News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 AI Governance Dashboard – New AI Governance Dashboard – New

Stay on top of the latest AI governance news and developments of the profession.

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Career Central
Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 IAPP Calendar

Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Overview Online Training Live Online Training In-Person Training Books Practice Exams Train Your Staff Official Training Partners Web Conferences
Artificial Intelligence Governance Professional Artificial Intelligence Governance Professional

Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks.

 European Data Protection (CIPP/E)

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

 U.S. Private-Sector Privacy (CIPP/US)

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

 Canadian Privacy (CIPP/C)

Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.

 Privacy Program Management (CIPM)

Develop the skills to design, build and operate a comprehensive data protection program.

Privacy in Technology (CIPT)

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

 Foundations of Privacy and Data Protection

Introductory training that builds organizations of professionals with working privacy knowledge.

 Privacy Law Specialist Training (PLS)

Meet the stringent requirements to earn this American Bar Association-certified designation.
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 AIGP Certification AIGP Certification

Ensures individuals responsible for AI systems can reduce the risks associated with this technology.

 Certificação CDPO/BR Certificação CDPO/BR

Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.

 Certification CDPO/FR Certification CDPO/FR

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Tools and Trackers Research Glossary Global Privacy Directory Enforcement Database Westin Research Center Web Conferences Jobs Privacy Vendor Marketplace
Global Privacy Directory

This tool identifies global data protection authorities and privacy legislation.
US State Privacy Legislation Tracker

The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
Reports and Surveys

Access all reports and surveys published by the IAPP.
Privacy Governance Report

This report shines a light on the location, performance and significance of privacy governance within organizations.
Privacy Risk Study

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
Artificial Intelligence

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
CCPA and CPRA

IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
EU General Data Protection Regulation

The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
Data Protection Intensive: UK Data Protection Intensive: UK

Explore the full range of U.K. data protection issues, from global policy to daily operational details.

Global Privacy Summit Global Privacy Summit

Expand your network and expertise at the world’s top privacy event featuring A-list keynotes and high-profile experts.

AI Governance Global AI Governance Global

A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more.

 Canada Privacy Symposium Canada Privacy Symposium

Leaders from across the Canadian privacy field deliver insights, discuss trends, offer predictions and share best practices.

Asia Privacy Forum Asia Privacy Forum

Hear top experts discuss global privacy issues and regulations affecting business across Asia.

 Privacy. Security. Risk. (P.S.R.) Privacy. Security. Risk. (P.S.R.)

P.S.R. focuses on the intersection of privacy and technology. The call for proposals to speak at the 2024 event is open. Submit your ideas today.

 Europe Data Protection Congress Europe Data Protection Congress

Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation.

 ANZ Summit ANZ Summit

Gain exclusive insights about how privacy affects business in Australia and Aotearoa New Zealand.

 Speak at an IAPP Event

View our open calls and submission instructions.

 Sponsor an Event

Increase visibility for your organization — check out sponsorship opportunities today.

Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | Enterprise data management: the privacy professional's role in this emerging trend Related reading: Navigating Thailand's Digital Platform Services Law

rss_feed

""

By Maria Villar

Enterprise data management is about breaking down the silos that can constrain the success of an organization’s overall data governance efforts. Maria Villar explains the role of the privacy professional in the emerging trend toward EDM.

The enterprise data management program

The effective management of sensitive customer and employee data is at the heart of an effective privacy program. Programs that identify, store, process, and safeguard this data, in compliance with company and government privacy requirements, becomes the responsibility of the chief privacy officer, working in partnership with the company’s business and IT functions. Typically, the data management programs to comply with the company’s privacy policies are separate and unique from the company’s other data management programs that manage the data requirements for Sarbanes-Oxley compliance, risk management, customer relationship management, and human resource management. However, a new data management trend is emerging. Leading companies are consolidating these silo data management programs into one Enterprise Data Management (EDM) program and appointing a chief data officer.

Consolidating silo data management programs has many benefits but comes with implementation challenges. Benefits include increased efficiency and cost savings by using common technologies, processes, and organizational structures. Just as important is the coordination of activities on the same data. Customer and employee data are important to the company’s marketing, sales, financial, customer service, and supply chain processes. Coordinating how sensitive data is created, stored, and safeguarded for the good of all the data users ensures that one division’s requirements don’t override the needs of another. Additionally, a company-wide EDM program focuses senior executive attention to business data. Business data is handled as a “company asset,” similar to other assets like products, people, and capital.

With significant benefits, come implementation challenges. An EDM program requires cross-division and cross-process coordination. As in any other cross-company program, an effective leader must be chosen—one who can bring various, conflicting requirements together—and governance must be established to prioritize the data activities across the company. The appropriate funding and metrics must be established to ensure the company’s return on investment. While all groups participate, at times the needs of the enterprise may override the needs of the few. Strong senior executive support is essential. The chief privacy officer, as well as other key business leaders—the chief finance officer, the chief risk officer and chief information officer—will all need to actively participate to ensure their data requirements are addressed.

Leading companies in industries such as technology, finance, and B2B are implementing EDM programs. For privacy professionals, the new emerging data management program should be incorporated into the privacy program and leveraged in the following ways:

   1. Use the corporate EDM resources in the privacy program.
   2. Participate in the data governance program.
   3. Partner with the EDM leaders (chief data officer) to champion business data as a company asset. Lead by example in the privacy organization.

 Use the corporate EDM resources in a privacy program

An enterprise data management program offers corporate resources that can be used to implement an effective privacy program:

Enterprise Metadata Repository: the enterprise metadata repository is a corporate database that contains important business and technical information about the company’s data. The repository is maintained by the IT organization but owned by the EDM leader. For the privacy program, the enterprise metadata repository would be used to log all the databases where sensitive data is stored. The privacy organization can also request other important information, such as the business and technical owner and users of the database, to be logged in the repository in support of the privacy requirements.

Critical Data Element Identification: An EDM program typically starts by identifying the most critical business data to manage. The information is gathered by surveying key stakeholders from across the company. The stakeholders identify the data elements that most materially affect the results of the company’s financial, regulatory, and business processes and reporting. Sensitive data fits within the regulatory criteria and therefore is added to the critical data element list. The critical data element identification step also identifies the various business processes that depend on the same data. This is valuable information for the privacy program. The EDM program ensures information about the critical data element is kept in the enterprise metadata repository, and controls for adding, updating, and deleting the critical data list are in place.

Business Data Stewards: Business data stewards are new roles in the enterprise data management program. Stewards are business leaders within the business functions who are responsible for driving the implementation of the enterprise data management program. They “steward” the data created in their business process to ensure that it meets all company needs. The business data stewards for customer and employee data, which typically resides in the sales and human resource functions, should be leveraged in the privacy program. The business data stewards partner with privacy professionals to ensure the privacy requirements are implemented in their data.

Data Profiling Tools: New tools exist that allow databases to be searched and better understood. In the privacy program, often times the location of all the stored NPI data across the company is not known. Data profiling tools can be used to investigate databases for sensitive data. Technical skills are required to run the tools, therefore the IT organization will also need to be involved.

Processes/ Training for Creating, Updating, and Deleting Data: An Enterprise Data Management program will review the existing processes for creating, updating, and deleting (CRUD) the critical data. These processes will be enhanced to ensure data requirements and quality controls are in place. Training will be enhanced to ensure employees understand the new procedures. The privacy programs should leverage the new CRUD processes and training to incorporate privacy policy controls.

Privacy professional’s role in the enterprise data governance program

A governance program is necessary to coordinate and manage the various cross-division and cross-process data requirements. The data governance forum(s) is chaired by the EDM lead, the chief data officer, or another appointed executive in the company. The chief marketing officer or chief finance officer may play this role because these leaders understand the need for high-quality, well-managed data. Executive representatives from across the business, operations, technology, compliance, and finance functions participate. The chief privacy officer, or his or her representative, ensures the privacy requirements are communicated, understood, and prioritized. Specifically, the privacy organization will participate in the following governance activities:

Critical data identification process: The privacy organization identifies the sensitive data elements in the critical data element identification process and the appropriate business and technical information to be collected and stored.

Identifying legal requirements: The privacy professional communicates all privacy state, federal, and country privacy legal requirements to be implemented in the data controls and training.

Data initiative prioritization: The chief privacy officer participates in the executive decision-making process to prioritize and fund corporate data initiatives and ensure the initiatives comply with privacy program requirements and implementation timelines.

Data performance metrics: The chief privacy officer participates in setting the performance metrics on key data initiatives and participates in the periodic reviews of performance metrics.

Data archiving, standards, and controls: The privacy organization reviews and approves the corporate processes for data archiving and data controls to ensure compliance with the privacy requirements. The privacy organization would also incorporate privacy requirements for collecting, updating, and deleting sensitive information in new data standards developed as part of the EDM program.

 The chief privacy officer and the chief data officer

Both the chief privacy officer and the chief data officer (CDO) share a common goal: safeguarding and stewarding the company’s critical data. While the CDO’s data scope includes all the critical company data, the chief privacy officer’s role is growing to include more data.

In companies where an enterprise data management program is not yet in place, the privacy organization may be the first to implement data management capabilities such as data standards, data tools, and data processes for managing sensitive data. These capabilities then can be re-used to manage other company data once an EDM program is implemented. In fact, the chief privacy officer can sell the need for an enterprise data management program to other C executives in the company because of his or her unique perspective into the growing need to manage an ever-increasing set of data.

The chief privacy officer’s involvement provides much-needed executive sponsorship for the overall data program, and he or she can influence business peers to participate actively in the program. The privacy organization can also lead by example in implementing the EDM standards within their team. The privacy organization can also re-enforce the enterprise data management program and standards in the privacy specific training and controls.

The emerging enterprise data management trend provides the privacy professional and the chief privacy officer an opportunity to champion data as a “business asset” and simultaneously increase the effectiveness of their privacy programs. As the role continues to evolve, the chief privacy officer may even be in the best position to be the chief data officer.

 
Maria Villar is a recognized expert in enterprise data management and data governance with more than 25 years professional experience. She has held senior executive positions in the technology and financial sectors, where she was responsible for data quality, governance, architecture, and database technology solutions. She is the co-author of the book: Managing Your Business Data: From Chaos to Confidence. She can be reached at mariacvillar@yahoo.com.

Comments

If you want to comment on this post, you need to login.

Related Stories
Navigating Thailand's Digital Platform Services Law
In today's digital age, digital platforms have gained immense popularity and are expected to continue their growth across various industries. End users appreciate the convenience these platforms offer for searching, purchasing and comparing products, and accessing user reviews, as well as the flexib...
Read More queue Save This
Related Stories
Recent Comments