Our movement through the digital space doesn’t go unnoticed. On the contrary, our digital footprints are all over the internet, and companies use them to offer their products or services. But if they want to operate legally, businesses must comply with data privacy regulations.
That’s why the most reputable companies and those aspiring to become such pay a lot of attention to data governance.
In this episode of Identity Revolution, Infutor’s host Eric Gastevich welcomes Christine Frohlich, the Head of Data Governance at Verisk Marketing Solutions. The two discuss data governance and its three core elements – processes, technology, people – existing and upcoming data protection regulations, and resources that can help companies use data to build trust and credibility and drive business growth.
- Name: Christine Frohlich
- What she does: Christine is the Head of Data Governance at Verisk Marketing Solutions.
- Company: Verisk Marketing Solutions
- Noteworthy: Christine worked for several companies with massive volumes of consumer data and successfully led various departments, including product alliances, partnerships, data sourcing, and, most recently, data governance.
- Where to find Christine: LinkedIn
- We need policies, but we also need people to understand why it is critical to follow them. Data is a powerful tool that companies use to grow their business. But it is a dangerous tool if not utilized properly. Therefore, it is essential to take a holistic approach and cover every aspect of data governance, including processes, people, and technology. “Written policies and procedures are essential. But if no one is following them, they’re not effective. When I look at the history of data governance and what we’ve done in our industry from a compliance perspective, it’s about making sure we’re adding in that layer of policing. Everyone knows what those rules are and that they’re following those rules of the road.”
- We are all consumers, so we are all interested in data protection. The question is no longer how to use data in business. It’s also, should we utilize every piece? “I always want the teams I’m working with to consider, ‘How would you feel about this particular use case if this was your grandparents’ information? How would you feel if this is your grandparents’ information that’s being handled in this particular manner?’ I also wanna make sure our teams are thinking about the value exchange. So is the consumer getting value out of this use case? So when we’re talking about creating that strong relationship and helping brands do that, having the appropriate value exchange between the consumer and the use of their data is incredibly important.”
- Privacy regulations can be complex, and looking for external support is okay. That’s why Christine offers a solution. “I cannot emphasize the importance of good legal counsel to help you understand these laws and ensure that your business is ready to go. I also think it’s important for everyone to tap into the support from our trade association groups. For example, in the marketing services industry, we have the Interactive Advertising Bureau and the Association of National Advertisers. And these two trade associations provide excellent resources to data buyers and owners helping them get through this process, understand what’s happening from a legislative perspective and provide perspective on those first steps everyone can take.”
What Is Data Governance?
“Data governance is not a one size fits all approach. So every company is going to have a slightly different variation on what they believe data governance is and how they organize their company around it.
But if we get to the heart of what data governance is, it’s about making sure there is a dedicated framework in your business to have the right people, the right processes, and the right technology in place to make sure the data that you’re working with and have in your business is discoverable […] and that the data ultimately is being used properly.
And when I say properly, that’s in consideration of some state privacy regulations. We’ve seen some of the existing federal regulations, but also the contractual requirements between the data buyers and the data sources.
Companies Must Modify Their Privacy Programs to Comply With State-Specific Data Regulations
“Most marketers in our industry have heard about CPRA, which is California’s extension of CCPA. But there’s also been a handful of other state privacy bills that have passed and will have effective dates in 2023. So the state of Colorado, Connecticut, and even Utah.
One of our challenges as an industry that we’re facing is that each of these five state comprehensive privacy bills is unique. We are starting to see a few consistencies emerge. A blueprint is emerging, but the specific requirements under each of those are different.
And so, again, that creates some of the challenges we’re facing in the industry today. So, for example, the original CCPA did not have a consumer right ‘to correct.’ If we look at CPRA, Colorado, Connecticut, and Virginia, those bills do have a right ‘to correct.’ And so I think what that means is we’re gonna need to modify our privacy programs, and we’re gonna need to make sure we set up new operations to meet this whole new set of requirements.”
The Top Concerns Around Data Governance
‘The first one we’ve talked about already is trying to manage all of the evolving state privacy laws. […] That’s important for marketers to avoid fines and litigation at the end of the day. […]
The second one is engaging the C-suite. Businesses are starting to understand the value, and that’s been driven by state privacy legislation. But one of the concerns I see in the space and with businesses across a whole host of industries is they’re not putting enough resources into data governance. They’re expecting their existing staff to try to do this on the side, and that’s not gonna work. […] You’ve gotta engage the C-suite.
The third one is to leverage technologies. Technology is great, but it’s gotta be integrated the right way, and from a data governance perspective, I believe it’s essential. It needs to be implemented the right way, and you’ve gotta pick the right tools.”
A Piece of Advice for Companies That Might Be Behind on 2023 Adherence
“There are lots of law firms that specialize in privacy and have a multitude of step-by-step guides on how to get through the preparation process. […] I would tell everybody to think about the timeline that they have left and start to plot out how they want to attack the four essential phases of readiness.
So the first phase is a baseline gap assessment. […] What you want to do is look at those bills, the consumer rights, and the business obligations and start to map how your business is either adhering to those or, if you’re not, what the gap is. […]
The second phase is about design. So once you know what those gaps are, you’re gonna have to make some decisions on how you wanna close those gaps. And you’re gonna have to make sure you’re aligning the right resources to that as well. […]
And then, in that third phase, you can develop. […] So this is where you’re gonna start to make those modifications to your consumer request procedures to adapt to the new consumer rights. This is where you’re gonna make those changes to the consumer disclosure report formats to make sure you’re providing consumers transparency. […]
The fourth phase is around the launch. That should be the time where you’re thinking about improvement as well because whatever you build out needs to be able to scale for the future.”
[04:26] “My philosophy is that good data governance requires a holistic approach. So some companies are very focused on the more technical side, and others are more focused on the business side. From my perspective, good data governance covers both of them. And also, it’s building in the glue between those two things. Make sure that a business understands how it’s building controls and monitoring all of those processes. So not just writing down a policy, having your technical team program something, but making sure that you’re consistently going back and ensuring that those controls are effective and upheld.”
[13:15] “When I think about data governance, yes, we’re trying to make sure we understand all of the regulatory requirements, and we’re upholding all of those. But we’re also taking it a step further to think about how we would feel as consumers because we all are consumers. How would we feel about our data being used in that way? So it makes it a step beyond just what the legal requirement is and making sure that we’re proactively thinking about privacy by design and how we operate as a business.”
[20:33] “I’m a big proponent of developing a functional team dedicated to data governance. I’m seeing a lot of companies asking their existing compliance team, product management team, data management team, or security team to do data governance on the side after they’re done with their day job. That’s not going to scale, and it’s not going to provide the support needed for the future. So I think it’s essential that companies dedicate teams just focused on data governance.”