Ensuring data governance and privacy at the pace of today. . .and tomorrow

By | 5 minute read | October 29, 2020

Data governance is a central consideration for Chief Data Officers. With today’s increasingly complex privacy regulations, the stakes have never been higher. 

At IBM’s recent CDO Summit, we discussed the accelerating challenges surrounding this topic, and in turn, I shared IBM’s approach to building a holistic data governance framework.

Data Governance is finding the right balance between data monetization and risk reduction

CDOs are primarily charged with three things: boosting the top line, improving the bottom line, and reducing risk. Data governance is how you go about accomplishing them. Within that, there’s a whole slew of activities related to meeting complex and regionally specific regulatory requirements. Still, I tell my peers that if you keep those top three things in mind, data governance begins to make sense.

A good data governance framework enables you to move forward while at the same time managing risk at an acceptable level. The goal is to keep the flow going so that the data can be used to drive value. Whether it be innovation for new products, insights around processes, or reducing cycle time, it’s all about being able to keep that flow going sufficiently so you attain your targets while minimizing risk.

As privacy regulations grow in scope and complexity, AI-infused automation is key

Eventually it’s all about speed: speed to insight, speed to action, speed to value. That’s what translates to your bottom line improving or your top line growing. To keep pace, you need to make privacy and security decisions in real time. That takes automation.

That’s the strategy we’ve embarked on at IBM, and it has been tremendously helpful – enabling us to scale rapidly to address new regulations by having an end-to-end flow that is supported intensively by automated processes and artificial intelligence.

Essentially, privacy regulation boils down to one thing: making sure that you’re able to safeguard the Personally Identifiable (PI) data that you’re collecting. At IBM, our ace in the hole is artificial intelligence (AI) because we are already infusing AI into every business process. In addition, we already have a central data & AI platform across the company. We started leveraging it for privacy – building a governance framework to deliver actionable information in real time while ensuring regulatory compliance.

Hybrid Cloud adds flexibility

The other key technical aspect that we’re prioritizing at IBM is our hybrid cloud framework.

A hybrid cloud environment is giving us increased flexibility with regard to regulatory compliance through a mix of pre-defined policies and run-time automation, coupled with AI.

Traditionally, regulatory compliance has been handled by looking at ten different regulations, taking the one that’s most restrictive, and standardizing for that. With our AI-infused hybrid cloud approach, we are able to configure aspects of data processing to appropriately access and process data in compliance with all these different regulations simultaneously.

For example, access control can be determined not only by the role of the user but also by policies implemented at run time that align to regulations. Consider a data scientist who logs in from the U.S. and accesses certain sets of data. Later, if that same person with the same role logs in from a different country, they may not have the same access. These types of real-time decisions are critical to privacy regulation compliance.

An informed workforce brings it home

Another important aspect of data governance is having a culture that prioritizes data privacy and security. This is especially critical when analytics and AI enter the picture, and you are creating new, derived data. You don’t know going in what you’re going to create.

There’s a famous retail example where somebody was taking prenatal vitamins and the data inferred that the person was pregnant. That’s a perfect example of starting off with a grocery list and ending up with new data that’s highly sensitive and that you shouldn’t be using. To address this, you must prepare your workforce that is doing the analytics.

The coaching I like to give our people is if you come across an insight like that – where you can identify personal information about someone and you’re about to take action — pause and think about the implications. If it was your wife, your daughter, your mother, your husband, your son, your father, whose personal information is revealed, would you act? And if there is any doubt, don’t do it.  You have to bring that aspect of a human value into the equation.

In order to ensure that you are handling derived data the same way as you would the other data with regard to the privacy regulations, an informed and empowered workforce is critical.

It comes down to trust

In today’s world — with increasing intensity around cybercrime, cyberattacks, data theft, ransomware, and more — customers have to be able to trust the companies they work with.

For IBM, trust is imperative. That’s why we’re building a holistic data governance framework: to foster confidence in our processes and people.

Further, that’s why we share our strategy. We are eager to allow our clients and stakeholders to take advantage of our experience in about as complex an environment as you could get. We’re a 100+-year-old company with a lot of legacy.  We’re far flung globally.  We have lots of business units with products that are very different from each other. As we create this automated “secure by design” governance framework, it becomes a good reference point for our clients and stakeholders.

The road to data governance is not smooth or straight. If you put in too many speed bumps, you’re not going to boost growth. You might not even be able to improve the bottom line. If you put too few, you increase risk. The fact is, these things are all very difficult. At IBM, we are finding our way, tackling the twists and turns through the power of AI-powered automation in the hybrid cloud.

More than 100 professionals gathered online for the IBM Chief Data Officer Summit: Data Privacy and Governance

Thought leaders including Allen Crane, AVP and Head of Information Management at USAA; Rajan Mehta, EVP and Chief Product and technology Officer at the WWE, Christina Montgomery, VP and Chief Privacy Officer at IBM, and Inderpal Bhandari, Global Chief Data Officer of IBM shared their insights and best practices.

Watch the replay and register for our upcoming IBM CDO Summits here.