Authors
Nushrah Amod
Business leaders are well aware that data is a strategic asset for virtually all organizations. Businesses collect and create data assets to stay competitive in the marketplace and use it to make informed decisions. In turn, organizations need frameworks to ensure that data is managed securely, ethically, and in compliance with legal and regulatory requirements in order to protect its value and prevent financial loss and reputational harm.
In a global survey of directors and officers, 82% of North American respondents cited cybersecurity as a top concern, and data loss followed closely behind with 80% of respondents identifying it as a very to extremely important risk1. With the increasing value and material risk associated with data, there is a growing imperative for corporate governance and risk management frameworks to incorporate data governance. While some organizations continue to frame data governance as a siloed compliance or records management responsibility, the importance of protecting data value (and the impact that mismanagement of data can have on many organizations from a growth, value and business continuity perspective) warrants a cross-functional approach with executive and board oversight.
So, why is data governance better viewed as an element of corporate governance?
An effective data governance framework will capitalize on data-related opportunities while mitigating the business and legal risks associated with how it is used and protected. As these risks and opportunities are closely related to growth, third-party risk and legal compliance strategies, corporate leaders at the management and board level would be wise to include data governance as part of the overall corporate governance framework.
A well-defined data governance framework will allow an organization to adhere to data protection regulations and rapidly adapt to new regulations. To this end, companies need to establish clear processes, policies and controls to track and monitor sensitive data, implement appropriate security measures and respond to regulatory inquiries and audits. For example, a traditional records management strategy based on the storage and deletion of paper files will require extensive adaptation to support a use case for using corporate data for AI initiatives in the face of evolving AI regulation in Canada and globally.
A data management strategy aligned with 1) the corporate governance framework for identifying revenue propositions, 2) legal restrictions, and 3) the organization’s internal values (accompanied by clear guidance on roles and responsibilities within the organization) is much better positioned to evolve as the legislative landscape continues to change.
Data governance supports innovation and development by guiding an organization’s engagement with technology and data assets. Corporate leaders can harmonize the protections afforded by sound corporate governance frameworks to capitalize on the analytics and insights available via emerging technologies while reducing the potential risks associated with data by guiding the ethical use of emerging technologies, such as AI and biometric-based authentication tools.
In the current environment, cybersecurity incidents and data breaches do not just raise legal compliance considerations—they can have significant impacts on business continuity, corporate transactions and growth targets. Accordingly, privacy and cybersecurity policies should not be assessed in isolation but should be incorporated into an organization’s holistic risk management strategy. These policies ought to provide guidance to boards and management on how to make difficult, time-sensitive decisions that support the best interests of the organization. For example, an organization’s vendor risk management framework should align with its business continuity, disaster response, privacy and cybersecurity incident response procedures, and the cross-functional roles should be defined consistently with the broader corporate governance strategy for effective decision-making.
Data governance supports the objectives of corporate governance by promoting accountability, transparency and value creation through effective management of data assets. It represents a proactive approach to managing data-related risks, ensuring regulatory compliance and harnessing the full potential of data assets to drive innovation and growth. It also ensures that the strategic use of data aligns with the broader goals of the organization. By integrating data governance into broader corporate governance frameworks, corporate leaders are empowered to make decisions about data to further growth and innovation in the best interests of the company.
Tags
Opérations et transactions
Marchés des capitaux
Fusions et acquisitions
Contrats technologiques
Services-conseils et réglementation
Gouvernance et services-conseils au conseil d’administration
Protection du consommateur
Stratégie et gouvernance des données
Protection des renseignements personnels
Technologies
Technologies financières (Fintech)