Today, few senior decision-makers within technology businesses go more than a day without being faced with the issues of privacy and security. The world has become so digitally interconnected that the role of the chief data officer (CDO) has shifted from being about meeting operational requirements to performing the difficult balancing act between ensuring compliance and helping deliver the organization's strategic goals.
In line with this, it is crucial that CDOs avoid simply vetoing projects or putting the brakes on them due to compliance concerns. Instead, when dealing with any data request, they need first to understand what are the goals or objectives of the person making the request and then try to facilitate the request in a way that drives the operational goal, but at the same time protects privacy and safeguards security.
It could be that a direct approach does not work, simply because the law prevents it, but there may still be another way to achieve the same result. For example, most global laws stipulate that certain types of information cannot be used without the express consent of the individual. Yet, there may be related types of information that can be used under the right circumstances.
In the healthcare space, it is not unusual to receive requests for records showing a patient’s date of birth for use in specific kinds of project. Typically, in such a case the CDO will ask the obvious question: “Why do you need this piece of information?” to which the answer will generally be: “Well, we need to know how old somebody is.”
In reality, the date someone was born does not tell you that. It tells you how to calculate how old they are. The data you are really looking for is, in fact, the person’s age. And this information is less critical and less sensitive than date of birth. This is a perfect example of how a CDO can help to find another way to get to the objective without exposing sensitive data and potentially breaching compliance requirements.
Another example of this is if someone from the business asks for the names and addresses of everyone in a given area with a view to understanding how many people in this area are buying a certain product. Again, by looking at the objective rather than just the request, the CDO can discover that the person doesn’t actually need any personally identifiable information. They don’t need to know who these individuals are, but simply how many of them bought the product.
Ultimately, the role of the CDO should never be simply to block progress but rather to help people within the business understand what they are looking to achieve and if there is another way of doing it that better meets compliance needs. Defining the objectives in terms of the goals rather than the inputs.
The negotiating and consultancy element of this is important because many people within the organization immediately focus on the data that they think they can access rather than looking first at their end goal and what they need to achieve it. An important part of this role is to help de-conflict ostensibly opposing needs for compliance and business benefit – and ultimately still get to the same result.
Of course, there will inevitably be certain objectives that simply can’t be fulfilled for compliance reasons. But for the most part, if organizations are acting ethically and within the law, there will be a way that they can achieve their business goals with respect to data.
At the end of the day, the CDO needs to understand what the organization is trying to do and give them the ability to do it in a way that is not only compliant but also builds trust. Not only for the organization and its customers and consumers, but also for their own role within the organization.
Ken Mortensen leads Global Trust and Privacy at InterSystems as Data Protection Officer.
7 november (online seminar op 1 middag)Praktische tutorial met Alec Sharp Alec Sharp illustreert de vele manieren waarop conceptmodellen (conceptuele datamodellen) procesverandering en business analyse ondersteunen. En hij behandelt wat elke data-pr...
11 t/m 13 november 2024Praktische driedaagse workshop met internationaal gerenommeerde trainer Lawrence Corr over het modelleren Datawarehouse / BI systemen op basis van dimensioneel modelleren. De workshop wordt ondersteund met vele oefeningen en pr...
18 t/m 20 november 2024Praktische workshop met internationaal gerenommeerde spreker Alec Sharp over het modelleren met Entity-Relationship vanuit business perspectief. De workshop wordt ondersteund met praktijkvoorbeelden en duidelijke, herbruikbare ...
26 en 27 november 2024 Organisaties hebben behoefte aan data science, selfservice BI, embedded BI, edge analytics en klantgedreven BI. Vaak is het dan ook tijd voor een nieuwe, toekomstbestendige data-architectuur. Dit tweedaagse seminar geeft antwoo...
De DAMA DMBoK2 beschrijft 11 disciplines van Data Management, waarbij Data Governance centraal staat. De Certified Data Management Professional (CDMP) certificatie biedt een traject voor het inleidende niveau (Associate) tot en met hogere niveaus van...
3 april 2025 (halve dag)Praktische workshop met Alec Sharp [Halve dag] Deze workshop door Alec Sharp introduceert conceptmodellering vanuit een non-technisch perspectief. Alec geeft tips en richtlijnen voor de analist, en verkent datamodellering op c...
10, 11 en 14 april 2025Praktische driedaagse workshop met internationaal gerenommeerde spreker Alec Sharp over herkennen, beschrijven en ontwerpen van business processen. De workshop wordt ondersteund met praktijkvoorbeelden en duidelijke, herbruikba...
15 april 2025 Praktische workshop Datavisualisatie - Dashboards en Data Storytelling. Hoe gaat u van data naar inzicht? En hoe gaat u om met grote hoeveelheden data, de noodzaak van storytelling en data science? Lex Pierik behandelt de stromingen in ...
Deel dit bericht