Offense not defense: organizations must lead as data regulation evolves

Rather than being driven by the need to address legal and compliance issues, leaders should focus on the value of data regulation.

In brief

• Data privacy and compliance are no longer just legal obligations — they’re strategic opportunities.
• Dynamic data tagging and synthetic data are emerging tools for privacy-conscious innovation.
• Proactive investment in governance and talent can turn regulation into a competitive advantage.

Few, if any, leaders would dispute the importance of data to their organization’s success. In fact, a robust and effective data strategy has become central to everything from improving customer experiences and retaining top talent to unlocking the full potential of technologies like artificial intelligence (AI).

Yet, as the use of data has exploded, so too has the regulatory landscape surrounding it. Since the arrival of GDPR (General Data Protection Regulation) in Europe and the CCPA (California Consumer Privacy Act) in California, we’ve seen a raft of new legislation passed at state, sector and federal levels that makes the risks of noncompliance increasingly severe.

Likewise, nobody’s slowing down in the hacking game. If anything, cybercriminals are becoming more aware of the value of consumers’ personal information and, therefore, more relentless and sophisticated in their attempts to illegally obtain it.

Personal personalization?

Not that consumers are saying “no” to surveillance capitalism completely. If you travel a lot to New York and get an offer for great hotels in the city at low prices, that’s probably the kind of deal you want to see. But any lack of transparency or hint of overstepping in how their information is captured, shared or deployed will quickly evaporate trust and ultimately result in people opting out of it for good.

To complicate matters, personalization itself is personal. What one person is OK with from a targeted marketing perspective might be too intrusive or frequent for someone else, and vice versa.

Any data strategy must therefore be based on a carefully weighed decision about the value it could drive for the organization vs. the value it could lose by crossing over a consumer’s (or regulator’s) perceived line of usage.

The tools of success

So, how do leaders get the tightrope walk right?

The first step is understanding the data privacy rules and regulations that exist in their jurisdictions, be that geographic or by sector. With legislation constantly evolving, this requires consistent monitoring, usually by CISOs and CDOs, to ensure the organization’s practices don’t contravene the rules.

Awareness of what data is being held has also become table stakes. To retain their stakeholders’ trust, organizations must demonstrate in-depth knowledge of how, when and where that information is captured and managed, including a fine-grain understanding of lineage and provenance.

The sheer volume of that information is also increasing significantly. As AI enables the creation of more data from more sources, it’s important to consider how to manage those insights with the appropriate level of transparency and control.

Here, dynamic data tagging provides a potential solution. It lets firms mark and manage the purpose of data across various analytics platforms, making it easier to distinguish between appropriate and inappropriate use based on context while helping mitigate the risk of reidentification among multiple downstream uses.

Similarly, synthetic data, which mimics real data without using actual personal information, is becoming a valuable tool in any organization’s arsenal. By eliminating the risk of exposure, synthetic data helps address privacy and anonymization concerns while supporting the development and testing of new AI models.

Invest for tomorrow, today

Above all, organizations should adopt an offensive approach to data governance, not a defensive one. That means rather than being driven by the need to address legal and/or compliance issues, leaders should focus on value (i.e., how to use the right data to deliver the right outcomes at the right time).

Policymakers at the state and federal levels can play a supportive role here, too. Right now, privacy laws and data legislation often lag technological advancements, which, in turn, stifles innovation, particularly in highly regulated industries. More open conversation between regulators and business leaders would help better balance progress and governance while promoting a greater tolerance for risk in areas where harm is unlikely.

Adopting this offensive approach will take more firepower, both in terms of the capital resources organizations devote to data management and the types of roles and skills they recruit for and develop within their workforce. Getting on the front foot may seem like a significant investment now, but the rewards it delivers for marketing effectiveness, customer engagement, security and regulatory compliance in the future will be worth it.

This article was originally published on FastCompany.com.