New Privacy laws are coming into force while existing ones are under constant review. Technology leaders must account for the laws of every geography they do business in as a breach can bring about strong penalties. How can data officers meet regulations confidently? Privacy policy is constantly evolving across geographies, towards providing more control for customers on their personal data yet letting companies and public authorities share what is required for efficient governance, better service, and public good. Privacy engineering as a science must cater to providing geographical awareness that is backed by technology advancements like catalog, privacy, and security analytics. Assessment of the threat surface area begins with determining the classification of personal data in a geographical area. It is crucial that the catalog has the intelligence to apply geographical rules to classify the personal data, since what constitutes personal data differs between countries. As an example, financial information may be considered sensitive personal data in India but not in Europe. Over 137 countries have legislation to protect data and privacy. The data office can formalize, as part of the overall breach incident response, the integration of privacy intelligence and thereby privacy reporting tasks that have geographical context. Further, data offices can partner with the legal teams to ensure compliance with regulatory requirements. Siloed data undercuts its value. What approach should IT decision makers undertake to ensure end-to-end data discovery process across the network? If data is siloed, it cannot be used for developing insights and products. For an organization that is yet to invest in managing its data and thinks centralization is costly or a bottleneck, a data mesh architecture is a decentralized approach at its core, with its domain team ingesting its operational and analytical data and developing data products. However, even in a decentralized setup, data needs to be discovered, as what is not known cannot be used. Information Technology as a function will have to support data discovery platform with an objective to understand the technical data estate that can then be defined as meaning by domain teams. The implementation of data governance is both imperative and challenging to prevent multiple versions of the truth with an organization. How can proper data governance be ensured? From the initial concept of corporate governance, IT governance has evolved into the recent concept of data governance. Globally, the adoption of cloud services, the evolution of modern data stacks, and improved data literacy have led to a greater interest in governing data over the past years. Implementing data governance is necessary to get sustainable value from data. A subfunction can be formalized as an authorized provisioning service. It can support activities that help ensure that a data element can be rightfully sourced from a designated provisioning point. In addition, it can have the domain team express their trust in certifying data as a system of record as well as authorized to provision. Other technologies that can help the identification and certification of single version of truth are data discovery, profiling, quality, and observability, to name a few. If there are multiple values to properties of an entity like a customer, technology like master data management can translate the know-how of operational personnel into prioritization and survivorship rules that can create and maintain a version of the truth that can be consumed universally within an organization. Data-driven projects demand a substantial investment of budget and resources. How can data officers justify both? Investments into data capabilities and development of data products have increased multifold over the past years. This requires investments into tools as well as commissioning people as well as augmented knowledge workers like consultants along with setting up new processes as well as interventions. Formalizing management of data through data governance can increase transparency, accountability, responsibility, independence, and fairness in implementing corporate governance. One crucial aspect of formalization from data offices is assessing return-on-investment on investments and maintaining the value of data assets. What tips would you share with IT leaders looking to establish a data strategy and direction for their companies? The 1994 Hawley Committee report first identified data as an asset, defining it as âdata that is or should be documented, and that has value or potential value.â Data offices can focus on the decision rights related to the data assets and the network of relations to ensure data is qualitative, consistent, usable, secure, protected, and yet available. In the past decade, the interest in data management has increased multifold with the evolution of business models that are driven by data along with the evolution of the modern data stack and cloud capabilities. This has in fact resulted in a need for improved data literacy around the globe. Industry bodies like DAMA, EDM Council, along with other data communities are providing global literacy around benefits of managing data with standard frameworks. During the process of determining the companyâs goals, the board is entrusted with exercising critical judgment, while the data office is responsible for designing data strategy and policies to ensure that these goals that have data contribution are met. Information Technology is not to blame for the emphasis on people and process capabilities; however, it should be considered when planning future technology investments that can enable the achievement of the goals outlined by data and business strategy. IT leaders can keep up with rapid advancements in data technology including data collection, cloud storage and processing, machine learning operations, automation in data operations and data security to name a few domains of interest. Within the organization, the data officer can build a data-driven culture by imparting awareness around benefits of managing data activities through interactive newsletters, roadshows, board representation and formalization of people and processes that involve data. |