Data trust and governance: Strategic imperatives for company directors
Data trust and governance: Strategic imperatives for company directors
This article was originally published by the Australian Institute of Company Directors.
The AICD Brisbane Directors’ Lunch: Governance 2024 focused on key compliance obligations for boards and company directors. Presentations throughout the session covered regulatory shifts, tax compliance, and innovation in governance.
Effective data governance practice is a challenge for many organisations as they navigate this evolving landscape. Organisations are increasingly focusing on both the internal accuracy and reliability of data for reporting and decision making and as an external obligation to build trust with customers around the use of their personal information.
Data governance is a key enabler of these outcomes, and company directors play a pivotal role in championing these efforts.
Embracing the regulatory landscape
The Brisbane event highlighted the rapidly changing regulatory environment. Instead of viewing new regulations as obstacles, attendees emphasised the need for directors to adopt an inquisitive mindset to address operational risks for long-term resilience.
The regulatory landscape has been evolving at a breathtaking pace, driven by the outcomes of various Royal Commissions. Numerous pieces of economy wide and industry specific legislation now impose duties on directors making governance more dynamic than ever.
From a data trust perspective, it is relevant that the Privacy and Other Legislation Amendment Bill 2024 was introduced to Parliament on 12 September 2024. The introduction of the statutory tort for serious invasions of privacy is a significant development in Australia’s privacy law landscape and aims to enhance privacy protections and provide individuals with additional options for redress in cases of serious privacy invasions. This legislation will further reinforce the importance of directors actively overseeing data governance within an organisation.
Key components of effective data governance practice
- Effective identification, oversight and mitigation of data-related risk: Robust risk management frameworks and a strong data incident response plan will support organisations in navigating data-related risk areas. Key areas of focus for boards and company directors should include technology risk and assurance, data asset inventories and staying up to date with the regulatory landscape to ensure that their organisation is adopting best practice.
- Promoting a culture of ethics and compliance: Boards and company directors should champion the importance of all staff when it comes to data compliance and ethics. Consider training programs, regular communication and promoting awareness of privacy issues amongst employees to ensure everyone is aware of the role they have to play.
- Supporting a data ‘stocktake’ to understand what data is held: Recent changes to Australia’s Privacy Act may leave businesses open to harsher penalties unless they take proactive measures to identify and minimise data kept in their archives. Organisations should stocktake the personal data they hold to understand what they have, where it’s stored, and why it was collected, and to determine what risks are associated with holding the data.
- Overseeing the creation, management, and audit of data governance policies, systems, and controls: Directors should oversee data governance policies in line with organisational objectives and regulatory changes. Policies must be communicated to the broader organisation, and training must be provided to ensure understanding of and adherence to them.
- Promoting data breach readiness and response planning: A clear response plan and communication strategy are critical components of data breach readiness. Plans should be rehearsed to ensure that key personnel understand their roles, and communications with customers and employees should be transparent and regular.
- Advocating for ongoing improvements across the data governance framework: Boards and directors should set measurable data governance KPIs aligned to track progress. Investing in automation tools and technology can enhance data quality and monitor governance effectiveness, ensuring transparency and accountability when it comes to improving data governance practices.
Balancing compliance and innovation: A delicate juggle
Boards play a crucial role in driving innovation, but directors face a delicate balancing act as they often find themselves stretched between addressing compliance obligations and fostering strategic growth. This tension can stifle innovation if not managed properly.
Several innovative strategies were suggested at the Brisbane Directors Lunch to help boards navigate this landscape:
- Revamping meeting structures: To maximise the board’s strategic focus, some organisations are dedicating longer, face-to-face sessions to strategy and shorter, remote meetings to compliance reviews. Giving sufficient airtime data and privacy compliance will mean that these matters will be enabled to progress rather than stagnate as they continually drop off the agenda. Additionally, introducing unstructured time for brainstorming and feedback can foster more meaningful discussions.
- Encouraging iterative decision-making: Instead of waiting for large, capital-intensive projects, boards should be more actively involved in smaller, iterative investments to allow for quicker adjustments and mitigate risks associated with innovation.
- Leveraging technology and AI: As regulations become more complex, integrating technology and AI in boardrooms can help alleviate the process and administrative burden that compliance can bring. There is even potential to use humanoid robots in the future to analyse board discussions and provide actionable insights. While this might seem futuristic, early adopters have already seen improvements in meeting efficiency.
Future outlook
As directors face increasing demands to navigate the evolving landscape, staying up to date with regulatory changes and innovation strategies is crucial. Directors must move beyond the traditional compliance mindset. By embracing regulatory changes as opportunities and by fostering innovation, boards can not only fulfil their legal obligations but also position their organisations for sustainable growth.
The boardroom is more than just a place for ticking boxes, particularly when it comes to data governance. It is a space where strategic vision, regulatory foresight and innovative thinking converge to shape the future of organisations.
BDO’s digital and technology team provides services that support your business to maximise value and maintain data integrity. Contact us to discuss your digital transformation and data governance project.