Oversight of Data - An Emerging Challenge for Boards
Over the last five years, board members have heard a lot about cyber security. As cyber has become part of board routines, discussions have pivoted more broadly to the opportunities and risks associated with emerging technologies, including cloud, IoT, blockchain, VR/AR and AI. While the relevance of these technologies vary by industry and company, and are often quite specific to products or use cases, one item that is relevant for virtually all boards is data.
Many directors are already aware, sometimes from painful experience, of the privacy responsibilities and risks associated with customer/personal data. Given the capabilities and requirements of emerging technologies, however, data –described by some as “the new oil”—is quickly becoming a front-burner issue for boards.
The emergence of AI (or, more broadly, cognitive technologies), for example, is being driven by the much cheaper storage and processing power that is available to corporations, complemented by advances in prediction tools and techniques. Absent large volumes of relevant, clean and properly structured data, however, cognitive technologies will not work or, worse, will work badly. For boards and management teams, then, the question is not only what technologies to deploy, for what purpose, but also: do we have the data needed to make these investments pay off?
There is actually nothing new about the importance of data when it comes to the use of technology in organizations. Many seasoned board members have experience with enterprise technology implementations where the biggest challenge was data (the applications worked fine out of the box, but the data was another issue). What is new is the strategic opportunity—and strategic risk—that the diverse set of new technologies creates for companies. The precise approach to leveraging these technologies is quickly becoming central to strategy dialogues, which in turn means that data strategy—and oversight of critical data as a core asset--is also becoming a board level issue.
My sense is that, in general, boards are just beginning to engage with the question of how they oversee data, beyond the cyber security and privacy considerations that have garnered so much attention in recent years. Issues to be addressed include:
Should oversight be handled through existing or new committees or, by the full board;
How to ensure that the board—through its own expertise or by using outside advisors—has the capability to ask the right questions;
How to ensure that data strategy is sound, focusing resources, tools and technologies on data that matters; and
How to best assess and evaluate progress against data strategies and initiatives.
As with most new issues, the answers will be developed over time, tailored by boards to their specific circumstances. With the on-rush of opportunity and risk created by emerging technologies where data is central to successful use, the time for boards to begin developing these answers is now.
Sage Partner Dave Rosenblum contributed this Sage Advice