PwC Privacy Experts: Organizations Need to Deploy Strategic Data Framework Companywide


As the amount of data that organizations create, collect and use continues to grow, that increased data incurs more risk for them, according to privacy experts at PwC, who urged organizations to deploy a strategic data framework throughout their companies.

Along with all that increased data, the many major challenges that chief data officers (CDOs) at companies face heading into 2019 include expanded privacy and regulatory expectations, an abundance of different advanced tools that are being used but aren’t interoperable, constrained data capacity, data security, and the increased “drive towards digital,” Jocelyn Aqua, PwC principal, risk & regulatory consulting, said Oct. 9 in the webcast “Driving trusted data optimization while managing risk.”

To seize on the data use opportunity that’s presented to organizations now, companies “should strategically address data strategy and risk, engage with policymakers to manage and execute their business strategies, while also recognizing the interests of their customers,” according to PwC.

“One of the huge challenges for a chief data officer is really just how do you get your arms around all of the managed and unmanaged, unstructured and structured data,” according to Peter Cullen, PwC privacy innovation strategist.

When it comes to unmanaged risk at companies, meanwhile, “there’s really three things going on,” he pointed out. First, “more companies are really shifting their business strategy to focus on data” as the product that they are selling. But “the more you use data, the more risk you create” and also, “by extension, organizations’ risk management and governance systems aren’t keeping pace,” he explained.

Second and, “perhaps more relevant to this, is the shifting regulatory or public policy expectations,” he said, pointing to the recently enacted General Data Protection Regulation (GDPR) in Europe that’s “certainly driving the way that public policies [are] evolving globally.” He predicted that we’ll soon see “regulatory guidance coming from around the world in terms of what are the expectations around ethical data use or fairer data use.”

The third related problem becomes “internal decision-making” around whether an organization should use data at all for a certain purpose, whereas in the past data was just used automatically, he said, adding: “Companies are struggling with how to do even internal decision-making” now and we’ve seen the introduction of “reticence risk” in which “the decision drivers are so unclear inside an organization that data value is actually left on the table.” That’s not a formula for success because a “successful organization thinks about a way to kind of manage the optimization of the data in a way that risks are not just managed but [there’s also] one eye on the future in terms of where the market expectations are going,” he explained.

“If your job is to implement” a personal data governance strategy over the next year, Jay Cline, PwC principal, privacy & consumer protection, suggested taking a “five-phase approach”: discover & analyze, assess & recommend, strategize & plan, design & build, and operate & monitor.

In the discover & analyze phase, you should compare what business stakeholders say is data they need with what data you have and identify what data to delete, optimize and acquire, according to Cline. During the assess & recommend phase, you should identify data-ethics values and related controls – and other unassessed privacy regulations – and assess readiness against them. In the strategize & plan phase, you should fund, staff and schedule a multi-year strategic initiative with sufficient program management office (PMO) support. During the design & build phase, you should deploy enterprise-wide CDO organizational and technical capabilities across data management, data use and data security. And, in the operate & monitor phase, you should test the data-ethics controls and measure the performance of the business-data strategy against its objectives, Cline said.

Also speaking during the webcast was Sheila Colclasure, global data ethics officer at data onboarding specialist LiveRamp, who said: “Everyone is beginning to realize that the world’s becoming data-driven; that companies are thinking and acting with data; that, to be competitive, you have to do that. So, you’re going to have to adjust your processes and all the data has to be under control and it has to be used for a good purpose.”

This was the second in PwC’s “Data Use Governance” webcast series. Back in June, the first webcast in the series started the conversation by talking about the proliferation of data and need for governance.