data trust strategy turns data into an engine for continuous growth. Data trust is a moving target, and obtaining, protecting and eliminating it is a perpetual process.