The Convergence of Data Governance and Privacy: Takeaways from the Global Privacy Summit
ABSTRACT: At IAPP Summit, privacy and data governance leaders expressed the importance of a collaborative operating model.
I had the pleasure of speaking at the International Association of Privacy Professional (IAPP) Global Privacy Summit in Washington D.C. on April 3rd to 5th, 2023. In the Privacy Engineering Forum, I presented “Data Governance and Architecture for Privacy.” I argued that most companies fail to realize a return on their technology investments in data modernization due to a lack of optimal data governance.
Three factors explain why optimizing data governance is imperative to maximize technology ROI.
First, the consumerization of AI fuels the demand for more data, with better quality, and real-time freshness. In the past, AI was a novel capability to gain competitive advantage. Today, everyone feels forced to adopt AI; otherwise, they might fall behind their competitors.
Second, companies are designing more job roles to be data-driven, and democratizing data consumption–i.e., making itwidely available, easy to access, and easy to use.
Third, governments and industry consortiums recognize the power of data and AI to create exponential value for society. They issue rules and standards to foster responsible AI and secure data sharing practices. The open data movement advocates free flow of data as a national strategy to provide economic opportunities to every citizen.
I discussed the typical struggles of companies in highly regulated industries, in which data governance processes tend to be bureaucratic, siloed, and slow. Many in the audience concurred and shared their common frustrations. We reviewed best practices by companies that successfully optimize their governance operating model. Their business analysts, product owners, data stewards, and privacy engineers collaborate in an agile fashion thanks to their leadership commitment to invest in three key areas: 1) continuous improvement of data literacy across the organization, 2) empowerment of cross-functional teams, and 3) integration of cross-domain capabilities to allow cohesive operations in the data pipeline.
It was encouraging to hear congruent perspectives from other speakers at the summit.
In a panel moderated by Leila Golchehrer (Relyance AI), governance and privacy leaders discussed how to embed privacy within operational processes, products, and services. Adrienne Alen (Coinbase) shared tips on involving privacy from the ideation phase. Courtney Worthy (Zoom) explored good communication strategies in ever-changing regulatory requirements and increasingly competitive commercial demands. Gregory Silberman (formerly at Zoom), meanwhile, unpacked how to engineer privacy as a material part of an organization’s business. Key Takeaway: Data Governance and Privacy Engineering functions need to converge and operate collaboratively.
Kabir Barday (OneTrust) facilitated a discussion among data leaders about how to assign data responsibility throughout their organization. Privacy and data governance must become a cross-disciplinary approach. The role of privacy professionals must evolve to incorporate business and engineering skills. Lara Liss (Walgreens Boot Alliance) emphasized the importance of leaders operating with low ego to achieve high impact. She asserted that the goal of privacy is not merely to comply with the law, but to enable innovation with integrity and fulfill the brand promise. Key Takeaway: Organizational change, talent management, and leadership development are key to empower collaborative cross-functional teams across governance, security, and privacy.
How can data governance and privacy leaders advocate a holistic data strategy and gain buy-in from their C-suite and the board? What factors should they consider to implement such a holistic approach? Chief Privacy Officers Keith Enright (Google), Christina Montgomery (IBM), and Courtney Stout (The Coca Cola Company) presented key insights (their own views, not their company’s) about these questions. Corporate leaders must overcome silos at the structural, operational, and leadership level to advance a holistic approach – a single, coherent, organizational strategy. Given the societal impact of modern data uses, forward-thinking companies also need to address data issues within the ESG context. Key Takeaway: Data governance and privacy leaders are well positioned to become trusted advisors to the Board and Senior Management in overseeing and leading the data agenda as a business strategy.
On the technology front, Steven Prestidge (Anonos), Rik Tamm-Daniels (Informatica), and Awah Teh (Capital One) presented a unified architecture approach to enforce technical policy. By integrating Informatica’s data management and governance features with Anonos’ privacy enhancing technology, a modern data platform can ensure consistent policy and metadata-driven security from the source systems to the downstream information assets.
I echoed their product and architectural vision during my talk by highlighting other technology solutions that integrate cross-domain features. For example, DryvIQ is an unstructured data management tool that uses machine learning-based data discovery to classify and apply policy automatically. TripleBlind and Inpher apply fuzzy matching with private computation. Privacera, Okera, and Immuta meanwhile, apply fine-grained security, using attribute-based access control and metadata discovery.
Some of the privacy tools have also transformed their main value proposition. Gartner predicted that synthetic data usage will exceed real data for AI development by 2030. Synthesized.io, Subsalt, and yData considers synthetic data not only as a privacy-preserving technique or test data management solution. Rather, they are aiming to address AI scalability in a cost-effective and reliable way, and to help reduce AI bias by generating more balanced training data.
Data leaders may feel hesitant to embark on such organizational transformations in the face of low employee morale or economic uncertainties. The consistent call to action from thought leaders hopefully provides encouragement to overcome those valid concerns. Furthermore, the increased cross-pollination of governance and privacy technologies are indicators of increased expectation and customer demand for tools that promote collaboration. These present an opportunity for data management, governance, and privacy engineering teams to transform and optimize as a cohesive and agile unit.