Data Governance & Privacy
April 1, 2024
Privacy is more potent than meets the eye, and this realisation is increasingly stark to observers of the evolving global privacy landscape.
In the Australian jurisdiction, the release of responses to the Attorney General’s Privacy Act Review Report has illuminated the impact of privacy across multiple spheres. From economic and cyber security regulation to human rights protection, the long arm of privacy extends to almost every facet of life for consumers. Many cross-sectoral respondents identified the regulation of privacy as synonymous with the regulation of the digital economy. Other respondents suggested that the many ‘data crises’ of recent years would be best solved by widening the ambit of discrimination and human rights laws.
For organisations, navigating the complexity of the privacy landscape, and disentangling its obligations from other commercial considerations, remains a work in progress. Firstly, data debt resulting from inflexible martech tools has led to diminishing data capital. In this context, any change in the macro environment can compound data debt, leading to an existential threat in an evolving digital economy. Moreover, Privacy Act Review Report Proposal 20.2 recommends the introduction of an unqualified right to opt out of personal information being utilised or disclosed for direct marketing purposes. For publishers and advertisers, in particular, the effect of this proposed reform will require the diversification of revenue streams and operational excellence to increase the net profit margin and offset prospective financial losses. Similarly, companies that are heavily reliant upon data monetisation will need to act now in recalibrating commercial models to remain viable as the next evolution of privacy regulation comes into force.
Resolving the privacy-profitability paradox through organisational transformation
Whilst the responses derived from the public consultation process are varied, a common thread in industry responses relates to the implications for operating models. In the nearly four decades since the inception of the Privacy Act 1988 (Cth), the digital economy has undergone seismic shifts. As the digital economy relies on data for its currency, the lack of corresponding change in privacy laws has led to diminishing returns for digital ecosystem participants. To truly establish a world-leading digital economy, change must involve both government and industry working in concert to improve the productivity of digital markets for consumer benefit. It is not merely the law that must change, but also how organisations operate in the digital economy of the future. Change is coming, and the time is now to embrace all that it entails.
Operating in the age of dynamic data
The path to profitability in the next digital era requires a technology transformation that engenders organisational agility. Organisations must consider how to capitalise upon the benefits of digital experience, whilst minimising risks for consumers. Whilst legislative reform is inevitable, organisations can take the following prudent measures to fortify enterprise resilience:
The organisation of the future is not the organisation of the present. Whereas organisations have generally relied upon decentralised data governance models, the organisation of the future will establish a data centre of excellence to accelerate sustainable competitive advantage.
The core mandate of the data centre of excellence is the implementation and oversight of data governance. Importantly, data governance requires calibration in line with organisation type and data maturity. In turn, a data centre of excellence will minimise costs and maximise productivity through streamlining data lifecycle management.
For complex organisations with a multibrand portfolio, a data centre of excellence is the key to compliantly unlocking multibrand enterprise value creation at scale. By centralising oversight and accountability of data governance, organisations will limit liability through greater visibility and control over data collection, use and disclosure. Moreover, intra- and inter-organisational data sharing can be more readily activated in line with legislative requirements and the entity’s privacy policy. A data centre of excellence will optimise cost-efficiencies, fortify data security and build data capital.
Additionally, the passage of the Privacy Legislation Amendment in late 2022 amended the Privacy Act 1988 (Cth) to create one of the most stringent penalty regimes in the developed world. Consequently, organisations that run afoul of their privacy obligations will contend with an existential threat that is compounded by the impacts of macroeconomic volatility. By establishing a data centre of excellence, organisations can not only mitigate legal, financial and reputational risks, but enable compliance with the Notifiable Data Breaches (NDB) scheme.
The rise of large language models (LLMs) and generative AI is fundamentally rewiring organisations. No organisation can outsource a path to data-driven operational excellence. A reskilling revolution will be essential to building a future-ready workforce that can adeptly utilise data-driven technologies to engender privacy-first value realisation. Specifically, organisations that establish a data centre of excellence will be best served by installing a CDOPs team to create a data taxonomy, and democratise the delivery of enriched and consenting audiences for real-time activation. The CDOPs team is comprised of commercially-driven specialists, with in-depth knowledge in relation to customer data, customer touchpoints, data destinations, privacy compliance, audience segmentation and targeting approaches.
The CDOPs team’s mission will be to deliver an enterprise-wide ‘white-glove’ service that will accelerate the delivery of data-driven initiatives. By fielding enterprise-wide requests, from audience building and optimisation to providing intelligent insights, the CDOPs team will foster a continuous innovation approach that improves data-driven growth. For example, the CDOPs team can provide expert guidance on how to create a data taxonomy, how to integrate the data infrastructure and execution platform, how to maintain data security and compliance, and how to design a solution and delivery model to efficiently activate use cases. Crucially, the CDOPs team will hold responsibility for growing an organisation’s data capital through a privacy-first lens.
Key roles and responsibilities of the CDOPs team include:
Validating value: The data centre of excellence builds enterprise resilience
The Privacy Act Review Report’s proposals signify a monumental shift in the Australian Government’s approach to privacy regulation. Privacy is now the conduit via which to shape the contours of the future digital economy, and the prospective legislative reforms will compel companies to change or cease. For example, the proposed introduction of new or expanded privacy rights will require operating frameworks to be revised to fulfil obligations to consumers within legislatively mandated time frames. For enterprises with a complex business model and multibrand portfolio, the ability to fulfil privacy rights is hampered by additional obstacles; such as, entrenched data silos and disparate data policies. By establishing a data centre of excellence, a multibrand enterprise will benefit from a data taxonomy and centralised data governance to efficiently fulfil privacy rights throughout a customer lifecycle.
Technology is merely one part of the equation – organisations must also align people and processes to enable a rights-based approach to data collection, use and disclosure. For example, the proposed introduction of a right to erasure will require organisations to delete personal data upon request by the individual to whom the data belongs. A further proposal requiring organisations to notify third parties to whom data has been disclosed of an erasure request adds complexity to the issue of compliance. The capacity to comply with the exercise of a right to erasure requires data consolidation and centralised data governance to isolate data associated with an individual for deletion upon request. Establishing a data centre of excellence will enhance future readiness by enabling the ability to fulfil privacy rights and uphold consumer trust.
The commercial implications of prospective reforms to Australia’s Privacy Act 1988 (Cth) will create a pivotal moment in the maturation of the digital economy. Organisations that rise to the transformation challenge now will leap ahead of the competition once the reforms come into effect by building the commercial model of the future.
Tealium partners with the world’s leading organisations in designing a data centre of excellence to enhance future readiness. Learn more about how a data centre of excellence can fortify enterprise resilience by accessing Tealium’s Org of the Future white paper.
