Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
New Year's Resolution for GCs in 2016: Establishing a Data Governance Committee
Data is an increasingly valuable corporate asset that must be managed competently, efficiently and responsibly in order for a company to be well-positioned to thrive in a connected and data driven economy. Governing of the organization's data must be a priority for 2016. Organizations that don't put proactive systems in place now may find themselves a distant memory from the dawn of the age of the Internet of Things (IoT) for a whole host of reasons. Data breaches, poor data security, cybercrime, regulatory scrutiny, plaintiffs' lawyers, wholesale brand collapse, and loss of consumer trust and confidence surrounding data protection can all be material failures for a company, and 2015 has, again, confirmed that no one is safe for these risks.
The only hedge against cyberrisk is sound data governance, which requires a strong focus from the company's management team, excellent communication and leadership within the organization, and cooperation among all participants. Establishing a Data Governance Committee (DGC) is the first step to proactively addressing these risks, and to carefully evaluate the impact and full scope of what a commitment to good data governance could mean to the company in the long term.
Establishing the Data Governance Committee's Objectives and Responsibilities
The DGC's primary duty is to ensure responsibility, accountability, defensibility and sustainability of data practices. The framework for effective data governance planning contemplates the personnel, technology, processes, policies and procedures necessary to ensure the preservation, availability, security, confidentiality and usability of the company's data.
Furthermore, a DGC encourages strategic thinking and the creation of opportunities surrounding the appropriate use of data within the company.
Key steps are establishing roles and objectives for the DGC. These should be clearly articulated in the form of a governance charter, and clearly explained to the DGC members.
The group should focus on establishing data standards for privacy and information security, records management, employee data, trade secret and intellectual property protection, e-discovery and litigation readiness, and vendor management. Such policies must include a comprehensive set of rules, policies and procedures governing the proper use, and disposal of the company's data.
The DGC will be the decision-making body when issues arise related to data use. The group will consider the appropriate level of risk allocation, assuring that insurance and contractual risk transfer in connection with data risks.
Finally, the DGC can be a powerful tool for setting the tone within the company, establishing the internal top-down support for helping to ensure that employees are properly educated and trained about their responsibilities related to data, and institutionally appropriate practices in the collection, use and disposal of data. The DGC should also develop appropriate channels through which employees can express concerns and identify potential risks.
Composition of the Committee
Choosing members of the DGC is crucial to ensuring the ultimate success of the committee. Members must comprise a cross-functional team, including representatives of executive management who can appreciate the role of data in the long-term objectives of the organization.
The DGC should include members of the company's leadership and representatives from the information technology, communications/marketing and legal departments, as each of these departments have control over areas of the company that are most likely to be affected by a data governance strategy.
Through participation in the DGC, representatives can closely coordinate to accomplish the established objectives and goals of the company in the context of data governance. Each of the team members has a crucial role in ensuring their respective department is properly represented in the data governance process.
Roles and Responsibilities Of the DGC
The roles and responsibilities of the DGC are to:
- Establish direct reporting to the most senior corporate governance tier of the company, as there should be oversight of data governance from the highest levels of the company.
- Evaluate and respond to internal proposals relating to the use of data and information in connection with data mining, behavioral targeting and data analysis.
- Monitor implementation and compliance of processes, and, when appropriate, propose revisions to policies and procedures adopted by the company.
- Provide oversight to senior management, the chief technology officer, and company employees in their efforts to reinforce good business practices and maintain legal compliance.
- Be frequently and timely informed of compliance activities, training activities, communications programs, compliance audit reports, and reports of alleged violations of the company's data governance policies.
- Conduct annual evaluations of the company's data governance practices.
- Consult with any advisors they deem necessary to ensure that the company conducts its business activities in compliance with the law.
Conclusion
Establishing a data governance committee can be a very effective tool for a companies that seek to establish accountability and control over their data. Creating effective institutional infrastructure in the form of a data governance committee in order to formalize the necessary communication, cooperation and ownership surrounding the challenges presented by data management, has the potential to bring long term rewards to the company. As the legal and regulatory environment continues to remain volatile regarding data security, data use and data transfers domestically and in Europe, companies should be focusing on how to best position themselves to stay ahead of the curve regarding the use of their data assets. Developing a strategy and operationalizing good data governance will provide companies the ability to maximize the value of their data assets and increase the long term value of the company.
'
SPECIAL OFFER: Twitter, LinkedIn, Facebook and Google+ followers can get an online subscription to e-Commerce Law & Strategy for only $299. Click here, select Digital Only and use promo code ECOMOL299 at checkout. This offer is valid for new subscribers only.
'
Data is an increasingly valuable corporate asset that must be managed competently, efficiently and responsibly in order for a company to be well-positioned to thrive in a connected and data driven economy. Governing of the organization's data must be a priority for 2016. Organizations that don't put proactive systems in place now may find themselves a distant memory from the dawn of the age of the Internet of Things (IoT) for a whole host of reasons. Data breaches, poor data security, cybercrime, regulatory scrutiny, plaintiffs' lawyers, wholesale brand collapse, and loss of consumer trust and confidence surrounding data protection can all be material failures for a company, and 2015 has, again, confirmed that no one is safe for these risks.
The only hedge against cyberrisk is sound data governance, which requires a strong focus from the company's management team, excellent communication and leadership within the organization, and cooperation among all participants. Establishing a Data Governance Committee (DGC) is the first step to proactively addressing these risks, and to carefully evaluate the impact and full scope of what a commitment to good data governance could mean to the company in the long term.
Establishing the Data Governance Committee's Objectives and Responsibilities
The DGC's primary duty is to ensure responsibility, accountability, defensibility and sustainability of data practices. The framework for effective data governance planning contemplates the personnel, technology, processes, policies and procedures necessary to ensure the preservation, availability, security, confidentiality and usability of the company's data.
Furthermore, a DGC encourages strategic thinking and the creation of opportunities surrounding the appropriate use of data within the company.
Key steps are establishing roles and objectives for the DGC. These should be clearly articulated in the form of a governance charter, and clearly explained to the DGC members.
The group should focus on establishing data standards for privacy and information security, records management, employee data, trade secret and intellectual property protection, e-discovery and litigation readiness, and vendor management. Such policies must include a comprehensive set of rules, policies and procedures governing the proper use, and disposal of the company's data.
The DGC will be the decision-making body when issues arise related to data use. The group will consider the appropriate level of risk allocation, assuring that insurance and contractual risk transfer in connection with data risks.
Finally, the DGC can be a powerful tool for setting the tone within the company, establishing the internal top-down support for helping to ensure that employees are properly educated and trained about their responsibilities related to data, and institutionally appropriate practices in the collection, use and disposal of data. The DGC should also develop appropriate channels through which employees can express concerns and identify potential risks.
Composition of the Committee
Choosing members of the DGC is crucial to ensuring the ultimate success of the committee. Members must comprise a cross-functional team, including representatives of executive management who can appreciate the role of data in the long-term objectives of the organization.
The DGC should include members of the company's leadership and representatives from the information technology, communications/marketing and legal departments, as each of these departments have control over areas of the company that are most likely to be affected by a data governance strategy.
Through participation in the DGC, representatives can closely coordinate to accomplish the established objectives and goals of the company in the context of data governance. Each of the team members has a crucial role in ensuring their respective department is properly represented in the data governance process.
Roles and Responsibilities Of the DGC
The roles and responsibilities of the DGC are to:
- Establish direct reporting to the most senior corporate governance tier of the company, as there should be oversight of data governance from the highest levels of the company.
- Evaluate and respond to internal proposals relating to the use of data and information in connection with data mining, behavioral targeting and data analysis.
- Monitor implementation and compliance of processes, and, when appropriate, propose revisions to policies and procedures adopted by the company.
- Provide oversight to senior management, the chief technology officer, and company employees in their efforts to reinforce good business practices and maintain legal compliance.
- Be frequently and timely informed of compliance activities, training activities, communications programs, compliance audit reports, and reports of alleged violations of the company's data governance policies.
- Conduct annual evaluations of the company's data governance practices.
- Consult with any advisors they deem necessary to ensure that the company conducts its business activities in compliance with the law.
Conclusion
Establishing a data governance committee can be a very effective tool for a companies that seek to establish accountability and control over their data. Creating effective institutional infrastructure in the form of a data governance committee in order to formalize the necessary communication, cooperation and ownership surrounding the challenges presented by data management, has the potential to bring long term rewards to the company. As the legal and regulatory environment continues to remain volatile regarding data security, data use and data transfers domestically and in Europe, companies should be focusing on how to best position themselves to stay ahead of the curve regarding the use of their data assets. Developing a strategy and operationalizing good data governance will provide companies the ability to maximize the value of their data assets and increase the long term value of the company.
'
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.