Data-use governance: monetizing data while respecting privacy

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

January 2017

In the global digital economy, companies everywhere face a growing challenge: how to monetize the vast amounts of data about individuals that they now gather without crossing the line into unethical, unlawful, or unwanted use. Businesses must navigate this new challenge for their customer data as well as for the innovative uses of employee data within the workplace.

What is the model for achieving this balance? The graphic below spells this out in the format of a maturity spectrum for data-use governance. The organizing principle behind the model is that organizations will gradually build out the capabilities described in each level in order to more effectively and efficiently balance their business objectives over time. This will include the adoption of technology solutions as part of their capability mix.

Data-use governance maturity spectrum

A recent review of the early adopters of this model found most companies skewed toward the “beginners” stage. In only rare instances have organizations built the mature data-governance capabilities listed in the “leaders” level that enable them to effectively use information to create significant business value while safeguarding it from risk.

As the spectrum illustrates, the practices and capabilities embodied by organizations at the far right end —data use governance leaders — should be any company’s desired goal. It’s the state that companies should strive for and ultimately achieve. Even more to the point: it’s where customers, employees, and regulators expect organizations to be.

How do companies get there? Data-use maturity requires a deep understanding of where data resides and how it is used or to be used. It also requires building a robust governance structure that guides the development of the practices and capabilities necessary to manage data use effectively on an ongoing basis.

360-degree data awareness

Before an organization can unlock the value in its data, let alone adequately protect it, the company needs a comprehensive understanding of the information and data it holds by answering several critical questions:

  • What data do we have?
  • Where does it reside?
  • How is it being used and by whom?
  • Is that use appropriate and optimal for that data and is the data optimal for its use?
  • Is data being used consistent with legal obligations, customer and employee expectations, and the company’s values?
  • How might the data be used in the future and is that different from how it is used today?

Technology solutions can help in this data identification stage.

A company must then establish data-classification principles across the enterprise that go beyond simply the type of data to include how the data is being used. This broader approach can help determine how to protect and appropriately use each type of data asset regardless of form and location, and make informed decisions about how types of data may be used.

A new governance structure

However, a deep understanding of data is only part of the challenge. Companies must also build a governance structure that enables them to develop and maintain the right practices and capabilities to unlock the value of the data use while mitigating the risks of the data and its use.

A formal data-use governance structure comprises four main pillars:

Strategy—A data-use strategy ties data-use governance to business objectives relating to data and creates a “value-adding” function — rather than one that simply ensures compliance.

People—This view addresses who makes data-use and protection decisions, how those people are organized, their reporting relationships within the enterprise, and how the company will deploy decision-making and accountability through the organization.

Policies and processes—The policies and process pillar involves the “how” of data use governance: the ways in which a company creates, stores, uses, protects, archives and deletes data. Ultimately, it governs how the data is going to be used and the way risks will be addressed.

Monitoring and improvement—With the world rapidly changing, a company must monitor its data use governance program on an ongoing basis to ensure compliance with established policy and procedures and to make continuous improvements. This should include the evaluation and use of technology and advanced analytics techniques to sustain and automate governance programs.

To be most effective, this data use governance structure should be holistic and enterprise-wide, yet flexible and aligned with a company’s culture and other systems. In reality, the use of data often crosses an organization’s vertical structure — making a horizontal, integrated approach a key success factor. It also should be fluid and responsive so it can flex with business drivers or market and regulatory changes.

Toward a data strategy

When it comes to data about individuals, companies today have a dual responsibility: to use that data to create more value for the company and its customers, and to do so in the most privacy-centric, ethical, fair and transparent way possible. Most companies know this. But many have been slow to develop the capabilities that are critical to achieving this goal. As a result, they are failing to make the most of their data. Perhaps even worse, they could be making themselves vulnerable to questionable data use that puts them in hot water with customers, employees, regulators or legal authorities.

The fact is, most companies today are playing catch-up: They must quickly shore up their basic understanding of the data they collect and maintain, as well as define and implement a formal governance structure for the ongoing management of data use.

By adopting a more robust, mature approach to governing data use, organizations can leverage data’s upside while managing risk and reducing costs. And that will enable them to do what the market, investors and regulators expect: create greater value for themselves and their customers in a legal, fair and ethical way.

Contact us

Jay Cline

US Privacy Leader, Principal, PwC US

Follow us