Today, companies that don't have a formal process for valuing their data assets are in the minority. 72 percent of more than 3,500 respondents in PwC's Digital Trust Insights survey said their organization already has one. Of the survey respondents who have a formal process for assigning value to their data, 37 percent involve the data privacy team consistently in the process. They are the data trust pacesetters.
Data trust pacesetters stand out
The one thing in common the Digital Trust Insights survey found with data trust pacesetters is: They are skillful at valuing and using data to improve their bottom line. Among pacesetters, 61 percent have developed plans for using data to make their operations run smarter and faster, compared with just 46 percent of all companies. As a result, they are three times more likely to see ROI (24 percent) than the rest (7 percent).
Another way they stand out is how they deal with challenges. As data has multiplied, so have regulations to protect privacy and data. Data trust pacesetters see regulations as an opportunity rather than a roadblock. They can create trust within an organization and ensure that data is centralized, which encourages collaboration. More than three-fourths of the pacesetters surveyed said regulations help make their business operations run smoother and faster.
Why the data privacy team should be involved in data valuation
The value of customer data—profiles, transactions, preferences and behaviors—is wholly determined by the organization that owns and uses the data, and will change depending on the context, or what they want and are able to do with it.
Assigning value to data is an important discipline to master and having a data privacy team can help put a value on an organization's data. Possession and use of data create responsibilities, which in turn affect its ultimate value to the organization.
Many regulations now specify the way data needs to be handled (which adds compliance costs), the limits on the use of data (which reduces commercialization potential), and the consequences of losing data or allowing it to be breached (which increases risks and associated costs).
Five traits of data trust pacesetters
Our analysis shows pacesetters stand out in five distinct areas.
1. Consistently involve the data privacy team when valuing data. New data-driven solutions bring new vulnerabilities. By incorporating risk management into their data development efforts, pacesetters can identify potential problems and help protect against them before catastrophe strikes.
2. Routinely value data. Pacesetters not only effectively assign value to data, they also establish processes to ensure that value is applied consistently across data sets.
3. Adopt leading practices in the ethical use of data. They adopt a value-based approach to data, which also means keeping only the data they need and eliminating the rest. Pacesetters have defined responsibilities across the organization to ensure data's ethical use.
4. Embrace leading practices in data engineering. Pacesetters create design tools that incorporate security and privacy into their systems, products and services. They create comprehensive data maps for risk assessments and controls testing, and they are continually monitoring the changing value of their data and reassessing the appropriate level of protection needed. Pacesetters also actively govern third-party vendors to ensure they adhere to the required standards for data handling, security and privacy.
5. Form a collaborative team with the authority to act. Data pacesetters build cross-functional data governance teams to understand the data and develop processes for using it ethically. Data trust pacesetters bring the value creators (from the business side) and value protectors (from the risk, IT, and cybersecurity sides) together to develop data policies and practices that meet the needs of customers, employees, and regulators, as well as the business.
Vilaiporn Taweelappontong, Lead Consulting Partner for PwC Thailand, comments:
"Nowadays, Thai organizations have collected customers' personal data in a number of ways, specifically for marketing purposes. However, it's concerning that so many of them are still unaware of the need for data privacy measures to protect their customer's details. This is even though the Thai Personal Data Protection Act will come into full effect next May.
"We believe that it isn't too late for organizations to start planning and implement proper methods for collecting personal data that complies with the law. This is to avoid penalties that will hurt the company's reputation and image. Additionally, it will also build trust with the customer, ensuring that their personal data is secure without breaches that lead to any risks or cause damage to clients."