Making the case for a 'broad scope' chief data officer
Information exists is all forms, spread across organizations, and available throughout the marketplace. Forward-looking organizations are identifying and categorizing information assets with a view to leveraging it - perhaps by enhancing existing products and services, by creating net-new revenue opportunities, optimizing business or financial operations, or to more effectively manage risk.
Like with any asset, and as a responsible business person, the chief data officer (CDO) establishes the vision and goals for information use, and implements strategies to achieve that vision - whether they are monetization, product/service-enhancement or business optimization. As a responsible steward, the CDO governs the information through its lifecycle, and manages risk in a way proportional to the threats, and in consideration of the value of the asset and stakeholder expectations.
Handling techniques are aligned with the nature of the information and take into account the way the business wants to use information:
Depending on how the information is stored, transmitted and processed, threats and vulnerabilities may run the gamut of cyber - from traditional hacking all the way to sophisticated industrial espionage schemes - as well as non-technology based threats, such as physical loss, destruction or theft.
Depending on the nature of the information, it may be subject to a variety of obligations - contractual, GDPR, PCI, HIPAA/HITECH, GLBA, client expectations, etc., many of which include principles-based and/or prescriptive handling requirements, with a wide range of legal, financial, and/or brand damage consequences in the event information is mishandled, lost or breached.
So taking a step back, we're describing a business environment where:
- The market is demanding a greater degree of data use,
- Data science is providing ever expanding opportunities, and
- The range of vulnerabilities/threats/obligations are more complex than ever. Everyone seems to be focusing on information, and the opportunities and stakes are huge. Responsible organizations wanting to lead their industries will exploit information assets, meet compliance obligations and manage risks proportionally - and as a result, derive value.
Role of CDO
It is difficult to see how to manage information in a balanced way in a traditional organizational structure where the revenue/leverage focus of information is separate from the protection focus, which is further separate from compliance focus. It would seem unrealistic to expect to be fast-moving, nimble, risk-aware and compliant, if data leverage, protection and compliance are all managed in parallel organizations, often with different success criteria and subject to different measurements.
Organizationally, this suggests building the Office of the CDO by pulling together:
- Data vision and strategy: interfacing with senior and business-line leadership, establishing a vision for data use, and defining the strategy to achieve the vision;
- Data Governance and Management: designing, building and operating processes and controls for handling information throughout its lifecycle;
- Obligations compliance: monitoring and respecting the rules and expectations; and Information protection: understanding threats and vulnerabilities, and ensuring they are addressed in a proportional way.
Among business trends, information leverage is seen as having the highest potential to deliver maximum value back to organizations. To derive that ROI, the CDO needs to have the organizational authority to influence and/or drive activity across the enterprise, whether it’s to enable existing product lines’ information ambitions, or to cut through organizational politics and roadblocks. To achieve that they need to report to the highest levels of the organization, accountable to the management committee and Board.
This model has a host of advantages:
- It enables senior-level visibility and buy-in for information-related initiatives,
- It focuses talent on exploiting and managing a critical corporate asset as a primary objective,
- It forces the protection efforts to operate in a way that’s proportional to the value of the assets being protected, and the risks to which they’re exposed,
- It aligns compliance to the way an enterprise wants to use information, and the relevant aspects of the obligations,
- It raises the profile and creates focused awareness around the information assets,
- It provides for career opportunity and satisfaction for the participants, because they are more closely exposed to the revenue cycle of their employer, and
- It aligns investments more closely with objectives and return.
Information is increasingly viewed as the new natural resource. It presents opportunities that can be exploited along with risks that can be managed. And the pace of change is increasing. Organizations should lay the groundwork now to position themselves for the new Information Age.