Data trust pacesetters
Leading organisations don’t just have a data strategy, they have a data trust strategy, says PwC
Companies that are leading the way in building trust in data can serve as models for others looking to improve their ability to extract value from data in a secure and ethical way, according to a new report from PwC.
Today, companies that don’t have a formal process for valuing their data assets are in the minority. Some 72% of more than 3,500 respondents in a survey titled “Digital Trust Insights: Data Trust” said their organisation already had such a process. Of the respondents who have a formal process for assigning value to their data, 37% involve the organisation’s data privacy team consistently. They are the data trust pacesetters.
The one thing data trust pacesetters have in common is their skill at valuing and using data to improve their bottom line. Among pacesetters, 61% have developed plans for using data to make their operations run smarter and faster, compared with just 46% of all companies. As a result, they are three times more likely to see a return on investment (24%) than the rest (7%).
Another way they stand out is how they deal with challenges. As data has multiplied, so have regulations to protect privacy and data. Pacesetters see regulations as an opportunity rather than a roadblock. They can create trust within an organisation and ensure that data is centralised, which encourages collaboration. More than three-quarters of the pacesetters surveyed said regulations help make their business operations run smoother and faster.
PRIVACY MATTERS
The value of customer data — profiles, transactions, preferences and behaviours — is wholly determined by the organisation that owns and uses the data, and will change depending on the context, or what it wants and is able to do with it.
Assigning value to data is an important discipline to master, and having a data privacy team can help. Possession and use of data creates responsibilities, which in turn affect its ultimate value to the organisation.
Many regulations now specify the way data needs to be handled (which adds compliance costs), the limits on the use of data (which reduces commercialisation potential), and the consequences of losing data or allowing it to be breached (which increases risks and associated costs).
The PwC analysis shows pacesetters stand out in five distinct areas:
1. They consistently involve the data privacy team when valuing data. New data-driven solutions bring new vulnerabilities. By incorporating risk management into data development efforts, pacesetters can identify potential problems and help protect against them before catastrophe strikes.
2. They routinely value data. Pacesetters not only effectively assign value to data, they also establish processes to ensure that value is applied consistently across data sets.
3. They adopt leading practices in the ethical use of data. A value-based approach to data also means keeping only the data one needs and eliminating the rest. Pacesetters have defined responsibilities across the organisation to ensure data’s ethical use.
4. They embrace leading practices in data engineering. Pacesetters create design tools that incorporate security and privacy into their systems, products and services. They create comprehensive data maps for risk assessments and controls testing, and they are continually monitoring the changing value of their data and reassessing the appropriate level of protection needed. They also actively oversee thirdparty vendors to ensure they adhere to the required standards for data handling, security and privacy.
5. They form a collaborative team with the authority to act. Pacesetters bring the value creators (from the business side) and value protectors (from the risk, IT and cybersecurity sides) together to develop data policies and practices that meet the needs of customers, employees and regulators, as well as the business.
“Thai organisations are collecting customers’ personal data in a number of ways, specifically for marketing purposes,” said Vilaiporn Taweelappontong, lead consulting partner for PwC Thailand.
“However, it’s concerning that so many of them are still unaware of the need for data privacy measures to protect their customers’ details. This despite the Thai Personal Data Protection Act being enforced starting next May.
“We believe it isn’t too late for organisations to start planning and implementing proper methods for collecting personal data that comply with the law. This will help avoid penalties that will hurt the company’s reputation.
“Additionally, it will build trust with the customer, ensuring their personal data is secure without breaches that lead to any risks or cause damage to clients.”
‘‘
It’s concerning that [many Thai organisations] are still unaware of the need for data privacy measures to protect their customers’ details, despite the Thai Personal Data Protection Act being enforced starting next May. VILAIPORN TAWEELAPPONTONG Lead consulting partner,
PwC Thailand
To download the full report, visit https://pwc. to/DTI