A fundamental shift is occurring in the global economy with respect to data. As it stands, only 30% of the global economy has been digitised, but 5G wireless networks and other high- speed telecommunications solutions will enable the digitisation of the remaining 70%, driving huge increases in data generation.
The exponential growth in the use of internet-connected machines and AI is ushering in the ‘4th industrial revolution’, and every company will effectively become a data company in the short to medium term. This trend can already be seen in a significant number of ‘old economy’ sectors, including agriculture, mining and engineering.
These developments will require businesses to shift their thinking away from simple questions of strict data privacy compliance and start viewing data as a critical component of enterprise value which provides opportunities (in terms of service improvement and personalisation), but also requires effective management and protection.
Implementing best practice data governance will increasingly become a business imperative – both to fully realise its value and to avoid the significant brand damage and loss of social licence to operate that can arise from failures to secure personal data and ensure it is used ethically.
Many data-rich industries are already taking proactive steps in this space. For example, a number of major Australian data companies, including banks, insurers, airlines and data analytics firms have recently formed the Data Institute to work on defining data governance best practice beyond simple questions of compliance.
While social media companies have arguably been somewhat ‘late to the party’, Facebook’s recent calls for increased regulation of privacy and data portability (amongst other things) show how quickly debate on these issues has shifted.
How to understand your data
An essential first step in developing any strategic approach to data management is to understand:
- What data your business collects – this may be increasingly difficult to determine as machines start collecting information on your behalf.
- Whether the data is accurate – the results of the application of data analytics tools will only be as good as the data they are based on.
- Whether the data is accessible and able to be analysed – legacy systems and a lack of integration can create data silos, making the task of getting the most out of your data assets challenging.
- Whether the data is secure – risks from malicious actors will rise as internet connected machines increase the number of entry points into a business’ IT systems.
- Whether the data belongs to the business – understanding the basis on which data was collected is critical to assessing how it can be used.
Best practice data governance increasingly requires systems and processes that incorporate transparency, accuracy, consumer and customer choice, security/de-identification, stewardship and accountability. Two important issues that require consideration in this context are:
1. Implementation of digital transformation strategies
Digital transformation can remove data silos created by legacy systems, offer single source of truth capability and render data more readily accessible to analytic tools and AI. However, there are also challenges which must be carefully navigated.
Combining data from different sources requires careful consideration of the different permissions and licences that may attach to each data source and the appropriate application of access controls. For example, without proper data governance, under a ‘single source of truth’ model, data originally sourced from a customer database may be used by another part of the business for a purpose it was not collected for, resulting in privacy breaches and the potential for regulatory investigations.
Further, systems and processes which allow effective oversight of data management issues (including at senior executive and board level) are key. This includes clear reporting lines and allocation of responsibility for data management.
2. Ownership of data
Until relatively recently, data collected by companies tended to be viewed as entirely its proprietary material, with only limited qualifications arising from privacy law. We see this paradigm shifting rapidly due to policy developments around the world that call this proprietary model into question. Examples of this include:
- the Consumer Data Right announced by the Australian Government which, over time, will mandate the transfer of data between competitors in designated sectors at the request of consumers;
- the recent announcement that the California Governor is working on ‘data dividend’ legislation that would see companies charged for the use of information collected from consumers;
- increasing use of the EU’s General Data Protection Regulation (GDPR) as a global standard to ensure cross-jurisdictional privacy compliance; and
- a number of regulatory inquiries, including the ongoing Digital Platforms Inquiry conducted by the ACCC in Australia and the recently concluded expert panel review on Competition Policy for the digital era undertaken in the EU, both of which have presented arguments for greater consumer choice in terms of how their data is handled and more open access to data sets that provide certain competitive advantages.
While it is true these policy developments have the potential to change the nature of the rights businesses have in relation to data, it is worth remembering that the Copyright Act still vests ownership of a database in the business (and not in the consumers whose information is included).
The fast approaching end of the global ‘techtopia’ and ‘free’ internet raises difficult questions about how the enterprise value of data is best determined. It is likely to drive the need for increasingly sophisticated information management systems which permit greater customisation based on consumer preferences and enable secure data transfers without compromising their integrity.
In this new paradigm, company boards will need the governance structures in place to allow full oversight of, and accountability for, data governance. This can only be achieved with the best practice data management processes and technology.
This publication is introductory in nature. Its content is current at the date of publication. It does not constitute legal advice and should not be relied upon as such. You should always obtain legal advice based on your specific circumstances before taking any action relating to matters covered by this publication. Some information may have been obtained from external sources, and we cannot guarantee the accuracy or currency of any such information.