Chris Davis co-authored this article.
Companies continue to face implementation challenges as they rush to comply with data privacy regulations such as Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This is due largely to a mismatch between their management of data and the stringent requirements set by the regulations.
Organizations can address the complexities of privacy regulations via a well-defined data governance framework, which leverages people, processes and technologies to establish standards for data access, management and use. Such a framework also enables companies to address elements of privacy, including identity and access management, consent management and policy definition.
As leaders implement data governance models with privacy in mind, they may face challenges, including lukewarm executive buy-in, lack of a cohesive data strategy, or diverging opinions about how data should be used and handled. To address these obstacles, leaders should consider the following actions:
While a Chief Data Officer or CIO may lead the implementation of a data governance framework or model, data governance should be a shared responsibility across a company. At a minimum, the IT department, privacy office, security organization, and various business divisions should be involved, as each has an important stake in data management. Bringing in a variety of stakeholders early allows firms to establish key data objectives and a broader data governance vision. This collaboration can take the form of a dedicated task force or may involve regular reporting on data governance and privacy objectives to the executive board.
Data privacy, similarly, is also a shared responsibility. All employees have a part to play in maintaining data privacy by following accepted standards for data collection, use and sharing. Indeed, implementing a successful data governance model with privacy in mind requires educating employees on governance concepts, roles and responsibilities, as well as data privacy concepts and regulations (e.g. the definition of “personal information” vs. “consumer information”).
After establishing a governance vision and driving employee awareness, organizations can define their desired data governance roles – such as data owners, data stewards, data architects and data consumers – and tailor the roles to their needs. Some companies may distinguish between data stewards and data owners, for example, with the former responsible for executing daily data operations and the latter responsible for data policy definition. For one client with a large and complex IT department, Metis Strategy established a governance hierarchy with an executive-level board, combined data steward/owner roles, and other positions (e.g. data quality custodians). This structure facilitated ease of communication and enabled the client to scale its data management practices.
In the long term, firms should incorporate data governance and management skills into their talent strategy and workforce planning. Given the expertise required and the shortage of qualified people for some data-intensive roles, organizations can consider enlisting the help of talent-sourcing firms while focusing internal efforts on talent retention and upskilling. As companies’ strategic goals and regulatory requirements change, they should remain flexible in adjusting their data governance roles and ownership.
To respond adequately to consumer privacy-related requests for data, organizations should establish standardized procedures and policies across the data lifecycle. This will allow companies to understand what data they collect, use and share, and how those practices relate to consumers.
For example, the CCPA provides consumers with the right to opt out of having their personal information sold to third parties. If a retailer needed to comply with such a request, it would need to be able to answer questions in the following categories:
Establishing policies and standards for the above can help organizations quickly determine the actions needed to respond to customer requests under privacy regulations. Companies should communicate policies widely and ensure that they are being followed, as failing to do so can propagate the use of inconsistent templates and practices. At one Metis Strategy client, for example, few stakeholders had sufficient awareness of data management and access standards, despite the fact that the client’s IT department had established extensive policies around them.
To successfully implement data governance frameworks and ensure privacy compliance, firms may also need to address challenges posed by legacy infrastructure and technical debt. For example, data often is stored in silos throughout an organization, making it difficult to appropriately identify the source of any data privacy issues and promptly respond to consumers or regulatory authorities.
Firms also need to evaluate the security and privacy risks posed by outsourced cloud services, such as cloud-based data lakes. Those using multiple cloud providers may want to streamline their data sharing agreements to create consistency across vendors.
Some technologies can help companies leverage customer data while mitigating privacy risks. In a Metis Strategy interview, Greg Sullivan, CIO of Carnival Corporation, noted that data virtualization enhanced his organization’s analytics capabilities, drove down operational and computing costs and reduced the company’s exposure to potential security and privacy gaps.
Companies can also consider new privacy compliance technologies, which can enhance data governance through increased visibility and transparency. Data discovery tools use advanced analytics to identify data elements that could be deemed sensitive, for instance, while data flow mapping tools help companies understand how and where data moves both internally and externally. These tools can be used to help organizations determine the level of protection required for their most critical data elements and facilitate responses to consumer requests under GDPR and CCPA.
Although legacy technology overhauls can be time-consuming and costly, firms that are decisive about doing so can reduce their privacy and security risks while avoiding other challenges related to technical debt.
As the global data privacy landscape evolves, organizations should continuously adapt their data governance models. Companies should proactively address their obligations by designing data governance roles, processes, policies, and technology with privacy in mind, rather than reacting to current and forthcoming privacy legislation. Companies doing so can not only improve risk and reputational management, but also encourage greater transparency and data-driven decision-making across their organizations.
410: Humu Co-Founder and CEO Laszlo Bock describes the genesis, development, and deployment of Nudges, which were created to address that problem that great numbers of people are miserable in their jobs. Nudges are digital reminders that prompt the small actions that are most impactful when driving five factors: organizational performance, retention, individual happiness, inclusion, and innovation. In addition to using the product themselves, Humu targets large organizations as customers in order to make the greatest impact toward their mission and to ensure that they are developing products around data sets that are representative of the general population of workers. We also discuss the values that Laszlo draws from his time at Google, why he believes analytics, statistics, and computer science will drive a revolution in HR, and how immigrants, such as Laszlo himself, are fundamentally entrepreneurial in character.
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | Android | Podcast Index | Deezer | Youtube Music | RSS | More
A client sought to develop a comprehensive understanding of its enterprise architecture and how it could be used to support business strategy.
A business division within a large US-based employer services provider realized that it had an incomplete understanding of its existing enterprise architecture and was not up-to-date on the firm’s overall architecture standards. The group wanted to create a next-generation enterprise architecture that would support overall business strategy and help drive desired outcomes.
Metis Strategy established a current-state understanding of the company’s enterprise architecture, developed a desired future-state vision, and crafted a strategy for implementation.
To help the client develop a future-state vision for its enterprise architecture, Metis Strategy undertook the following activities:
Metis Strategy presented a strategy roadmap to help business leaders move the company toward its future-state enterprise architecture vision and give stakeholders a holistic view of the firm’s EA.
Metis Strategy presented the client with documented recommendations for EA strategy and implementation, including:
An information services company sought to redesign its technology organization to align it more closely with the firm’s business divisions.
Often, Metis Strategy’s work on change management has been part of a client’s broader operating model, organizational change or transformation efforts.
A large information services and publishing company sought to redesign its technology organization to more closely align it with business units and adopt a geographic footprint strategy that would sustain future growth. The client hired Metis Strategy to develop an accountability framework and change management roadmap.
In another case, a global professional services company hired Metis Strategy to investigate the value of creating an Enterprise Office of the CIO (OCIO) and Program Management Office across the the firm’s individual operating companies and IT departments.
Metis Strategy used elements of Kotter’s 8-step change model to design a future-state vision for organizational change and develop a change management plan.
In both cases, Metis Strategy used elements of Kotter’s 8-Step change model to design a future-state vision for organizational change and develop a change management plan:
Established an accountability framework tying critical change activities to senior client leadership and provided a change management roadmap detailing key activities, dependencies, and risks for organizational transformation.
For the information services company, Metis Strategy established a responsibility and accountability framework that tied critical change activities to senior client leadership. It also provided the client with a change management roadmap detailing the transformation’s key activities, dependencies, and risks.
In the case of the global professional services company, Metis Strategy developed a comprehensive business case for establishing the Enterprise CIO and Program Management offices and created an organizational change management plan and maturity model to help the client measure progress during the transformation.
Metis Strategy conducted technology due diligence on a professional services company in preparation for a possible acquisition by the client.
Business- and technology-focused evaluations are critical parts of the due diligence process when firms choose to expand their footprint through acquisition. The CTO of a leading human capital management company asked Metis Strategy to help conduct pre-transaction due diligence on a targeted professional services company and help IT deepen its understanding of the target company’s product platforms, technology infrastructure, expertise, and organizational structure ahead of a possible acquisition..
With the client CTO and his team, Metis Strategy conducted technical and infrastructural assessments to identify synergies, redundancies, and risks, and to evaluate the target company’s strengths, weaknesses, and capabilities.
The Metis Strategy team participated in the target company’s product demonstrations and subject-matter expert interviews, reviewed and analyzed all available target company artifacts, and analyzed findings from technical and infrastructure deep-dives with the target company’s stakeholders. The team took the following actions to expand the analysis:
Provided input to CTO and C-level decision-makers about whether to proceed with the acquisition. Also made recommendations to corporate development leaders about the strategic value of the deal and highlighted a list of challenges the client would need to address if it decided to proceed.
Metis Strategy’s assessments helped the client’s corporate development, product, and technology leadership identify product synergies, integration risks, and areas in which investment would be needed to ensure a smooth integration. Metis Strategy provided the CTO and his leadership team with a list of pre-close and first-100-days merger integration items as well as an estimated budget to address them.
Metis Strategy helped clients develop international market-entry strategies and identify potential acquisitions and partnerships in target markets.
A professional employer services organization asked Metis Strategy to investigate the feasibility of transferring the its U.S. business models, partially or completely, to its target markets in Europe. The client also wanted to understand which potential target countries in Europe would align best with its growth strategy.
In the second case, a Fortune 500 wine and spirits company, hoping to increase its growth in China, hired Metis Strategy to research and analyze consumption trends and preferences there.
Used the Metis Strategy International Expansion Framework to help clients define their strategic objectives, improve or develop their international expansion strategy, and decide on target countries and entry modes.
In both cases, Metis Strategy uses its International Expansion Framework to help clients achieve their goals (see image below).
Helped a leading professional employer services organization identify the most promising overseas market and develop business models suited to that market. Also helped a client identify growth opportunities in China.
Metis Strategy helped the professional employer services client identify and develop feasible business models in accordance with unique legal, cultural, and regulatory conditions in the its target markets. Additionally, Metis Strategy identified the client’s most promising target market, based on country-specific risk-reward analyses and country-by-country comparisons, and developed various market entry options, including potential acquisitions or partnerships.
In the second case, Metis Strategy provided the wine and spirits company with a detailed breakdown of the differences between its traditional markets and China, including contrasts in business climate, regulatory environment, and consumer preferences. The insights helped the client consider its growth scenarios for the Chinese market and evaluate new ways to capture market share.
371: General Stanley McChrystal explores a variety of different genres of leaders, including geniuses, founders, politicians, reformers, heroes, and zealots. While he asserts that a group’s performance is less about the leader’s ability and more about the surrounding factors, General McChrystal claims that the best leaders are those who are empathetic to the group’s position at a given time and are able to constantly adapt. Throughout our conversation, we also discuss General McChrystal’s evolving opinions on Robert E. Lee, his experience with his nemesis in Al Qaeda Abu Musab al-Zarqawi, and why he dedicated his book to John McCain and John Lewis.
General McChrystal is a retired four-star general of the US Army and the author of multiple books, including his most recent one, Leaders: Myth and Reality. Following a 34-year career in the United States Army, General McChrystal founded the McChrystal Group, an advisory services firm that specializes in leadership consulting.
Among other topics, General McChrystal discusses the following issues with Metis Strategy:
General Stanley McChrystal is a retired four-star general. He is the former commander of U.S. and International Security Assistance Forces (ISAF) Afghanistan and the former commander of the premier military counter-terrorism force, Joint Special Operations Command (JSOC). He was responsible for developing and implementing the current counter-insurgency strategy in Afghanistan, and for creating a comprehensive counter-terrorism organization that revolutionized the interagency operating culture.
General McChrystal co-founded the McChrystal Group in 2011. The McChrystal Group’s mission is to deliver innovative leadership solutions to American businesses to help them transform and succeed in challenging and dynamic environments.
General McChrystal is a senior fellow at Yale University’s Jackson Institute for Global Affairs where he teaches a course on Leadership in Operation. He sits on the boards of Navistar International Corporation and JetBlue Airways. He is also the chair of Service Year Alliance, which advocates for a year of service for every young American.
General McChrystal earned a Bachelor of Science from West Point and is a graduate of the U.S. Naval War College. He has completed fellowships at Harvard’s John F. Kennedy School of Government and at the Council on Foreign Relations.
Among other topics, Craig discusses the following issues with Metis Strategy:
Craig Newmark’s Biography
Welcome to Metis Strategy’s Forum on World Class IT. I’m Peter High and I’m pleased to welcome Craig Newmark to the broadcast. Craig is best known as the Craig in “craigslist” and “craigconnects.” He is a self described nerd, Web pioneer, speaker, philanthropist, and advocate of technology for the public good. Craig founded craigslist in 1995 as an email distribution list to friends, featuring local events in the San Francisco Bay Area. It became the almost completely free online classified advertising site that has seen more than 5 billion ads posted. While no longer part of management, Craig continues to work with craigslist as a customer service representative (CSR) in what he calls a “lightweight” capacity.
Today, Craig’s primary focus is craigconnects, which he launched in March 2011. The mission of craigconnects in the short term is to promote and enhance the use of technology and social media to benefit philanthropy and public service. Craig serves on the board of directors of the Poynter Foundation, Center for Public Integrity, Sunlight Foundation, Consumers Union/Consumer Reports, Blue Star Families, and Iraq and Afghanistan Veterans of America. He also serves on the Board of Overseers of the Columbia Journalism Review and on the advisory boards of nearly twenty other renowned non-profit organizations (see the full list at craigconnects.org/organizations). He is a member of the Sierra Club’s Arts and Entertainment.
Craig received his bachelor and master’s degrees in computer science from Case Western Reserve University.
Among other topics, John discusses the following issues with Metis Strategy:
John Hagel’s Biography
John is the Co-Chairman of Deloitte’s Center for the Edge. This Silicon Valley-based group conducts original research and develops substantive points of view on emerging business opportunities that should be on CEOs’ agendas. John has over 30 years of experience as a management consultant working both independently and with leading consulting firms. John is also a highly-acclaimed speaker and author. His latest book is “The Power of Pull: How Small Moves, Smartly Made, can Set Big Things in Motion”.
John received bachelor’s degrees from Wesleyan University and Oxford University. He also received a J.D. and MBA from Harvard University.
