November
10
From our experience, there are two outcome areas that Chief Data Officers (CDO) are typically appointed into solving.
The first one is using data for offensive plays, that is using compete more effectively. CDO’s who attack this angle typical comes from analytics backgrounds. This is also the area where there’s a large amount of overlap with the organisation’s other CDO…the Chief Digital Officer.
The other angle is the defensive or compliance-driven CDO agenda. From the earliest days, CDO’s here have been appointed to solve issues in regulatory or business performance reporting issues by aligning processes and systems that result in the flow of data from the organisation’s front office to back office.
This aspect of the CDO responsibility originated from the discipline of Information Management (IM) which arose in the late 1980’s. The information or data management agenda is predominantly concerned with providing policies, process and systems guidance to ensure data is managed and controlled so that it can be used effectively in organisational decision making.
(We discuss the 2 different maturities of analytical vs data management competencies in our article – Data-Driven, But First We Must Tackle The Enterprise Data Quality Challenge)
Some people like to think that data becomes information which then becomes knowledge. @Cognitivo we tend to use the term data and information more interchangeably after all information is also data and lets not confuse the ‘data person’ with the ‘database person’.
According to Dataversity, Data Management is a comprehensive collection of practices, concepts, procedures, processes, and a wide range of accompanying systems that allow for an organization to gain control of its data resources. Data Management as an overall practice is involved with the entire lifecycle of a given data asset from its original creation point to its final retirement, how it progresses and changes throughout its lifetime through the internal (and external) data streams of an enterprise. Some say data management is a subset of information management, but who cares.
@Cognitivo, we’ve done a lot of work in data management over the past few years, particularly in local government, but also within the financial services and the start-up (Fintech) community.
Walking into any organisation, the one thing we’ve found that all companies have in common is that, various aspects of the data management competency are claimed by different people with very little connectivity between them. In other words, fragmented ownership of a poorly defined area of responsibility.
These are robust industry-standard disciplines
So things are fragmented and what do we recommend?
We (@Cognitivo) have developed a unified approach to data management that incorporates all the above topics into a single Risk Management Framework aligned to ISO 31000 the Risk Management standard. (We see Data Risk being a sub-set of operational Risk).
To illustrate the importance of aligning the above topics, consider GDPR’s the right to be forgotten, it is a privacy as well a retention and disposal obligation. In most organisations we’ve seen, records management capabilities (e,g. retention/disposal schedules) are only applied within unstructured data systems (i.e. document management systems) and not structured or transactional databases (e.g. CRM’s, ERP’s, core systems). Most organisations today do not dispose of data and it would be almost impossible to erase a single person’s records on request within the vast pool of back-up tapes.
We employ a single contextual classification method which can catalogue data to meet all privacy, records management, data use/quality and information security obligations. This method is a fine-grain data classification method that defined:
Cognitivo’s approach to data classification leverages existing organisational assets.
To illustrate:
This is how it all fits together.
In the early days of information management, consultants have been running around telling clients (and I have been one of them) to catalogue critical or key data elements (CDE’s / KDE’s) and assign owners. In our view, this is completely inadequate. To demonstrate for a local government organisation, a person’s name may be private, unless they put forward a public complaint, their names are no longer private. Obligations and therefore privacy and access controls need to be contextual and fine-grain. We are starting to see this in the emergence of attribute-based-authentication-controls (ABAC).
If you think about the emerging technology paradigm of serverless / function-as-a-service, micro-services, API driven architectures, a fine-grain data management approach would a pre-requisite. CIO’s and CISO’s need to stop simply managing applications as containers. As an organisation, in order to compete on intelligence we need to drill down to the content held within these applications.
Get in touch with our team if you want to find out more about Cognitivo’s unified data management approach