Data Dilemma: Navigating Data at the Crossroads of Innovation & Compliance

Tara Cho
Womble Bond Dickinson
Contact
LinkedIn
Facebook
X
Send
Embed

Womble Bond Dickinson

Womble Bond Dickinson’s content series—Innovation Interchange: The Power of Cross-Industry Insight—explores emerging challenges from the viewpoint of trendsetting industries. As part of this series, WBD Privacy and Cybersecurity Team Chair Tara Cho led a panel discussion on maintaining data privacy while also effectively employing data with Biju Mukund, experienced data governance leader of a multinational consumer goods company, and Jill Suwanski, Associate General Counsel and Data Privacy Officer at Bridgestone Americas, Inc.

Data drives business. More to the point, companies that don’t fully leverage the data available to them will fall behind those that do.

But at the same time, data privacy and governance legislation are increasing at a rapid pace. In the U.S., numerous states are following California’s lead and passing stringent consumer privacy laws. The landmark GDPR and other international laws have raised the compliance stakes for companies doing business globally.

Add in stricter enforcement by U.S. federal agencies, contractual obligations to protect data, and a consumer public increasingly vigilant about personal privacy, and company officials have plenty to keep track of.

“If that’s not all to give us a little bit of heartburn, on the business side, there’s an imperative to use and manage data assets,” Cho said.

The Business Case for Data Governance

Mukund and Suwanski both represent large corporations that operate internationally and touch millions of consumers. While that presents ever-present compliance challenges, it also creates major opportunities to leverage data for business purposes. Fear of reputational or financial loss is serious, but compliance is just the minimum of what companies need to do regarding data.

Data governance is a broad-reaching concept that involves policies, procedures, and principles to guide how a company can use data effectively and ethically.

“It was a data-driven strategy that kicked off a data governance program. The digital world powered by data has opened many opportunities for marketers and HR to engage with consumers and employees in ways which were not available before. To build trust and propel growth in this new digital ecosystem, companies must both protect privacy and leverage the value of data,” Mukund said.

“It was a data-driven strategy that kicked off a data governance program. The digital world powered by data has opened many opportunities for marketers and HR to engage with consumers and employees in ways which were not available before. To build trust and propel growth in this new digital ecosystem, companies must both protect privacy and leverage the value of data."

BIJU MUKUND

Bridgestone Americas is a leading brand in the tire business. Bridgestone's roots in that industry date back more than 90 years, and its Firestone brand dates back more than 100 years. The company also more recently launched Bridgestone Mobility Solutions, a business unit focusing on GPS fleet tracking, safety camera solutions, driver safety, vehicle diagnostics, and other services that depend entirely on the collection and analysis of data.

Suwanski said that launching Bridgestone Mobility Solutions created a business imperative to focus on data governance, separate from but working with its privacy team.

“We began our privacy efforts in Europe with the advent of GDPR, but the imperative to create an Americas program quickly became apparent. Now, with our Mobility Solutions businesses operating in both the U.S. and Europe, we are taking a more West-side approach,” she said.

Mukund said company principles for protecting and properly using personal data also have been successfully applied to aggregated data.

Cho added that privacy-related legal requirements are constantly evolving. Companies can’t just comply with one specific set of laws—they must be governed by a set of privacy and data governance fundamentals.

Companies can’t just comply with one specific set of laws—they must be governed by a set of privacy and data governance fundamentals.

Building a Data Governance Program

“It is best to bake a Privacy Compliance program into a wider governance program which takes care of governing 90% of all universally applicable privacy requirements,” Mukund said. “We must keep 10% for local legal requirements which may be specific to a country and must be dealt with by local legal experts.”

“In terms of non-aggregated data, there is a lot of power in that data and there is a lot of need to leverage that data,” he said. “When you combine the compliance piece and the leverage piece into a single model, you have a very strong proposition for the business.”

“The realization that data is a powerful asset and if you don’t do anything about it, you’ll be left behind is a potent realization,” Mukund said. Companies need to take a holistic view of such factors as data quality, data security, consumer trust—it all must work together. Having a data Governance program is essential to this. But this requires leadership to buy-in.

Suwanski said the role of the GC’s office in data governance certainly includes mitigating risks and fostering a corporate culture that values protecting data. It also involves trying to find solutions in a data-driven market.

“We’re trying to find the path to ‘yes.’ We don’t want to say, ‘We can’t do it’ unless we absolutely can’t do it,” she said.

“We’re trying to find the path to ‘yes.’ We don’t want to say, ‘We can’t do it’ unless we absolutely can’t do it.”

JILL SUWANSKI

Governance programs should include three sets of metrics:

  • Privacy Objectives that measure data inventory, DSAR (data subject access request) responses, third-party disclosures, PIAs (privacy impact assessments), and training.
  • Cybersecurity Objectives, focusing on security incident prevention, detection, and reporting.
  • Data Objectives measuring quality, availability, accuracy, and innovation.

Practical Advice for Data Governance

“Everything is data-driven. Any data you can get is an asset of the organization,” Cho said. “It’s less about policing and more of a business tool that can be used across many different workstreams.” But getting buy-in from company leaders can be a challenge, she said.

“Everything is data-driven. Any data you can get is an asset of the organization. It’s less about policing and more of a business tool that can be used across many different workstreams.”

TARA CHO

Suwanski added, “One thing that keeps me up at night is the idea of a pocket of team members doing their own thing and I don’t know about it.” Having the right tone from the top is vital for ensuring a unified, company-wide approach to data governance.

For example, Suwanski is also the company’s Board Secretary and reports directly to the board at meetings at least twice a year, thus providing a direct conduit for the privacy team to the company’s top leadership.

Mukund agreed that a company-wide focus is key. “Everyone needs to know, ‘These are the metrics. This is the destination.’” He provided four tips for establishing a successful data governance program:

  1. Get the company’s influencers on the data governance team. These are the people who can give these efforts credibility and inspire buy-in across the organization.
  2. Use incentives to encourage participation and compliance.
  3. Communicate with team members at the local level to know what is going on around the organization.
  4. Refresh and recalibrate metrics every year. “Then the race starts again,” Mukund said.

Mukund also said company leaders need to be aware that the perception of privacy is different across the globe. Some countries have an aggressive approach to using data, while others are highly restrictive. And in some places, the “right to privacy” has not yet emerged as an issue.

“Cultural context matters,” he said. Mukund said his company treats privacy as a right, whether local law recognizes it or not. That guides the company’s behavior and how they interact with customers.

Suwanski said data mapping— the process of extracting, standardizing, and linking data from multiple sources to establish relationships between them—is the first step in a data governance program.

In today’s data-driven business environment, the importance of robust data governance cannot be overstated. Companies that fail to fully leverage their data assets risk falling behind, while those that master data governance can unlock significant competitive advantages. With stringent data privacy laws and vigilant consumers, compliance is essential but merely the starting point.

With stringent data privacy laws and vigilant consumers, compliance is essential but merely the starting point.

Building a comprehensive data governance program is not just about meeting legal requirements; it’s about integrating data quality, security, and innovation into the fabric of a company. Leaders must cultivate a culture that values data protection and seeks innovative solutions in a market increasingly driven by data.

Key Takeaways

  • Leverage Data or Fall Behind: Utilize data assets fully to stay competitive. Businesses that do not fully leverage their data will lag those that do.
  • Evolving Compliance Landscape: With the rapid pace of data privacy and governance legislation, especially following the example of GDPR and the California Consumer Privacy Act, companies must stay updated with the evolving compliance landscape to avoid legal pitfalls.
  • Integration of Privacy and Business Goals: Balance data privacy with business objectives to turn compliance into a strategic business tool.
  • Global Awareness: Navigate varying degrees of data privacy laws and treat privacy as a fundamental right internationally regardless of local legislation.
  • Leadership Buy-In: Secure buy-in from top leadership on data governance initiatives to foster a data-driven culture.
  • Structured Governance Programs: Include metrics covering privacy, cybersecurity, and data quality objectives to ensure comprehensive oversight in governance programs.
  • Local and Global Perspectives: Communicate regularly with local teams and recalibrate goals and metrics annually. This is essential for understanding diverse data practices and maintaining program relevance.
  • Incentivization and Credibility: Get influencers on board and use incentives to drive participation and compliance.
  • Data Mapping as a Foundation: Standardize and link data from multiple sources through data mapping, thus establishing meaningful relationships. This is the first step in a robust data governance program.
  • Holistic Approach to Data Assets: Consider data quality, security, and consumer trust together with a united, company-wide approach to data governance.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Womble Bond Dickinson

Written by:

Womble Bond Dickinson
Womble Bond Dickinson
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Womble Bond Dickinson on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide