Webinars      Login/Register      Cart

InfoGovANZ

Information Governance Think Tank

Data & Infonomics

Unlocking Data Value – Ronke Ekwensi

by

As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021.

We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues.

Our expert panel included InfoGovANZ International Council member Ronke Ekwensi, who is Vice President of Data Management at Prudential.  With more than 25 years’ experience in data and information governance, Ronke is skilled in data strategy, privacy and information governance. She excels at building data management organizations and managing complex projects and initiatives. Ronke has served in various senior data and information governance capacities with several industry-leading firms, including Aetna, Baxalta and Pfizer. Her professional experience includes positions in the healthcare, biopharmaceuticals, power, technology, consumer electronics and management consulting industries.

Ronke’s insights:

If there is anything that 2020 taught us, it is companies must have the agility to react to the unpredictable. The COVID-19 pandemic forced companies to address both the monetary and social value of data.

  • Value of data in driving digital transformation – the pandemic forced many companies to accelerate their digital transformation strategies. This mostly focused on how use technology to improve customer experience, create new products and significantly deepen understanding of their customers. This requires complete and accurate data that allows organisations to drive transformation initiatives.
  • Value of data in driving social good – the era of big data has shifted the traditional data collection paradigm, with more data in the hands of private corporations than government and research organisations.
  • Data collected by private and public companies,while valuable for advancing commercial interests, is also valuable for social good. As we move through the COVID-19 pandemic, there are numerous examples of this data malleability, for example, location data is useful for digital contact tracing to arrest the progress of disease spread. In the same way in which companies give away cash through corporate giving programs, they should consider giving away data for social good.
  • Importance of good data management and governance –there is a distinction between data management and data governance. Management involves how to make sure data is useful and fit for purpose within an organisation. It includes quality management, metadata capture to accelerate data consumption patterns and other processes, such as security and monitoring. Data governance is more focused on appropriate use and controls (i.e., people and processes). Organisations have to do both in an integrated fashion to ensure that data moves from bits and bytes to useful information that drives decision-making.

Suggestions for leaders

  • Shift your focus and don’t attempt to “boil the data ocean”. Instead, invest in the data that is critical to advancing digital transformation. These investments should focus on data completeness and include external data asset acquisition.
  • Consider: (1) assess the value of your data for driving social good and (2) invest in advancing regulatory frameworks that allow you to share data for initiatives that promote societal welfare in ways that balance protection and privacy concerns.
  • Your focus on data governance should be multitiered including defining working groups, councils and executive steering committees, that reduce bureaucracy and ensure appropriate escalation to enable timely decision-making. The focus should be on enabling results.

Given the expected ongoing complex and uncertain operating environment in 2021, robust information governance is needed to provide a system for the effective control and management of information assets to enable access to real-time and accurate information, as well as optimise data assets and value-generating activities while minimising risks.

You can read the insights from the rest of our expert panel in our InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021 Report. The report was developed from a virtual forum discussing the impact of COVID-19  and IG implications for organisations on data, access to information, trust, transparency and accountability, cybersecurity, global privacy regulatory developments, eDiscovery, ethics and artificial intelligence.

You can also watch the recording of the 28 January 2021 webinar here.

The Data Explosion & IG, Reducing eDiscovery Costs – Richard Kessler

by

As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021.

We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues.

Our expert panel included InfoGovANZ Intenational Council member Richard P. Kessler, who is a pioneer and thought leader connecting people with ideas in the fields of information governance, data governance, legal operations, eDiscovery and infonomics.  As the CEO of Dilijint, Richard leads with a vison focused on bringing innovative solutions to complex data challenges.

Prior to taking the leadership role at Dilijint, Richard was a Director at KPMG in Cyber Security Strategy and Governance as part of the U.S. Information Governance and Privacy practice.  In this role, Richard created the Data Value Model innovation comprising the ideation, design, development, expansion, and integration across multiple data and information disciplines.  Richard was pivotal in orchestrating integration of governance across pillars leading to a new way of thinking about data.

Richard’s insights:

  • Despite trends like these, many companies continue to use ‘traditional’ approaches to eDiscovery and have done little to put in place powerful and effective information governance functions. Although many innovative capabilities within the eDiscovery process have been invented and applied, firms have not yet been able to check their own organisations’ explosion of data through the operationalisation of data minimising strategies.
  • In addition, many firms simply can’t measure their total storage or corresponding actual data requirements because so much data is in the cloud and/or part of their actual supply chain or data supply chain. Although relied on very heavily for day-to-day operations, it is with seemingly minimal financial impact until a data breach occurs or significant costs are involved in a large document production for litigation or regulatory inquiry.

Action for leaders

  • Unsustainable growth and proliferation of your data across the supply chain and across a sea of clouds challenges you to identify and protect the most important data and to distinguish your more important assets from your junk. Without knowledge of where to direct investment for protection and reuse, for example, to pivot your business model out of COVID-driven necessity using your data, you are ‘flying blind.’
  • You need to operationalise information governance and give laser-like focus to critical asset identification to radically simplify and reduce eDiscovery costs and help unlock and unveil your most important data assets for reuse (after de-risking), repurposing, monetisation and other such revenue and value generating activities.
  • Start thinking more strategically about data or succumb unwillingly to chaos, potentially exposing critical assets to unnecessary threats and leaving tremendous value untapped.

You can read the insights from the rest of our expert panel in our InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021 Report. The report was developed from a virtual forum discussing the impact of COVID-19  and IG implications for organisations on data, access to information, trust, transparency and accountability, cybersecurity, global privacy regulatory developments, eDiscovery, ethics and artificial intelligence.

You can also watch the recording of the 28 January 2021 webinar here.

Unlocking Data Value – Ronke Ekwensi

by

As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021.

We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues.

Our expert panel included InfoGovANZ International Council member Ronke Ekwensi, who is Vice President of Data Management at Prudential.  With more than 25 years’ experience in data and information governance, Ronke is skilled in data strategy, privacy and information governance. She excels at building data management organizations and managing complex projects and initiatives. Ronke has served in various senior data and information governance capacities with several industry-leading firms, including Aetna, Baxalta and Pfizer. Her professional experience includes positions in the healthcare, biopharmaceuticals, power, technology, consumer electronics and management consulting industries.

Ronke’s insights:

If there is anything that 2020 taught us, it is companies must have the agility to react to the unpredictable. The COVID-19 pandemic forced companies to address both the monetary and social value of data.

  • Value of data in driving digital transformation – the pandemic forced many companies to accelerate their digital transformation strategies. This mostly focused on how use technology to improve customer experience, create new products and significantly deepen understanding of their customers. This requires complete and accurate data that allows organisations to drive transformation initiatives.
  • Value of data in driving social good – the era of big data has shifted the traditional data collection paradigm, with more data in the hands of private corporations than government and research organisations.
  • Data collected by private and public companies,while valuable for advancing commercial interests, is also valuable for social good. As we move through the COVID-19 pandemic, there are numerous examples of this data malleability, for example, location data is useful for digital contact tracing to arrest the progress of disease spread. In the same way in which companies give away cash through corporate giving programs, they should consider giving away data for social good.
  • Importance of good data management and governance –there is a distinction between data management and data governance. Management involves how to make sure data is useful and fit for purpose within an organisation. It includes quality management, metadata capture to accelerate data consumption patterns and other processes, such as security and monitoring. Data governance is more focused on appropriate use and controls (i.e., people and processes). Organisations have to do both in an integrated fashion to ensure that data moves from bits and bytes to useful information that drives decision-making.

Suggestions for leaders

  • Shift your focus and don’t attempt to “boil the data ocean”. Instead, invest in the data that is critical to advancing digital transformation. These investments should focus on data completeness and include external data asset acquisition.
  • Consider: (1) assess the value of your data for driving social good and (2) invest in advancing regulatory frameworks that allow you to share data for initiatives that promote societal welfare in ways that balance protection and privacy concerns.
  • Your focus on data governance should be multitiered including defining working groups, councils and executive steering committees, that reduce bureaucracy and ensure appropriate escalation to enable timely decision-making. The focus should be on enabling results.

Given the expected ongoing complex and uncertain operating environment in 2021, robust information governance is needed to provide a system for the effective control and management of information assets to enable access to real-time and accurate information, as well as optimise data assets and value-generating activities while minimising risks.

You can read the insights from the rest of our expert panel in our InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021 Report. The report was developed from a virtual forum discussing the impact of COVID-19  and IG implications for organisations on data, access to information, trust, transparency and accountability, cybersecurity, global privacy regulatory developments, eDiscovery, ethics and artificial intelligence.

You can also watch the recording of the 28 January 2021 webinar here.

Exposure Draft of the Data Availability and Transparency Bill

by

 

The draft Data Availability and Transparency Bill aims to modernise and streamline the sharing of government data between agencies and with the private and research sectors. Under the legislation, data will be shared for three purposes: government services delivery, informing government policy and programs, and research and development.  The Consultation Paper contains a simplified summary of the legislative package.

Submissions made by a group of multidisciplinary practitioners and academics highlight privacy and governance concerns.  These include the override of Australia Privacy Principle (APP) 6 and the inherent conflict of National Data Commissioner whose mandate is to encourage data sharing with the enforcement of the regulation.  The submission recommends that governance and assurance be regulated the Australian Information and Privacy Commissioner.  You can read the submission here.

Automated Decision Making Transparency under GIPA Act

by

The increasing adoption of technology requires the preservation, assurance and assertion of information access rights. To achieve these outcomes, government licensing and contractual arrangements should ensure accessibility and ‘explainability’ in the provision of government services and decision making.

The issue of algorithmic transparency of a government agency’s contractor is currently before the NSW Civil and Administrative Tribunal. The Agency provided some information to the Applicant but decided that other information is not held by the Agency as it is held by the Contractor and remains its intellectual property. The GIPA Act provides a right to access information held in a record of an NSW Government agency and that right may also apply to information held by contractors providing services to the public.

The NSW IPC has published guidance for agencies under section 121 of the GIPA Act, including a template clause for agencies to include in contracts with third parties regarding the right of access to contractor records.  You can access the Guides in the IPC’s case summary on Automated Decision Making and access to information under the GIPA Act here.

Protecting Privacy by Minimizing Data

by

Posted with permission from Active Navigation, originally published on June 1.

Ten years ago, there was no such thing as too much data. Notions about data being the “new oil” prompted organizations to horde every byte they could, hoping that they might be able to harness it down the road. Combined with the notion that “storage is cheap,” this belief has led many companies to exponentially increased their risk rather than their opportunity.

New data privacy regulations in Europe and the United States impose a significant burden of care on organizations regarding their data collection processes. In fact, data minimization is a fundamental principle within the European Union’s General Data Protection Regulation (GDPR). Whether governed by the GDPR or state privacy regulations like the California Consumer Privacy Act (CCPA), businesses must now limit the personal data they collect and dispose of it once it is no longer needed for a legitimate business purpose.

New obligations require organizations not only to rein in data collection practices, but also to reduce the data already held. Furthering this imperative, over-retention of records or other information can lead to increased fines in the case of a data breach. As a result, organizations are moving away from the practice of collecting all the data they can toward a model of “if you can’t protect it, don’t collect it.” The focus now is on mitigating risk by adopting a strategy of data minimization.

ROTT(en) Data

Because regulations do not specify precisely what data should be erased, determining where to start with data minimization can be difficult. For most organizations, mapping their data estate is the most pragmatic way to begin.

Data governance experts frequently use the acronym ROT (redundant, obsolete, trivial) to describe data that provides no business value to an organization. Some experts expand that acronym to ROTT, adding “transitory” as another area of data vulnerability or duplication.

Using the ROTT acronym as a guide, the search for data that can be easily disposed of should be organized along the following lines:

Redundant: People tend to grossly underestimate how much of their data is redundant. Redundant information is duplicated in multiple places, either in a single system or across multiple systems. At any given time, up to 30% of an organization’s storage might be duplicate data. That is a huge amount of information that can be removed and will also make searching for information easier.

Obsolete: The value of information decreases precipitously over time, while its risk-to-value increases. Information can become obsolete if it is incomplete, outdated or incorrect. Using obsolete information can lead to poor decision-making, further posing risk to the business. An easy way to quickly assess obsolescence is by checking the creation or last accessed date.

Trivial: A surprisingly large amount of the information circulating around an organization’s systems does not have a legitimate business purpose. Documents detailing who is bringing what to the office potluck and back-and-forth conversations about meeting schedules do not provide value and should be deleted as soon as practical.

Transitory: Data in motion—information moving around a private or corporate network—should have a classification of its own for data minimization. Transitory data is not exactly duplicate data, but often includes data that is secured elsewhere. This type of data has sometimes fallen into the wrong hands, revealing sensitive information that was subsequently misused. It needs to be culled to minimize the risk it poses by remaining accessible and ungoverned.

Using Data Mapping to Improve Data Hygiene

Few organizations understand the totality of their data, and even fewer have a single, focused data protection or governance officer. Instead, there is a broad constituency in the C-suite overseeing data collection and usage for their separate domains. The CISO obsesses about leaks, hacks and phishing attacks. The CIO focuses on ensuring the business can monetize its data. The CTO looks at data through the lens of storage. And the legal team—some of the most vocal champions of data minimization—sees data as a legal and regulatory threat.

Even though only one is usually the designated custodian for information governance, each executive also has a different perspective on data hygiene. While each officer will naturally champion their own area’s needs, the one thing that will bring these widely differing interests together is understanding all the data the organization owns and the risks it poses. Data mapping is therefore key to minimization.

To start, it is essential to locate all data that an organization retains and expose the hidden areas of “dark data.” Gartner defines this as “assets organizations collect, process and store during regular business activities, but generally fail to use for other purposes,” such as analytics, business relationships and direct monetization. This is the only way to measure the depth of an organization’s exposure, assess the location and magnitude of the data, and identify what needs remediation and what is overdue for erasure. To do so, a company can use a range of technology to:

· Gain a cross-repository inventory of all content to identify the real data of value in your business

· Add pre-defined rules for handling a wide range of e-trash, stale, outdated and transitory (ROTT) content

· Adapt rules to make them actionable in your environment

· Test minimization policies across large volumes of files to understand their impact

First and foremost, shed light into all potential data repositories. For example, even if one department has decided to use a specific data storage solution like Dropbox, there is a good chance that different departments might be using others, like SharePoint or Box. All must be examined.

Once the data mapping is complete, organizations must digest and process the extent of their data chaos. Internally, this includes discussions on budget, responsibilities, authority, timing, people and processes. Organizations need to understand the various business drivers, stakeholders and risk areas in data privacy, such as audits, litigation, GDPR and CCPA regulations, and data migrations to the cloud. With this step complete, organizations can then decide what to fix and what type of tools or support they will need to remediate the issues.

Whatever the company needs to do, bear in mind that it cannot be done overnight. No one wants to get bogged down in a multi-year, multimillion-dollar initiative. After the initial sense of urgency, efforts can sometimes stall as a result of thinking too big. Instead, break down a project into modular, bite-sized chunks.

Throughout the journey, start to build in minimization concepts during the earliest phases of a data accumulation program. Acquire data progressively, and only when genuinely needed. The less information collected, the less to store and manage. This is the way to achieve good data hygiene, and a path to ongoing data minimization.