Managing data risks for value creation

Why is this trend important today?

This article is one of nine trends outlined in Deloitte's Future of risk in the digital era report. 

It’s no secret that the digital economy is fueled by data. To remain competitive, organizations are collecting, storing, analyzing, using, monetizing, and sharing data more than ever before. On one hand, this results in better and more personalized products and services, more efficient business processes, and new revenue streams. On the other hand, it raises concerns on data usage, transparency, control, accuracy (refer to our Combating weaponized misinformation trend), ethics, security, reliability, and privacy.

Regulators agree, leading to new regulations across the world, such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act (AB 375). To gain the trust of customers, business partners, regulators, and other stakeholders, organizations are re-evaluating traditional approaches to manage emerging data risks.

Back to top

Where has this trend had an impact?

• Auto manufacturers are monetizing driver data, such as location and driving behavior, from onboard sensors to create personalized services for drivers, potentially display targeted in-car advertisements, and share the data with auto insurers, which raises consumer privacy concerns.
  
• A top-selling, low-cost smartphone sold across top e-commerce platforms has been suspected of sharing customer data with servers in Asia through pre-installed software, raising questions around the extent of accountability these platforms should share.
  
• A partnership between a health care body and a technology company came under scrutiny when it was found that the foundation shared patient data with the latter without the consent of patients, resulting in legal, regulatory, and reputational consequences for both parties.
  

Back to top

What does this mean for organizations?

• Increased public scrutiny around data usage as users now expect transparency and control over their data, including the right to access it, limit its use, and delete it.
  
• Tough strategic decisions, such as potentially backing away from data monetization opportunities that affect the trust of customers and other stakeholders.
  
• Obligatory requirements driven by regulations to build a risk-aware corporate culture, infrastructure, and policies to respect privacy and protect customer data.
  
• Increased reputational and legal risk as a result of sharing data, including third-party data breaches and use of questionable data purchased from brokers.
  
• Increased focus on standardization to manage the high costs of handling data due to inefficiencies, such as duplication of systems, multiple data standards, inability to monetize data, and different protection strategies for different types of data.

Back to top

How can organizations respond?

• Acknowledge and treat data as a valuable asset and identify associated risks and opportunities.
  
• Determine accountability and ownership of data assets so data is collected, stored, and used for the appropriate reasons.
  
• Use technology that speeds up data collection and classification and allows for ongoing maintenance of data definitions.
  
• Conduct data risk assessments to align proposed data usage with organizational values, stakeholder expectations, and regulatory restrictions.
  
• Safeguard critical data by applying AI-enabled controls and advanced surveillance methods to identify and mitigate data risks.
  
• Manage brand and credibility in the market through focused efforts to preserve the value of critical data.
  
• Invest to achieve compliance with data regulations by building data risk-focused business strategies, policies, and processes.
  

Back to top