The successful CDO: Enabling growth while managing risk
Editor's note: James Howard, along with Michael Jennings, senior director of global data architecture at Walgreens Boots, and Doug Laney, principal, data & analytics strategy at Caserta, former Garnter analyst and best-Selling author of "Infonomics," will speak on "Making the Case for the Broad Scope CDO" at the MDM & Data Governance Summit in Chicago, July 10-12, hosted by Information Management.
The importance of leveraging data continues to grow dramatically - the CAGR for analytics alone is projected to be nearly 30 percent per year through 2023. Per a 2018 report by NewVantage Partners, 97 percent of survey respondents report they are investing in data-oriented projects, and per Gartner, 85 percent of data projects fail.
Data continues to be breached at an alarming rate. So far in 2019, nearly 2 billion records were breached or exposed as a result of hacking or poor security. Logically, the increased risk of breach is tied to the increased handling of data -- taking the jewels out of the vault increases the chances the jewels will be stolen.
Finally, more and more privacy regulations are coming into effect that impact virtually all companies in one or more ways; GDPR effectively led the way with a comprehensive set of rules, which went into effect last year. California enacted the CCPA, New York has a bill introduced to the state senate, and several more states are following suit. India has recently enacted a comprehensive privacy law along with Japan and others.
Looking at these three points together shows three interdependent trends: (1) data is being leveraged to a greater extent, (2) data breaches are on the rise, and (3) law-makers are reacting to what they see as lapses in efforts to secure data -- all affecting the same data. And successful execution across all three is critical to return value to stakeholders, comply with the law, and preserve the integrity of their brand.
Governance Helps Achieve All Three Imperatives
Data governance is key to enabling the use of data, while managing risk and complying with obligations. Chief data officers are being appointed to oversee these efforts, articulating a data vision, defining a data strategy and driving execution.
Addressing each of the three imperatives is a complicated undertaking, but combining the three may actually simplify the challenge, since the CDO has the best vantage point to know the data, understand the risk, and build compliance into the activities that manipulate and process the data.
What does this look like?
By driving the data vision and owning the data program, the CDO is at the nexus of understanding what data exists, it’s value, it’s quality, it’s location, and obligations that affect it. To convert this to the right value proposition, the CDO needs:
If it’s acknowledged that data is a critical asset, the CDO needs to be at an executive level with authority to drive the data program. While it is true that in many respects the CDO is a diplomat or ambassador, promoting, communicating and educating others on aspects of the data program, they should also have the autonomy, authority and budget to drive adoption in support of the vision.
Insight at C-level and BoD level
Boards of Directors are routinely briefed on cyber risks and, increasingly, on the role data plays in the company’s future. As the key executive overseeing the organizations’ data, the CDO is in a great position to advise the Board of Directors and CEO on matters pertaining to data, including adding insight into the intersection of data and related risks and threats. This has the added benefit of giving board members context to the cyber briefings they receive from the CIO or CISO.
Role in risk and compliance
In their role, the CDO has a good point of view on the nature of data, including how the data is stored, processed and transmitted. They assess the value of the data, and as a result, can provide valuable insight into the risks. By collaborating closely with the CISO, they can help ensure protections are workable, and proportional to the risks.
Moreover, by understanding the data and how it is being processed, the CDO is critical in determining how to comply with data-related regulations, including GLBA, CCPA, HIPAA/HITECH, GDPR. With their role in developing and operating data processes, they can implement Privacy by Design -- a holy grail among privacy professionals.
Data science is evolving at an extraordinary rate, creating tools and technologies that were unimaginable a few short years ago. Companies are faced with opportunities to invent solutions with data that can offer never-before-seen benefits driving growth and revenue.
But looking across the market, there are numerous examples where in hindsight, the solutions can cause irreparable harm to individuals. There are no clear rules or guidelines for assessing ethics in a field as new as data. The CDO is in an important position to step back and help determine whether certain solutions should be pursued -- even if its at the expense of profits.
The CDO is a new role for many organizations, tasked with the critical responsibility of driving business value from the abundant asset called Data. To be effective, the CDO has to have the ability to operate with authority and with support. They need the ability to influence and - in some cases - drive activities across their companies.
Moreover, with their insights into data, they can also manage risk and ensure compliance with data obligations, helping to drive growth, while protecting their brand.