Check out highlights from the 2024 Metis Strategy Summit | Read more

Personalized customer experiences, automated business operations, and data science-driven insights all depend on the quality and volume of your data. That’s why your data privacy strategy must be more than a policy on ethics.

This article was originally published on CIO.com by Chris Davis, Partner at Metis Strategy and Elizabeth Tse, Associate at Metis Strategy.

Companies continue to face implementation challenges as they rush to comply with data privacy regulations such as Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This is due largely to a mismatch between their management of data and the stringent requirements set by the regulations.

Organizations can address the complexities of privacy regulations via a well-defined data governance framework, which leverages people, processes and technologies to establish standards for data access, management and use. Such a framework also enables companies to address elements of privacy, including identity and access management, consent management and policy definition.

As leaders implement data governance models with privacy in mind, they may face challenges, including lukewarm executive buy-in, lack of a cohesive data strategy, or diverging opinions about how data should be used and handled. To address these obstacles, leaders should consider the following actions: 

  1. Establish cross-functional data ownership and awareness
  2. Streamline data policies and procedures
  3. Upgrade technology and infrastructure

Establish cross-functional data ownership and awareness 

While a Chief Data Officer or CIO may lead the implementation of a data governance framework or model, data governance should be a shared responsibility across a company.  At a minimum, the IT department, privacy office, security organization, and various business divisions should be involved, as each has an important stake in data management. Bringing in a variety of stakeholders early allows firms to establish key data objectives and a broader data governance vision. This collaboration can take the form of a dedicated task force or may involve regular reporting on data governance and privacy objectives to the executive board.

Data privacy, similarly, is also a shared responsibility. All employees have a part to play in maintaining data privacy by following accepted standards for data collection, use and sharing. Indeed, implementing a successful data governance model with privacy in mind requires educating employees on governance concepts, roles and responsibilities, as well as data privacy concepts and regulations (e.g. the definition of “personal information” vs. “consumer information”).

After establishing a governance vision and driving employee awareness, organizations can define their desired data governance roles – such as data owners, data stewards, data architects and data consumers – and tailor the roles to their needs. Some companies may distinguish between data stewards and data owners, for example, with the former responsible for executing daily data operations and the latter responsible for data policy definition. For one client with a large and complex IT department, Metis Strategy established a governance hierarchy with an executive-level board, combined data steward/owner roles, and other positions (e.g. data quality custodians). This structure facilitated ease of communication and enabled the client to scale its data management practices. 

In the long term, firms should incorporate data governance and management skills into their talent strategy and workforce planning. Given the expertise required and the shortage of qualified people for some data-intensive roles, organizations can consider enlisting the help of talent-sourcing firms while focusing internal efforts on talent retention and upskilling. As companies’ strategic goals and regulatory requirements change, they should remain flexible in adjusting their data governance roles and ownership. 

Streamline data policies and procedures

To respond adequately to consumer privacy-related requests for data, organizations should establish standardized procedures and policies across the data lifecycle. This will allow companies to understand what data they collect, use and share, and how those practices relate to consumers. 

For example, the CCPA provides consumers with the right to opt out of having their personal information sold to third parties. If a retailer needed to comply with such a request, it would need to be able to answer questions in the following categories:

Establishing policies and standards for the above can help organizations quickly determine the actions needed to respond to customer requests under privacy regulations. Companies should communicate policies widely and ensure that they are being followed, as failing to do so can propagate the use of inconsistent templates and practices. At one Metis Strategy client, for example, few stakeholders had sufficient awareness of data management and access standards, despite the fact that the client’s IT department had established extensive policies around them.

Consider technology and infrastructure upgrades

To successfully implement data governance frameworks and ensure privacy compliance, firms may also need to address challenges posed by legacy infrastructure and technical debt. For example, data often is stored in silos throughout an organization, making it difficult to appropriately identify the source of any data privacy issues and promptly respond to consumers or regulatory authorities.

Firms also need to evaluate the security and privacy risks posed by outsourced cloud services, such as cloud-based data lakes. Those using multiple cloud providers may want to streamline their data sharing agreements to create consistency across vendors.

Some technologies can help companies leverage customer data while mitigating privacy risks. In a Metis Strategy interview, Greg Sullivan, CIO of Carnival Corporation, noted that data virtualization enhanced his organization’s analytics capabilities, drove down operational and computing costs and reduced the company’s exposure to potential security and privacy gaps. 

Companies can also consider new privacy compliance technologies, which can enhance data governance through increased visibility and transparency. Data discovery tools use advanced analytics to identify data elements that could be deemed sensitive, for instance, while data flow mapping tools help companies understand how and where data moves both internally and externally. These tools can be used to help organizations determine the level of protection required for their most critical data elements and facilitate responses to consumer requests under GDPR and CCPA. 

Although legacy technology overhauls can be time-consuming and costly, firms that are decisive about doing so can reduce their privacy and security risks while avoiding other challenges related to technical debt.

Creating an adaptable model 

As the global data privacy landscape evolves, organizations should continuously adapt their data governance models. Companies should proactively address their obligations by designing data governance roles, processes, policies, and technology with privacy in mind, rather than reacting to current and forthcoming privacy legislation. Companies doing so can not only improve risk and reputational management, but also encourage greater transparency and data-driven decision-making across their organizations.

This article was written by Rana Abbaszadeh, a Senior Associate in Metis Strategy’s West Coast Office

As companies look for ways to harness data and AI to deliver on business outcomes, they first need to develop the foundational governance capability that enables them to do so effectively. Data governance requires significant time and resource investment, to be sure, but it ultimately enables organizations to realize the long-term value from their AI and analytics initiatives. 

At a high level, data governance refers to the development and management of information about an organization’s data. It includes maintaining a catalog of a company’s data from lineage to definition and utilization. When done well, data governance creates a single source of truth that can be used to unlock trusted insights, inform strategic decision making, and enable personalization at scale.  

Companies that implement data governance can:

Metis Strategy takes a strategic approach to data governance and recommends that organizations start with the data that drives significant value. For example, a retail company could focus first on the governance of customer and product data, as this information is core to the company’s growth. Focusing on high-value data helps generate buy-in from key stakeholders and builds momentum for governance initiatives. After that, organizations can turn to other data until governance becomes embedded into the company culture. 

This article will outline how to develop a data governance program within your organization, including the different roles and stakeholders involved.

Identifying governance opportunities

Using the Metis Strategy methodology, organizations can quickly realize value while improving overall data maturity. We recommend developing a cross-functional steering committee consisting of senior leaders across business and technology units who will guide the governance process. The steering committee is responsible for setting strategy, direction, and prioritization for the data governance program.

The committee’s primary responsibilities include: 

In addition to the responsibilities above, the committee also will evaluate the business case for specific initiatives, approve funding and resource requests, and guide program adoption throughout the enterprise.

Building the Governance Council

In addition to the steering committee, the data governance program should include a governance council that will scope, document, and monitor data assets and lead governance operations. The council should consist of individuals across different business units to provide varied perspectives across domains. Members take on roles such as data owner, steward and custodian to ensure accurate data sets for their respective business units. A high-level overview of this is shown below.

The Data Governance Council consists of several roles with varying responsibilities. Metis Strategy recommends the council have at least the following three roles:

Business unit end users

Business unit end users will have access to trusted data based on their business unit needs and role requirements. They will collaborate with the business data owners to ensure maximum utility of the enterprise data.

Conclusion

Data governance is critical to ensuring the success of strategic data projects across any organization. Having the right structures in place will enable a faster return on investment and allow the governance capability to scale throughout the organization. As more high-value use cases come to life, analytics and AI teams will be empowered to use trusted data to improve business performance, enhance the customer experience and improve operational efficiency.

Companies have had great success in initial governance efforts, unlocking the utilization of customer and product data to help drive product design and improve sales outcomes. For example, after developing a governance program around its consumer and product data, one retailer improved the personalization of a merchandising ad unit by 17% through an enhanced understanding of user engagement and behavioral patterns. Success in this area helped the company make the business case for future analytics and AI use cases. In this case, a strong data governance capability built confidence and momentum for the organization as it continued to scale its analytics efforts. 

To learn more about developing a robust data governance program, please contact us at information@metisstrategy.com

Sastry Durvasula has an unusual title and remit at TIAA. As Chief Information and Client Services Officer of the Fortune 100 company, with more than $1.2 trillion in assets under management, he manages global technology and client services, including all the front office, middle office, back office functions and shared services of the firm that serve the company’s clients. Thus, Durvasula and team build solutions on the technology side that are used by colleagues on the other sides of his organization that serve the clients across the businesses, including retirement, asset management and wealth management. This responsibility gives him an opportunity to see the positive impact of his team’s work first-hand. The clients represent four constituent groups:

Therefore, Durvasula and his team support customers that include business-to-business, business-to-consumer, and business-to-business-to-consumer models. There is a fintech ecosystem that he helps bring to life: RetireTech, focused on building solutions for retirement participants on the accumulation side, and SilverTech, focused on the decumulating side. Managing through the complexity of different constituent groups, representing different generations together with a century old company that has forged contracts across decades is extremely complex. “The mission statement for my organization is ‘Power the business’ strategic shifts, fuel the innovation, while transforming the core,’” he noted. “The transforming of the core is as important and complex as fueling innovation and powering it. These strategic shifts enable us to provide lifetime income, delighting our clients and strengthening how we operate.”

Given TIAA’s size and breadth of offerings, Global Technology is divided up to reflect that breadth. “We have the unit CIOs that face off to the CEOs across our primary businesses in retirement, asset management and wealth management. Same thing with our client services side of the house where our client services officers are serving these specific business units, ” Durvasula explained. “Then we have global technology shared services like information security, data, AI, infrastructure and architecture, as well as shared client services like fraud and financial crimes management, serving all business units and affiliates. That’s my organizational grid. We have verticals and horizontals.”

Guiding these teams is a six-pillar strategy:

Durvasula notes that client-obsessed products and services refers to products both on the technology side as well as on the client services side of his responsibilities. “Whether it’s 403(b) solutions and products in the Higher Ed and Healthcare markets, or on the 401(k) side that we are getting very active on from a retirement perspective, as well as wealth management and asset management and so forth; that’s where we are focused on building those next-generation products and services,” he offered.

Digital first refers to modernizing a heritage company for the digital age, building the next generation of digital platforms, and providing solutions and client experiences, working closely with the company’s chief digital and client experience officer, Jessica Austin Barker.

To bring to life the integrated data and AI strategy pillar, Durvasula hired a chief data and AI officer, Swatee Singh, who’s focuses on that, to build the next generation of the data foundation and providing AI solutions to create those experiences for plan sponsors and participants.

Building the talent and culture needed to operate effectively includes key hires, like the ones noted already, but also creating a learning culture that strives to build the skills that will bring to life the digital vision he has articulated.

The best-of-breed ecosystem helps rethink the mix of buy versus build versus partners decisions across the technology landscape. “We want to build for differentiation, but we also want to buy and partner for parity,” Durvasula noted. “While I do that, obviously I have to uplift the technology ecosystem which is a big job for our teams.”

Finally, like all CIOs, he must do all the above while being secure by design and be on top of the regulatory and compliance demands. Given the emergence of numerous cyber threats, he must remain vigilant to ensure that the most valuable asset: the company’s data, does not get into the wrong hands.

Durvasula lingered a bit longer on the data piece, given the sanctity of sound data practices in a company that is awash in data. “The advantage we have is, because we have been at this for a long time and we are a highly regulated firm, we do have a number of data assets that actually are within the firewalls of TIAA that we can capitalize on,” he said. “How do we bring all the data from our global data assets and build that platform? While we do that, obviously we want to be cloud-first as we do.” Durvasula and team focus on leveraging open-source tools wherever possible. They have also focused on developing what he referred to as “killer use cases” that are powered by AI for each of the aforementioned constituent groups that TIAA serves. “As an example, we forged a strategic partnership with Google AI that we are now actively deploying solutions starting with our client services area,” he said. “It’s made it easy to deploy at scale.”

Additionally, Durvasula and team use conversational AI solutions to minimize client wait times. He believes this is a major customer enhancement, removing friction from their experience. Many of these new solutions are conceived in TIAA’s client tech labs, which leverage a multi-cloud/hybrid cloud environment to pilot ideas, work with clients to co-innovate and test beta versions of solutions, course correcting some to optimize them while canceling others that prove to be of insufficient value for customers. For those that go into production, Durvasula and team proceed with greater confidence.

Durvasula and TIAA more generally work closely with universities as strategic partners. “We want to have a different level of engagement and conversation with [universities],” he noted. “As an example, we have a partnership with NYU where we have launched programs, and we have over 70 cyber graduates that are going to be graduating from NYU – employees of our own – who are going through this coursework. We have something similar at [the University of North Carolina], but we also have a robust internship program. As an example, at the client tech labs that I mentioned earlier, we’ve had over one hundred interns actively hacking in our client tech labs and coming up with solutions. Some of them are winners of our hackathons and have opted to continue with us during their semesters as well. That’s is representative of the strategic advantage we have to build [a strong] talent pipeline.” By giving interns interesting work, the program has proven to be a rich source of full time recruits. This has developed a solid, long-term talent pipeline for the tech and digital team.

The connection with students and professors at universities are critical for the company given its history in the industry. (TIAA is an acronym for Teachers Insurance and Annuity Association of America.) “When it comes to client co-innovation on emerging technology and research projects with faculty and their students because that’s what we do for our business,” Durvasula offered. “With client advisory councils that we have, we open doors for our clients where faculty and students can come and conduct research with us and partner with us on a number of ideas. That’s exciting because it not only adds more talent to our pipeline, but it also opens the dialogue with our clients in a differentiated way for impact.”

Finally, Durvasula has taken a much longer-term view in the development of female talent in technology by serving on the board of Girls in Tech, a global nonprofit organization dedicated to eliminating the gender gap in tech. “I’ve had the opportunity to learn and benefit from the wisdom of the board as well as the founder, Adriana Gascoigne, who started this several years ago with a few thousand people in the West Coast,” said Durvasula. “Now, it has grown almost 100,000 members across 50 different countries. I’ve had the privilege to work with Adriana and the leadership team and the broader chapters to grow the impact of Girls in Tech.” He notes that the power of the organization is to foster empowerment, learning, communications, networking and especially mentoring. He believes Girls in Tech will be a pathway to building the diverse and inclusive tech workforce the world needs. He also forged strategic partnerships with non-profits including Blacks in Technology Foundation, AfroTech and Society of Hispanic Professional Engineers.

Durvasula has enacted remarkable, long-term change across TIAA in a relatively short amount of time, and he and his team remain ambitious about the future.

Peter High is President of Metis Strategy, a business and IT advisory firm. He has written three bestselling books, including his latest Getting to Nimble. He also moderates the Technovation podcast series and speaks at conferences around the world. Follow him on Twitter @PeterAHigh.

Thank you to all who attended the 10th Metis Strategy Digital Symposium. Across conversations, leaders emphasized the need for foundational data and analytics capabilities to prepare their organizations for growth. Whether modernizing systems, designing new operating models, or upskilling teams for the future, an organization’s ability to appropriately harness the information assets available continues to be a key source of competitive advantage.  

Below are highlights from the event. Stay tuned to the Metis Strategy YouTube channel and Technovation podcast in the coming weeks for full recordings of individual panel discussions. In the meantime, click here to request an invitation for our next virtual event on December 13, 2022.

Data skills and career development drive upskilling efforts

To prepare employees for jobs of the future, technology leaders are focusing on upskilling and development initiatives that teach employees the latest technology skills while providing a clear path for professional growth. The most in-demand skill today: “data, data, data,” said Udacity CEO Gabe Dalporto. ”Every part of every organization needs better data skills.” That means not only equipping data scientists and IT teams with the latest skills, but also ensuring data literacy across marketing, compliance, cybersecurity, and beyond. 

It isn’t enough to only provide training, however. Dalporto noted that attrition can actually increase if reskilling programs aren’t directly linked to individuals’ jobs and career paths. The message resonated with attendees, 44% of whom noted career pathing and other growth opportunities as focus areas within their upskilling initiatives.

Pearson CIO Marykay Wells reiterated the importance of creating an environment that encourages continuous development. Pearson offers weekly learning hours and a range of certifications employees can pursue to help spark new ideas and creative thinking. The company is also leaning into greater job mobility, encouraging team members to apply their learnings across the organization. 

Emerging technologies enable greater precision and sustainability

A strong foundation in data and analytics paves the way for new innovations. As organizations modernize enterprise data platforms and gain access to consistently reliable information, they are finding new ways to use emerging technologies to improve processes and services.

At Boeing, data is embedded across the enterprise and serves as a source of growth and resilience, CIO and SVP of IT & Data Analytics Susan Doniz said. Data-driven insights give the company a greater understanding of supplier networks, assist with product planning, and drive sustainability initiatives. Boeing is using emerging technologies like digital twins and the metaverse to drive product precision, building airplanes thousands of times digitally before creating the physical plane. Boeing also combines its own information with weather data and other external sources to drive additional value. “The value of data is not just data by itself, it’s how you combine data with external data,” Doniz said. 

Emerging technologies have also shown promise in driving enterprise sustainability efforts. As Chevron Chief Digital Officer Frank Cassulo prepares for the transition to a lower carbon world and more renewable energy sources, he is advancing the deployment of industrial IoT, edge-based sensors, and real-time monitoring to improve the efficiency, reliability, and safety of the energy system. “We believe the intersection of technology and the energy transition is defining the rate at which we advance,” he said. Last year, the company launched Chevron New Energies to identify new technology opportunities and business models to deliver a lower carbon future. 

Organizations inject more data into product development and decision making

Technology leaders are embracing more data-driven decision making processes and rethinking how to measure the success of digital products and services.  

For example, every Monday morning, Vinod Bidarkoppa, SVP at Walmart and Chief Technology Officer at Sam’s Club, meets with the executive leadership team to discuss the Net Promoter Score of critical member and associate journeys from the prior week. Those metrics inform how the organization operates and focuses their efforts week to week. “Because there is data behind it, people can answer in a very data- driven way,” Bidarkoppa said. “It makes it a very rich conversation and it’s not just an opinion.”

Enterprises are also expressing a growing desire for reliable cybersecurity metrics. Orion Hindawi, Co-Founder and CEO at Tanium, detailed how the company is helping customers understand how their progress on particular KPIs compares to others in their industry. That data allows customers to better see where they have adequate protection or gaps that need filling.

Data-enabled products are also unlocking new efficiencies. Ameren Chief Digital Information Officer Bhavani Amirthalingam noted that putting more data into customers’ hands gives them more choice and control in managing their energy consumption. Greater accessibility to data also gives Ameren the ability to effectively track and reduce energy consumption in the data center and among key suppliers. 

As Pearson offers a broader range of digital education products, it is placing additional focus on metrics such as time to value (the time between a student enrolling and actually starting a course), as well as internal productivity metrics to guide process improvements for engineers. “We are thinking about ways we can use data to improve experience and value,” Wells said.  

Executives find new ways to manage global talent and operating models

In an increasingly complex economic and geopolitical climate, digital leaders are among those re-examining global talent footprints and seeking opportunities to streamline or automate existing processes. More than half of MSDS respondents noted that they are bringing on more full-time employees across geographies and exploring new locations for talent.

Denton’s, the largest law firm in the world, has grown from 3,500 employees 10 years ago to 20,000 employees around the world today through robust M&A activity. Over the years, each entity retained IT teams, structures, and systems. As cloud computing adoption expanded and cybersecurity concerns became paramount, especially for clients, Global CIO Ash Banerjee and his team are transforming and unifying the technology function, progressing the firm’s growth and integration strategies while seeking to balance local and global needs.

Anil Bhatt, Global CIO at Elevance Health (formerly known as Anthem) works to make sure that his global product team and engineer teams have the capabilities they need to meet business needs. At the same time, he’s focused on making sure team members are taking care of themselves. Bhatt’s team led two employee-focused transformations and introduced more flexibility and recognition. “As you take care of associates and employees, it changes how they look at company,” he said.

As the security and privacy landscape grows more complex, technology leaders must balance global rules and standards with country- or region-specific regulations. Kevin Stine, Chief of the Applied Cybersecurity Division for NIST’s Information Technology Laboratory (ITL), has been encouraged by an uptick of international governments and businesses adopting and engaging with the NIST framework. He notes this global alignment of standards as a critical step to aligning key cybersecurity outcomes and avoiding duplication or conflicting expectations. 

Digital positions IT for greater strategic influence

As data-based decision making and digital tools pervade modern business, technology leaders are modernizing organizational architectures to help their companies more directly tie technology initiatives to business growth. At retailer Dollar General, CIO Carman Wenkoff prioritized people and processes in the modernization journey. After evaluating organizational structures and existing ways of working, the company grouped 105 technology domains into categories and assigned domain leaders to define and implement a future vision. The new structure is helping the retailer define new ways of working and find new ways to serve customers. 

The prevalence of technology is putting more leaders on the path from CIO to CEO, COO, and other business leadership roles in the C-suite. Chandra Dhandapani; Chief Executive Officer for Global Workplace Solutions at real estate firm CBRE advised technology leaders wishing to ascend to other roles to stay closely aligned with business leaders, invest in technology closely aligned with business strategy, move fast, and care about customer experience.  She encouraged leaders to take an outside-in perspective and “internalize being business leaders first who happen to have expertise in technology.” Dhandapani believes that CIOs are well positioned to take on additional leadership roles as they understand their organization’s data strengths and weaknesses and know how to use data to develop key insights.