Data governance is more than just rules and best practices
While ethical companies will be transparent about how they collect and use the data, some others do so without the permission of the consumer and even awareness. Businesses need to be responsible stewards of data. But what does that entail?
Rajeev Peshawaria
CEO, Stewardship Asia Centre
06 June 2022
The COVID-19 pandemic has accelerated the adoption of online business, and companies are collecting and harvesting more data than ever. For consumers, it has become inconceivable to live without the internet.
While ethical companies will be transparent about how they collect and use the data, some others do so without the consumer’s permission and even awareness.
According to a PwC Consumer Intelligence Series survey, 76 per cent of global consumers think that “sharing my personal information with companies is a necessary evil,” and 60 per cent expect the companies with whom they do business to suffer a data breach someday. In the same survey, 55 per cent of businesses feel that consumer trust in their technology is growing. However, only 21 per cent of consumers report such growing trust.
As users’ digital footprint expands, more are demanding better protection and privacy of their data. The dilemma for business leaders is that data security and privacy cost money but are largely invisible to the consumer. However, with an increasing number of interconnected systems, a data breach is potentially catastrophic.
Lawmakers and governments are doing their part. Worldwide, there has been a proliferation of legal frameworks and policies to ensure appropriate controls on collecting, processing, and storing of personal data. But regulatory pressure alone has not prevented violations because, in some cases, companies are seen satisfying the minimum regulatory requirements. Some will risk ignoring the rules because of cost.
While rules, regulations, reporting and disclosure requirements, and even hiring data officers, are ways to mitigate such risks, these measures are more effective when underpinned by genuine stewardship leadership. In other words, businesses need to be responsible stewards of data. But what is steward leadership?
Steward Leadership in business is the genuine desire and persistence to create a collective better future. Actions driven by steward leadership result in long-term value creation because they address the needs of a wide range of stakeholders, not just shareholders. Steward Leadership is guided by four principles: interdependence, ownership mentality, long-term view and creative resilience. Business leaders who adopt this mindset and practice are steward leaders, and they are intrinsically motivated to do well by doing good. So, what are the essence of the four principles mentioned above in the context of data stewardship?
Steward leadership and data (Cyber) security
Interdependence: Steward leaders see the world as an integrated and interconnected web in which the success of each constituent is coupled with that of other constituents. They understand that any data breach will lead to potential harm for consumers and the loss of credibility and reputation for the company. So they take it upon themselves to address the needs of all related stakeholders and do what is needed to protect data. The duty of care extends beyond that of box-ticking efforts. In fact, research by Boston Consulting Group stated that data misuse – defined as the use of data outside the original purpose for which it was gathered – can cause consumers to cut their spending with a company by about a third.
Ownership mentality: Operating with an ownership mentality requires business leaders to be transparent about their data collection, usage and management practices. Leaders need to put themselves in the shoes of a consumer and exercise caution and ownership to ensure they treat and guard stakeholder data responsibly to prevent a trust deficit. They must understand what counter-parties expect and implement it. Training, insurance, server redundancy, and many other items, unseen but essential, need to be acquired.
Long-term thinking: Consumers’ attitudes are changing. Countries and governments worldwide are also responding with stronger laws that emphasise data privacy and protection. Steward leaders go beyond short-term gains and superficial adherence to regulations to delivering durable and safe products and services that provide value over the long term. They also proactively build trust with their customers to ensure the long-term viability of their business models.
Creative resilience: Steward leaders understand that they need a blueprint for data security that matches today’s challenges. The status quo may not be good enough. If this means re-engineering the entire existing IT infrastructure at great cost to shareholders to improve customer data security materially, so be it. Steward leaders manage the tough decisions. A steward leader would not think of doing the regulatory minimum. Instead, he or she would ask, “Have I protected customers to a degree that is adequate?”
So how should a business put these values into practice? Three steps:
- Integrate the four stewardship values with your organisational and personal values
- Based on these values, articulate your business stewardship purpose to create a collective better future for all your stakeholders
- Consistently use the stewardship values to guide all actions and decisions.
The four values and purpose together form a company’s Steward Leadership Compass. This compass will guide and govern all actions taken by management and employees. But simply developing the Compass and printing colourful posters will not do the job. Steward leaders must make the Compass a way of life (step 3). This is hard work, but in today’s transparent world, it is perhaps the only way to safeguard long-term success.