Privacy issues have largely been the domain of business, risk, and compliance leaders and not directly the concern of data leaders and their teams. However, this is changing as an evolved perspective on data and analytics governance, including recognition of privacy considerations, begins to take hold in the industry. With governance increasingly falling under the purview of data leaders, they now must begin to assess and address privacy-related concerns and risks in the enterprise.
Our survey data show a strong majority of organizations view privacy issues as important to both the organization and its customers; 85 percent rate it critical or very important. However, this makes clear a serious gap. With all the inherent risks of privacy issues—including potential legal, compliance, brand, reputation, and customer-retention ramifications—every organization should see privacy as critical to its success and well-being.
Even if not fully in the data leader’s domain, privacy issues related to BI and analytic content, as well the data from which it is derived, absolutely are. And data leaders that focus on privacy have a better chance of showing value from their efforts—data also show that an increased focus on privacy correlates with degree of BI success.
For data leaders to capture this opportunity and also help their organizations advance the priority of privacy in general, they need to determine key stakeholders with whom they can collaborate to drive a broader focus on privacy. This may include the chief information security officer (CISO), chief risk officer (CRO), chief compliance officer (CCO), or other business leaders. By joining forces with such roles, data leaders can benefit their own initiatives as well as those of the broader enterprise. With a minority of organizations reporting their privacy efforts as completely successful, those leaders likely are seeking additional partners and resources too. Privacy is no longer their responsibility alone.
Data leaders can help their organizations and others responsible for privacy by assessing what areas of the business and strategic initiatives have privacy-related risk. By identifying where risk and outcome importance are high (and also where business functions and leaders do not acknowledge this), they can locate potential opportunities for action. This involves discovering the bottleneck and challenges toward improving privacy controls—which may be caused by gaps in skills and training, technology (where privacy controls could be automated), policies, and processes. It also involves identifying, in a positive and collaborative manner, where the CISO (or others) may not be as engaged on the issue as they should be. Data leaders have a unique perspective on data management that can supplement existing privacy programs and further the goals of privacy-specific leaders.
With all the intelligence gleaned from these assessments and collaboration opportunities, data leaders can develop a plan for shoring up privacy policies, processes, responsibilities / skills, and controls. Considering both the customers’ (external) and organization’s (internal) viewpoints—including how privacy risks impact the business—will yield the most impactful courses of action. Such a multi-dimensional view on where and how privacy issues can impact the business and its customers, plus partnership with key privacy-focused roles, sets the team up for delivering the maximum positive impact and value.
Many organizations cite challenges and gaps for addressing privacy in the form of skills, technology, and processes. Data leaders and their partners can make improvements by growing or procuring skills on privacy considerations, processes, and technology. While technology can be applied to quickly address simple privacy control gaps, it is critical to work with business leaders to revise privacy processes and behaviors.
Privacy is a holistic discipline, not a tactical or technology-only issue. The key to success is executing the plan in a well-rounded manner, improving all the supporting disciplines as needed, and joining forces with the CISO (or others responsible for privacy in the enterprise).You do not have permission to access this document. Make sure you are logged in and/or please contact Danielle with further questions.