Today’s executives see the opportunities of leveraging the vast amount of data at their fingertips. Peter Cullen, PwC’s Privacy Innovation Strategist, explains the importance of striking the balance between leverage and compliance by managing the inherent risks.
The staggering growth in both the volume and the type of data collected about customers coupled with analytical driven insights from this data is creating a dilemma for many companies. On the one hand, it’s leading to never-thought-of opportunities to improve products, services and processes, create new business opportunities, provide value for customers and generate revenue.
But it’s also exposing businesses to a range of new and unforeseen risks, many of which they are not fully equipped to manage through existing management and governance approaches.
The greatest challenge for executives in the global digital economy is how to monetise the vast amounts of data they gather about their customers without crossing the line into unethical, unlawful or unwanted data use.
Mention to a room full of executives that a company has just employed a data scientist to do innovative things with data and you’ll get a round of knowing nods. That’s because they understand the scale of the opportunity in front of them.
More than two-thirds of CEOs globally see data, analytical capabilities and data driven technologies analytic as generating the greatest return for stakeholders, according to PwC’s 2017 Global CEO survey.
At the same time, it’s been estimated that a median Fortune 1000 company could increase its revenue by more than $2 billion a year if it increased data usability by just 10%.1
But what many companies are finding out is that their data-generated insights, strategies and offerings are running ahead of their current governance systems’ ability to mitigate the risk. An unexpected or unanticipated use of data can raise questions by customers and even regulators. A worryingly high number of companies aren’t even completely sure as to what data they’re collecting and why, its accuracy, how it’s being used, how it’s protected, and even where it’s stored.
Having only a partial understanding of these fundamental issues can lead to missed business opportunities, but also unnecessary risks. Data could be compromised, stolen or misused, or it could be used to make decisions that are perceived as unfair or unethical. If out-of-date or inaccurate data is unwittingly used, the results could be embarrassing at best or cause harm at worst. We’ve all seen evidence in the media of the reputation damage that is caused when data is mishandled, leaked or hacked.
Lack of transparency is emerging as another key risk. Very few companies do a good job of explaining to their customers how information about them is used. This ambiguity can lead to unpleasant surprises once people realise what their acceptance of the privacy terms actually means.
The answer to the data dilemma lies in developing a data governance system that strikes the right balance between capitalising on the full value of data and mitigating the downside risks. But it takes time and investment to reach that point.
The point at which Australian organisations sit on the spectrum varies, however it’s fair to say that there is plenty of scope for improved governance practices. The practices and capabilities embodied by data use governance ‘leaders’ should be the goal of all organisations.
To get there, companies need to do two things. First is to develop a comprehensive understanding of the data and information it holds. This needn’t be as difficult as it sounds as there are technology solutions to help. But you do need to know:
Second is to build a robust governance structure that guides the development of the practices and capabilities necessary to manage data use effectively on an ongoing basis.
The governance structure should comprise four key pillars:
Most countries have put in place regulation to govern the use of data. The most advanced is the EU’s General Data Protection Regulation (GDPR), which potentially affects all companies doing business in the EU.
And it’s a big deal: a recent PwC survey in the US found that 68% of Fortune 1000 CEOs expect to spend between $1 million and $10 million to become GDPR ready.
In Australia, except where they are processing data related to EU residents, businesses currently need only to comply with the Australian Data Privacy Act, which is generally less rigorous and less punitive than the GDPR. But the EU framework provides a pretty clear picture of where the global regulatory landscape is heading.
Forward thinkers won’t be waiting for the Australian regulators to catch up. They will already be thinking about a measured and strategic approach to maximising value from data in a way that is responsible and takes account of impending regulatory change. These companies are thinking of how privacy and data protection enable a data centric strategy.
When it comes to data about individuals, companies today have a dual responsibility: to use that data to create more value for the company and its customers; and to do so in the most privacy-centric, ethical, fair, and transparent way possible. Most companies know this. But many have been slow to develop the capabilities that are critical to achieving it. As a result, they are failing to make the most of their data. Perhaps even worse, they could be making themselves vulnerable to questionable data use that puts them in hot water with customers, regulators or legal authorities.
As the opportunities to use data for growth and competitive advantage expand, so do related risks. That’s why a sophisticated approach to data-use governance is no longer an option --it’s a prerequisite for success in today’s global digital economy.
Partner, Cybersecurity & Digital Trust, PwC Australia
Tel: +61 413 745 343