Needed: Trustworthy frameworks for monetizing data
30 March 2017
The private sector’s rush to collect and monetize consumer data has led many companies to create vast information stockpiles without careful planning. That trend is continuing as developers of the Internet of Things produce countless devices without basic security and privacy features. For many companies, unfortunately, emerging risks tied to data usage have been an afterthought.
Here’s the good news: It doesn’t have to be that way.
Many companies recognise that frequent data breaches have sapped consumer trust. In PwC’s 20thAnnual CEO Survey 2017, for instance, 68% of respondents said soaring volumes of digital data had made it harder for businesses to gain and retain customer trust. As we discussed in the first article in this series, it is critical for companies to address common risks, including the potential for data to be compromised, stolen or misused; the potential lack of awareness within a company about what data it collects and retains; and the risk of running afoul of increasingly complex global regulations.
Framework comes first
Fortunately, companies aiming to thrive in the digital economy can think broadly about emerging risks and take bold action by developing a robust data-use governance framework. Rather than relying on legacy approaches to collecting and stockpiling data that are likely incompatible with emerging risks, this framework should be built on a privacy-by-design approach, which embeds privacy into the architectural specifications of technologies, business practices and physical infrastructures.
A Chief Information Security Officer (CISO) or Chief Privacy Officer (CPO) should spearhead development and implementation of a data-use framework that considers privacy considerations and includes the following elements:
– Data-flow mapping of where information is stored and transmitted, and who can access this data
– Discovery, classification, and life-cycle management of data
– Embedding security and privacy-by-design processes and skills into development life-cycles
– Policies to ensure that data is ethically used only for the purposes it has been collected
– Use of technology and advanced analytics to maintain an “evergreen” picture of personal data, enforce policies and detect uses outside of the policy
– Data-breach response plans
– Privacy risk and impact assessments of laws and regulations across geographies
– Evaluations of privacy impacts of new products, as well as third-party partners
– Tailored training for employees and third-party partners on data-privacy policies
In addition to helping companies monetize data in a way that respects consumers’ privacy, such a framework could also support corporate leaders’ efforts to address emerging data-privacy issues in the workplace and new challenges related to data ethics.
Possession of data, for instance, doesn’t automatically entitle a company to use it. Is it ethical for a company to share its data with another company in order to better understand its customers? Is it ethical to use publicly available information about a candidate to assess he is fit for a job? Is it ethical to disclose customer data to government and law enforcement for use in criminal investigations? A framework gives the C-suite a way to tackle such thorny questions.
Currently, no specific laws govern the ethical use of data. However, as we look ahead, expect some change on this front. Regulators are already beginning to interpret laws with an eye toward ethical data use. We’ll see this in the European Union’s General Data Protection Regulation (GDPR), which has established an ethics board that will evaluate companies’ approach to ethical data use. And similarly, the U.S. Federal Trade Commission (FTC) has announced plans to incorporate data ethics into investigations to determine whether data analytics raises ethical or fairness concerns.
Finally, as noted in the U.S. National Intelligence Council’s January 2017 report on future global trends, the world’s growing reliance on data will require the development of clear limits and standards on data ownership, data privacy and protection, cross-border data flows and cyber security.
This is the second of a three-part series about the evolving uses of personal data and strategies to protect consumer data. Original content has been posted here.