This article was written by Marjorie Freeman.

A data strategy is a plan of action to manage an organization’s data assets across its technology, processes, and people. In practice, that entails understanding how data is generated, where and why it is consumed, and how its use helps organizations achieve strategic objectives.  

On Metis Strategy’s Technovation podcast, Peter High has interviewed many global, digital-forward CIOs about their data strategies. Below are insights from those leaders about how companies can use enterprise data assets to their fullest potential. 

Tie data to business outcomes 

Artificial intelligence has been top of mind for many organizations, even more so in 2023 with the rise of ChatGPT and increased discussion around generative AI. This has prompted a multitude of conversations around AI’s core facet: data, and how it can drive the business forward.

During the February 2023 Metis Strategy Digital Symposium, Krzystof Soltan, the Chief Information Officer of Vulcan Materials Company, and Anupam Khare, the Chief Information Officer of Oshkosh Corporation, shared their experiences building data strategy into complex, scaled organizations

At Oshkosh, Khare leads with the question: “How do we extract financial value from data by bringing people and data together?” The company is working to become what Khare calls a predictable enterprise, using four fundamental principles to guide the journey:

  • Start with a value-first approach. How can leaders leverage a data strategy to extract maximum value from data and clearly measure outcomes? 
  • Engage people at every level. Who is using data analytics at the associate level, the mid-management level, and the executive/board-level, and how can they be aligned? 
  • Create a single, consistent technology stack. While it takes time to align technology across the enterprise, it is important to have a relatively standard set of infrastructure and tools.  
  • Take a use case-centric, bottom-up approach. Oshkosh focused on data and analytics use cases rather than formulating a grand strategy from the top. “Business leaders are saying, ‘these are the six or seven major problems which I want to solve through analytics,’” Khare said.  

For Vulcan Materials, data strategy is linked to the organization’s technology strategy. “It always comes back to business value, the time to value, how fast we are able to provide the insights” Soltan said. Vulcan Materials’ looks to the following principles to guide its data and analytics work:  

  • Speed and time to value. How long does it take to deliver measurable business outcomes? 
  • Ease of access and use of information and data. Is data available in real-time, hourly, daily, monthly? Understand business needs to make strategic decisions about data availability.
  • Get to predictive analytics. While it’s important to use data to understand the past, the company is focused on using data to figure out where it needs to focus to propel the business forward. 
  • Work toward a standard technology stack. “Do we have a standard set of tools, or do we have too many?” Soltan said. “How do we think about that and rationalize it?” 

Both Khare and Soltan’s stories underscore the need to tie data strategy to business value, work toward a common tech stack, and engage people at every level of the organization in the data journey.  

Develop a strong data governance plan

OneDigital, which provides customizable and cost-effective HR solutions to organizations and their workforces, acquires around 30 organizations per year. This is no easy feat, but CIO Marcia Calleja-Matsko strives to create a seamless experience for every organization that is onboarded.

When acquiring a new organization, especially one in a different vertical or industry, it is important to ensure there is a consistent record across multiple platforms, Calleja-Matsko says. Cue the single source of truth, or what she calls the “golden record.” Once that record has been created, it must be maintained.

Over the years, Calleja-Matsko has been working to build OneDigital’s data strategy in three key ways:

  • Focus on data governance. You can have a consistent data record across multiple platforms and the right roles in place to use that data, but successful execution depends on governance: policies and controls to ensure data remains clean and consistent and is handled in a compliant fashion, no matter how or where it’s ingested.
  • Build consistency across platforms. As part of the governance practice, the company’s product teams work to ensure data is consistent across the platforms on which it resides. Good data hygiene helps establish data integrity, as well as greater safety from human error and cyberthreats. 
  • Collaborate to maintain that consistency. New acquisitions means new technologies that need to be integrated into OneDigital’s portfolio and require close collaboration between IT and the rest of the business. Calleja-Matsko works closely with OneDigital’s product chief to support and scale existing technologies while also looking to the future, ensuring consistent data and tooling and the presence of data stewards who can provide ongoing support.

If data is the new oil and speed is the currency of business, then data governance is the link that fuses the two. For more, see Michael Bertha’s commentary: Data Strategy at the Speed of Business.

Drive data literacy across the enterprise 

CIOs play an instrumental role in creating a common language around data and making sure teams across the enterprise have the tools and concepts they need to harness data effectively. To develop this data literacy, many organizations have built enterprise-wide curriculums and training resources.

Monica Caldas, the CIO of Liberty Mutual, which has its own professional development training programs, including one specifically geared toward executives, said it well: 

“Technology is everybody’s responsibility these days in terms of understanding what it can do. Everyone that sits around the table needs to be beyond, ‘How do I click this?’ and [be] somewhat well versed [in topics like] what can an API do, and why does that matter.” 

Many organizations have launched digital academies to train employees on digital skills, including technology and data literacy. In 2019, for example, Toyota launched an academy to knock down the invisible wall often found between IT and the business and give end users greater knowledge of the software they use every day. “The idea was to not just train IT, but everyone across the organization.” said then Chief Innovation, Strategy and Digital Officer, Vipin Gupta. The approach has empowered associates across the business to truly understand how to capitalize on the tools, data, and processes at their disposal. 

Data literacy is also key to enabling citizen development, an approach that encourages those outside IT to contribute to software development, often via low-code/no-code tools. Paired with increased data literacy, this can make it easier for teams across organizations to apply data and analytics to their work and accelerate time to insight.  

Chief Information and Digitization Officer of Reckitt Benckiser Group, Filippo Catalano encourages executives to create opportunities for properly governed self-service data access:

You want to also make sure that, as much as possible, everybody in the company becomes a data scientist. … Get out of the way so you can unleash creativity, empower people everywhere in the organization to do what they need to do on data and analytics, but also to do it on the right platforms so that things are done in a fair way, but also in a safe way. 

CIOs, CDIOs, and CDOs are in incredible positions to influence the change they’d like to see within their organizations. Directly engaging individuals in the company’s data journey through hands-on learning opportunities can not only build knowledge and morale, but also can catalyze new competitive advantages.

Tell a compelling story

Any successful data strategy needs a compelling, ambitious vision and a clear path to success that resonates across an organization. CIOs, then, need skillful storytelling to get buy-in from multiple stakeholders and create forward momentum.

Telling the story effectively means, once again, putting business outcomes front and center. “I can talk all day about ‘hey, you should have data governance and you should think about a data lake or a single view of the customer,’” said Dak Liyanearachchi, Head of Data and Technology at NRG Energy. “All of those are really interesting, but what does it really mean to the organization?”  

One useful move includes thinking about data as an enterprise asset that requires strong partnership across every part of the business. While companies can notch small wins leveraging data within silos, the real benefit comes when that great work logically connects across the organization. 

“If you think about connecting the dots across the value chain, that’s where you start to see some significant business opportunities,” Liyanearachchi said. When that happens, “the value you bring multiplies at a faster rate.”  

In interviews with more than 100 digital and technology leaders on the Technovation podcast in 2022, executives shared the technologies and trends they believe have the potential to deliver significant value to their organizations in the years ahead. For the fourth year in a row, analytics, machine learning/AI, and cloud were the top three trends on executives’ radars.  

A closer inspection of the interviews finds that more analytics use cases are bearing fruit across organizations as teams place greater emphasis on data strategy and governance. Developing solid data foundations enables new capabilities and opens the door for AI and machine learning at scale. We expect to see this focus continue in the year ahead. 

Some new trends also began to emerge this year, including the metaverse and IT’s growing role in environmental sustainability and other ESG initiatives. There is also continued interest in the new ways of working and the tools and practices that will bring them to life. See below for more on the trends that are rising in importance in the year ahead.    

2022 Technovation Tech Trends 

Personalization drives AI use cases in 2022 

Companies across industries are increasingly leveraging machine learning models to make sense of the large amount of data they collect. Today, machine learning capabilities are “not just niche to businesses that try to answer decision support-like type questions that rely on predictability,” said Neal Sample, former CIO of Northwestern Mutual. “Entire industries are being upended by better thinking around data.” What does this better thinking look like? Increasingly, it means leveraging data and analytics capabilities to deliver differentiated products and services for customers.  

Anil Bhatt, Global CIO of Elevance Health (formerly Anthem Inc.), detailed how AI helps deliver better customer experiences through personalization. The symptom triage function in the company’s Sydney Health App, for example, can identify the symptoms a member is experiencing and analyze why they are reaching out for care, helping them receive personalized care more quickly and driving higher member satisfaction.

Similarly, Rite Aid’s Chief Digital and Technology Officer, Justin Mennen, notes that advances in AI and machine learning “are driving a completely different level of personalization.” Through the company’s partnership with Google, Rite Aid is using data and analytics to drive insights for the business and for customers, including tools that help customers choose the right medical products based on where they are in their journey. 

The continued rise of data and analytics capabilities brings with it a continued need for talented team members to drive those initiatives forward. Ashok Srivastava, Intuit’s Chief Data Officer, began the journey to advance AI nearly five years ago by investing in skills development and recruiting. “We built this team of artificial intelligence scientists and engineers and we focused them on what matters most, and that means what is best for the end customer,” he said. One win came from merging data and AI teams. “We could see that that data platform was powering a lot of experiences and as we focused those data platforms on AI and then on analytics, we could see that tremendous benefits were coming out of it.” Some of these benefits included Intuit’s “follow-me-home” approach to personal finance, in which AI models use data to understand how the customer is using the product, automatically categorize customer transactions, and provide insights to the customer about their financial health. 

Check out our compilation of other technology leaders on Technovation with Peter High speaking about how their organizations are using artificial intelligence:

Digital twin, AR, and VR technologies begin to converge as interest in the metaverse rises 

A new trend that has intrigued (and puzzled) some technology executives is the metaverse. The concept has been around for a while (see Neal Stephenson’s 1992 novel Snow Crash and the virtual world of the Wachowski sisters’ 1999 film The Matrix), but only recently has it emerged in a business context. Today, we see executives largely focused on the adoption of digital twins and augmented/virtual reality tools – two technologies often associated with the metaverse – for use cases ranging from product development to employee training.  

Susan Doniz, Chief Information Officer of Boeing, says the company sees benefits of digital twin technology, noting that the combination of physical and digital worlds allows the company to efficiently iterate on new designs, to “fly the airplane thousands of times before we really fly it, and build it thousands of times before we really build it.” At Raytheon, Chief Digital Officer and SVP for Enterprise Services Vince Campisi and his team are using digital simulations of factories to optimize facility usage.  

Technology leaders recognize the need to stay up to date on emerging metaverse-related technologies, from digital twins to AR/VR and Web3. “Not all of it is always relevant in the moment, but if you don’t start to get yourself up to speed and know where the opportunities lie, then I think you find yourself at the tail end,” said Cindy Hoots, Chief Digital Officer and Chief Information Officer of AstraZeneca. Her team invested in an experience-based group at AstraZeneca called ‘XR’. “Whether it’s the virtual reality or augmented reality team, we’ve got our own metaverse environment looking at how digital twins that we already have play into that, and just trying to build up some internal muscle on some of these trends.”

The metaverse, whatever form it may take, also creates new opportunities for collaboration and culture building, particularly in hybrid environments in which many work remotely.   Likening the impact of the metaverse to that of ‘dilithium crystals’, the material used in the Star Trek universe to power warp-speed faster-than-light space travel, Cummins CIO Earl Newsome said the technology can act as a “transporter” of sorts, bringing people together from across the world. “I think we’re going to be able to leverage the metaverse to do some of that,” he explained, “especially when the metaverse gets to be really mixed reality.”

Cybersecurity threats grow more sophisticated 

Perhaps unsurprisingly, cybersecurity remained top of mind for business technology leaders in 2022. As attacks grow more prevalent and sophisticated, CIOs continue to focus on mitigating risk and building a culture of cybersecurity awareness across their organizations.

At Cummins, Earl Newsome is training his team to minimize the number of preventable cyberattacks through the CyberSMART program, which equips “cyber soldiers” with the tools needed to sniff out phishing schemes, be more aware of their surroundings, and improve password management. “The issue is either on two legs or two wires,” Earl joked. “The two legs issue is the one that we need to focus on because 82% of all cybersecurity issues have a human element in them.”

The other 18% of cyberattacks may pose trickier to prevent, but CIOs are looking to new technologies and tools to help identify when attacks are occurring and mitigate the risk of exposure. Mike Feliton, CIO of Crocs, sees an opportunity with machine learning and RPA to quickly detect when an attack is occurring. “Noticing when a brute force attack is hitting your organization and being able to shut that down before any of your employees have to get engaged is essential because we can cut it off before anything starts to explode.”

More sophisticated attacks are likely to trouble some companies as computational capabilities advance. As research and development in quantum computing evolves, it is time for organizations to plan for post-quantum cryptography, said Kevin Stine, Chief of the Applied Cybersecurity Division at the National Institute of Standards and Technology’s (NIST) Information Technology Laboratory. With the rise of quantum computers, even the most secure systems today could be at serious risk of being breached without new forms of protection. 

Yet while quantum computers create the risk of more advanced cyberattacks, they also offer the benefit of more advanced cybersecurity measures. Sangy Vatsa, Global Chief Technology & Digital Officer of FIS, is excited about the possibilities quantum can bring to the cybersecurity landscape. 

Sustainability becomes a key consideration when building technology

While not a “tech trend” we have typically tracked across podcast episodes, sustainability appeared much more frequently this year as executives contemplated IT’s role in contributing to enterprise ESG initiatives

Consumers are now, more than ever, concerned with how a company is addressing these issues, particularly in the energy sector. “Customers are paying attention to what companies are doing […] in terms of sustainability,” said Dak Liyanearachchi, Head of Data and Technology at NRG Energy. He noted “the decarbonization of our economy” as a trend that stands out. 

“It really doesn’t matter what you think about climate change and sustainability, you are going to deal with it,” said Edward Wagoner, CIO of Digital at JLL. For technology leaders, the focus is on how best to do it. To name one example, Edward noted opportunities organizations have to use IoT and sensor technology to measure water and energy usage and reduce waste. 

Companies are pursuing other technology-led sustainability solutions. Earlier this year, Frank Cassulo, Chief Digital Officer at Chevron, discussed Chevron New Energies, a business unit launched late last year that aims to produce low-carbon solutions (e.g. hydrogen) and reduce carbon emissions for both customers and internal operations. “We’re really looking at where we have competitive advantages and how we can help accelerate that energy transition,” he said. “It’s exciting for us to both think about how we continuously improve delivering the products today, but also transitioning to a lower carbon future that we’re going to play a large part in.”

While the energy industry is put under the microscope when it comes to sustainability, it certainly isn’t the only industry that is looking at lowering carbon emissions. Avery Dennison CIO Nick Colisto has been the primary driver of sustainability both within IT and within the business. In his view, IT is uniquely positioned to be a driver of sustainability at a company. “We incorporated [sustainability] as one of our strategic priorities in IT,” Nick said. “It’s essentially about innovation in building products that satisfy recycling, composting, and reuse of single-use consumer packaging and apparel in our products and in our solutions.”

At Avery Dennison, a low-code technology system called AD Circular makes it easier for customers to recycle used paper and filmic label liners across Europe. The company also introduced, a cloud platform that uses connected-product technology to track products through the value chain.

Trends likely to rise in 2023: 5G, voice, new ways of working

In addition to the topics noted above, other trends show signs of gaining traction in 2023:

  • 5G and quantum computing: With 5G already rolled out and eyes shifting toward the theoretical “6G”, executives are excited about the ability to not only rapidly transmit data but also rapidly compute. “Quantum computing is just around the corner, so they say,” quips Diogo Rau, Chief Information and Digital Officer of Eli Lilly. “If it does come at some point, it will be an absolute breakthrough for everything.”
  • Chatbots and voice assistants: “Why don’t we talk to our computers?” asked Kevin Vasconi, Chief Information Officer of Wendy’s, in a recent interview. “At Wendy’s, when we think about voice AI, we do think about very specific applications like voice AI in the drive-through… if it’s got a chip in it, we’re willing to go see if we can make voice work on it.”
  • Hybrid and remote collaboration: The future of work has been an ongoing discussion for organizations across industries. Some companies have embraced a completely remote model or a completely on-premise one, with most somewhere in between. “This back-to-work thing has made things like meetings that are half in person, half remote, really challenging,” said Greg Meyers, Chief Digital and Technology Officer of Bristol Myers Squibb (BMS). We expect the topic to remain top of mind for technology leaders in the year ahead as they pilot technologies that enable more efficient, productive, and creative ways of working.

Stay tuned to Technovation in 2023 for more discussions about the transformative technologies driving organizations forward.

As the business world adapts to an era of hybrid work, companies are learning how to effectively foster collaboration across remote and in-office teams. To operate effectively in this new reality, teams must develop creative ways to bring new thinking to life when colleagues are spread across the country, or even the world. Fostering that collaboration is critical to ensuring firms can act in a nimble fashion, able to seize new opportunities and stave off potential threats as they arise.

Metis Strategy frequently uses design sprints as a way to foster collaboration and idea generation among teams. Traditionally, design sprints occur in person. Several people get together in the same conference space to map customer journeys, illustrate design concepts, and paste Post-It notes around a large whiteboard to generate new ideas. In a remote or hybrid setting, however, not everyone is physically in the conference room, making it tougher to quickly sketch a concept or add an idea to the board.

The Metis Strategy team has found that effectively conducting a remote design sprint requires a different approach and a new set of skills to ensure the exercise runs smoothly. For a recent client engagement, our team built and facilitated a five-day, fully remote design sprint. We brought together employees from across the US to develop a tangible solution to a challenge facing the team. Each day was designed to get the team thinking creatively and engaging with the problem at hand, including understanding the challenge, deciding on long-term goals, and mapping user experience, and prototyping a solution that could be tested on a target audience. In this instance, virtual whiteboarding tools (we used Miro) became a critical for facilitating a successful sprint.  

Below are a few takeaways from our experience that can help teams that are conducting their own remote or hybrid design sprints:

  • Focus on facilitators. We recommend each remote or hybrid design sprint includes at least two facilitators. The primary facilitator is responsible for running the sprint while the secondary facilitator operates the virtual whiteboard and answers any technology-related questions. The second facilitator may also help the team highlight critical ideas from the conversation, group ideas into future discussion topics, and troubleshoot other challenges that may arise during the session.
  • Become an expert in virtual whiteboarding tools: In a remote design sprint, a well-run virtual whiteboard is critical. No matter which tool a team decides to use, facilitators should be fluent with the technology, including knowing some shortcuts and best practices that can help the session run more smoothly. That in-depth knowledge also allows facilitators to quickly address any technical challenges that may arise during the session while ensuring the core team can remain focused and engaged in the task at hand.
  • Double down on organization and documentation. As facilitators, it is important to keep track of the ideas the team generates throughout the design sprint process. Often, points made early in the sprint become critical pieces of information during future exercises. This is one area where virtual tools have a slight edge over their physical counterparts. Digital whiteboards allow facilitators to easily manage, sort, and store idea lists, mind maps and virtual Post-It notes from any point in the design sprint, making it easier for teams to reference and build upon earlier work. Virtual whiteboards also allow each member of the team to have a copy of the materials that they can reference down the road.
Whiteboarding tools like Miro can be used to facilitate design sprints with remote teams. Source: Miro

While a remote design sprint doesn’t deliver the same experience as an in-person session might, we found it to be an effective framework for collaboration and idea generation. As hybrid work takes hold at many companies, we expect sprint facilitators and their teams to be increasingly fluent with virtual whiteboarding tools as they manage collaboration across virtual and in-person settings.

Mac Connolly, Tiffany Jenkins, Nick Reasner, Yucca Reinecke, and Matthew Schmidt contributed to this article.

The COVID-19 pandemic spurred a wave of digital acceleration, drove a rapid shift to remote work, and underscored the critical nature of business continuity and resilience. As companies continue marching toward a new version of normal, technology leaders find themselves balancing a mandate to drive digital transformation efforts forward while enabling teams to thrive in a new world of work. 

In the coming weeks, Metis Strategy will share its perspectives on five areas where CIOs are focused in the new year. Building on conversations with hundreds of technology executives in recent months, this series will highlight strategies and tactics to help organizations win during times of uncertainty and emerge from the crisis stronger than before.

Sustaining digital acceleration 

COVID-19 will go down in history as a great digital catalyst. More than 70% of attendees at the Metis Strategy Digital Symposium noted that their digital transformation efforts accelerated as a result of the pandemic, with 42% noting a significant acceleration. Crisis response generated a boost in productivity and innovation at many firms as they experimented with new business models and transitioned to remote work forces. As we look to the year ahead, companies are figuring out how to sustain those efforts while navigating an uncertain economic landscape and adapting to new ways of working. 

This article will explore examples of pandemic-driven digital acceleration and discuss the ways in which firms that maintain investment in digital capabilities can emerge from the crisis in a position of strength.  

Scaling data and analytics capabilities across the enterprise 

In recent months, firms have expressed growing demand for a strategy that guides management and structure of data at enterprise scale. At Metis Strategy’s October conference, 25% of attendees said they were implementing a version of their data strategy, while 64% noted they were developing a strategy. Many executives we speak with say they are working to move beyond traditional descriptive analytics and toward predictive or cognitive capabilities that can further optimize decision making and automate business processes.

Getting to that stage requires a holistic view that ties data to business strategy, and requires a number of changes that impact people, processes, and technologies inside an organization. This article will explore how to assess your company’s data maturity and readiness to manage data and metadata at scale, and share critical first steps to crafting an effective data strategy.

Accelerating the shift to cloud 

Many companies have long been on a journey to the cloud, but the pandemic has sped up the process significantly. A major driver of cloud adoption is increased agility, which allows firms to pivot and respond quickly in the face of tremendous change, a critical asset as firms navigate the pandemic and improve their competitive positioning. Indeed, some companies now are embracing a cloud-first mentality to better compete with cloud-native firms. Research firm IDC also identified the shift to the cloud as the number one technology trend for 2021, noting that by the end of 2021, “80% of enterprises will put a mechanism in place to shift to cloud-centric infrastructure and applications twice as fast as before the pandemic.”

Yet for all the benefits cloud can provide, the journey is not a simple one and it continues to grow in complexity. This article will explore the primary benefits and key risks posed by cloud and discuss best practices for driving enterprise adoption.

Managing a safe return to the office while learning to work as ‘hybrid’ teams

Read the article.

Prior to the pandemic, the phrase “hybrid workforce” usually referred to companies with a handful of fully-remote employees and a somewhat flexible work from home policy.  Now that roughly 40% of the working population has been working remotely full time, however, that definition has changed. Even after a vaccine is released and widely distributed, the world of work will not look the same as it did in February 2020. A Gartner survey finds that 82% of company leaders will allow their workforce to work remotely at least some of the time as employees return to the workplace, with 47% reporting that they would let employees work remotely full-time. Furthermore, employees say they want more flexibility in the post-pandemic working world. 

This article will discuss specific steps companies can take to create outstanding employee experiences and sustain employee engagement in a new world of work. It will also explore the new tools and technologies that will enable teams to collaborate effectively in a hybrid environment and share key considerations for CIOs implementing these technologies across their organizations.

Navigating an increasingly complex cybersecurity landscape

Cybersecurity has always been a priority for technology leaders, but increasingly sophisticated hackers and a broad shift to remote work has introduced security concerns on a much larger scale. On a recent episode of the Technovation podcast, Lenovo CISO and Motorola Mobile Business Group CIO Jason Ruger said the pandemic has spurred a 3X increase in cyberattacks against the company. As recently as a few weeks ago, news emerged of a monthslong cyberattack that hit a number of U.S. federal agencies and some of the world’s largest businesses, prompting greater scrutiny of software supply chains as organizations race to determine the extent of the fallout.  

In this piece,we will address the new cybersecurity concerns that leaders have been forced to confront as more employees work from home and the security landscape becomes more complex. We will also provide a framework that allows leaders to assess their overall cybersecurity maturity and chart a path forward. 

Chris Davis co-authored this article.

Companies continue to face implementation challenges as they rush  to comply with data privacy regulations such as Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This is due largely to a mismatch between their management of data and the stringent requirements set by the regulations.

Organizations can address the complexities of privacy regulations via a well-defined data governance framework, which leverages people, processes and technologies to establish standards for data access, management and use. Such a framework also enables companies to address elements of privacy, including identity and access management, consent management and policy definition.

As leaders implement data governance models with privacy in mind, they may face challenges, including lukewarm executive buy-in, lack of a cohesive data strategy, or diverging opinions about how data should be used and handled. To address these obstacles, leaders should consider the following actions:

  • Establish cross-functional data ownership and awareness
  • Streamline data policies and procedures
  • Upgrade technology and infrastructure 

Establish cross-functional data ownership and awareness 

While a Chief Data Officer or CIO may lead the implementation of a data governance framework or model, data governance should be a shared responsibility across a company.  At a minimum, the IT department, privacy office, security organization, and various business divisions should be involved, as each has an important stake in data management. Bringing in a variety of stakeholders early allows firms to establish key data objectives and a broader data governance vision. This collaboration can take the form of a dedicated task force or may involve regular reporting on data governance and privacy objectives to the executive board.

Data privacy, similarly, is also a shared responsibility. All employees have a part to play in maintaining data privacy by following accepted standards for data collection, use and sharing. Indeed, implementing a successful data governance model with privacy in mind requires educating employees on governance concepts, roles and responsibilities, as well as data privacy concepts and regulations (e.g. the definition of “personal information” vs. “consumer information”).

After establishing a governance vision and driving employee awareness, organizations can define their desired data governance roles – such as data owners, data stewards, data architects and data consumers – and tailor the roles to their needs. Some companies may distinguish between data stewards and data owners, for example, with the former responsible for executing daily data operations and the latter responsible for data policy definition. For one client with a large and complex IT department, Metis Strategy established a governance hierarchy with an executive-level board, combined data steward/owner roles, and other positions (e.g. data quality custodians). This structure facilitated ease of communication and enabled the client to scale its data management practices. 

In the long term, firms should incorporate data governance and management skills into their talent strategy and workforce planning. Given the expertise required and the shortage of qualified people for some data-intensive roles, organizations can consider enlisting the help of talent-sourcing firms while focusing internal efforts on talent retention and upskilling. As companies’ strategic goals and regulatory requirements change, they should remain flexible in adjusting their data governance roles and ownership.

Streamline data policies and procedures

To respond adequately to consumer privacy-related requests for data, organizations should establish standardized procedures and policies across the data lifecycle. This will allow companies to understand what data they collect, use and share, and how those practices relate to consumers. 

For example, the CCPA provides consumers with the right to opt out of having their personal information sold to third parties. If a retailer needed to comply with such a request, it would need to be able to answer questions in the following categories:

  • Data classification: What data elements pertaining to the consumer does the company have, such as address, credit card information or product preferences? Has the company classified these data elements appropriately, if at all?
  • Data lineage: Where did the customer’s data originate and what happens to that data across its lifecycle? For example, does the company only share the customer’s data internally, or does it share the data with marketing and payment vendors to facilitate transactions or personalized ad campaigns?
  • Data collection and acceptable use: How does the company currently collect data from the consumer? Does the company have the appropriate consent from the consumer to collect and process their data? If the company shares the customer’s data with external parties, are there appropriate data sharing agreements with those parties in place? 

Establishing policies and standards for the above can help organizations quickly determine the actions needed to respond to customer requests under privacy regulations. Companies should communicate policies widely and ensure that they are being followed, as failing to do so can propagate the use of inconsistent templates and practices. At one Metis Strategy client, for example, few stakeholders had sufficient awareness of data management and access standards, despite the fact that the client’s IT department had established extensive policies around them.

Consider technology and infrastructure upgrades

To successfully implement data governance frameworks and ensure privacy compliance, firms may also need to address challenges posed by legacy infrastructure and technical debt. For example, data often is stored in silos throughout an organization, making it difficult to appropriately identify the source of any data privacy issues and promptly respond to consumers or regulatory authorities.

Firms also need to evaluate the security and privacy risks posed by outsourced cloud services, such as cloud-based data lakes. Those using multiple cloud providers may want to streamline their data sharing agreements to create consistency across vendors.

Some technologies can help companies leverage customer data while mitigating privacy risks. In a Metis Strategy interview, Greg Sullivan, CIO of Carnival Corporation, noted that data virtualization enhanced his organization’s analytics capabilities, drove down operational and computing costs and reduced the company’s exposure to potential security and privacy gaps. 

Companies can also consider new privacy compliance technologies, which can enhance data governance through increased visibility and transparency. Data discovery tools use advanced analytics to identify data elements that could be deemed sensitive, for instance, while data flow mapping tools help companies understand how and where data moves both internally and externally. These tools can be used to help organizations determine the level of protection required for their most critical data elements and facilitate responses to consumer requests under GDPR and CCPA. 

Although legacy technology overhauls can be time-consuming and costly, firms that are decisive about doing so can reduce their privacy and security risks while avoiding other challenges related to technical debt.

Creating an adaptable model 

 As the global data privacy landscape evolves, organizations should continuously adapt their data governance models. Companies should proactively address their obligations by designing data governance roles, processes, policies, and technology with privacy in mind, rather than reacting to current and forthcoming privacy legislation. Companies doing so can not only improve risk and reputational management, but also encourage greater transparency and data-driven decision-making across their organizations.