Five steps to a fit-for-purpose data strategy for general counsel
Recent data scandals and the consumer backlash against privacy intrusions call for data strategies built on three pillars: governance, ethical decision making and consumer transparency and control.
Our research shows many organisations are still at the beginning of this journey. For example, almost half of ASX 200 privacy policies have not been updated in the past two years.
Legal counsel are uniquely placed to inform data strategy. They should advocate to senior leadership across multiple business functions for robust, holistic data governance for your organisation. And they can also help develop new trust compacts with consumers by raising the bar on transparency and consumer control over data. Here’s how:
1. Create consensus on principles for good data governance
An agreed set of data management principles is crucial
Where an organisation's philosophy on data use is unclear, in-house legal teams are unable to collaborate swiftly with operational teams to enable opportunities and mitigate risk. This perpetuates a loop of general confusion, inefficiency and reluctance to seek input from legal.
2. Be transparent to protect against risk
Develop a comprehensive map of data use cases at your organisation (both current and future), and ensure these uses are made clear to customers in a simple and engaging manner
3. Empower your organisation to communicate value to consumers
Clearly communicate to consumers the benefits of sharing data
Meaningful communication of the value transaction taking place when data is shared is an essential counterweight for transparency. Consumers need to know how their data will be used, but also what they'll get in return. 41% of Australian consumers are comfortable allowing a trusted brand to transfer their information to third parties if there are clear benefits to doing so.
4. Banish 'set and forget'
Regularly updating your organisation's policy and practices is important, but frequently forgotten
5. Protect your assets
Data strategy is worthless without best practice cybersecurity
As organisations continually find new and more innovative ways of working with data, cyber criminals are finding more sophisticated ways to access it. As the crown jewels of your organisation, the value of your data extends beyond your borders.
Put simply, there's no point investing in data if it's not secure. Your data will be worthless if it is already accessible in the market. More importantly, the erosion of trust with your customer base in the event of a breach could be fatal.