Data is the currency that drives practically every business today. It has become a truism—but no less true—that the enormous amount of data generated by social media and financial transactions implies that the most pressing and compelling topic of our day is how organizations should gather, store, and use data. This issue lies at the heart of the chief data officer’s (CDO) quick rise to prominence. Professionals in this field are increasingly accountable for determining how consumers’ information can be used to benefit a corporation (i.e., monetized) while yet protecting the consumer at all times.
The responsibility to utilize data properly and in the best interests of the customer increases ethical and behavior risks associated with data utilization. To that end, in a recent commencement address to Duke University students, Apple CEO Tim Cook addressed Apple’s dilemma: “We reject the excuse that getting the most out of technology means giving up your right to privacy.” So we took a different approach: capture as little of your data as possible. Being considerate and courteous while it is under our care. We know it belongs to you. In every way, at every turn, we ask ourselves what we should do rather than what we can accomplish.”
Furthermore, from a data security standpoint, enterprises of all sizes and industries are facing dramatically elevated threats to data guardianship, as well as a torrent of continually evolving legal requirements and expanding enforcement methods. According to the 2018 KPMG Global CEO Outlook survey, more than a third of CEOs believe that it’s a matter of when, not if, their data will be compromised, following the Facebook-Cambridge Analytica scandal and a slew of highly publicized data breaches over the last five years, including Marriott (500 million users), Equifax (145 million users), and Under Armour (150 million users).
Incidents that threaten the confidentiality and integrity of data, combined with the introduction of the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), have only heightened the profile and crucial importance of a chief privacy officer (CPO) for the day-to-day running of virtually any international organization.
No longer seen as bit players, modern-day CPOs are now tasked with not only setting data privacy strategy but also protecting customers’ interests and advancing their organization’s strategic agenda—all while navigating the shifting landscape of regulatory compliance. The CPO must work closely with the data protection officer (DPO), a new role created by the introduction of GDPR in May 2018. DPOs are tasked with overseeing both the data protection strategy required to ensure GDPR compliance and the technology infrastructure associated with data.
As companies try to manage today’s data overload, both CDOs and CPOs are seeing their roles evolve—and often overlap. How will the CDO and CPO roles potentially coexist and differ in the future?
Given the obvious similarities between CDOs and CPOs, it is clear that some organizations will wish to effectively combine the two roles to create a hybrid role.
One company that is succeeding with this approach is KPMG. James Howard, former KPMG partner, was responsible for establishing and operating the firm’s US information management office, which encompassed the combined responsibilities of both a CDO and a CPO. As one of the Big 4 accounting firms, KPMG was among the first international organizations to recognize the importance of striking a balance between data leverage and regulatory compliance. It is a tight line to walk between tapping into an organization’s greatest asset, namely data, and complying with the myriad obligations designed to preserve the confidentiality of client information.
Observing the radical pace of innovation in data analytics and cognitive computing, clients are increasingly looking to their advisors to apply an ever-broadening range of client and market information as part of their services. But most of those data don’t belong to the firm and are subject to a wide range of compliance obligations, including GDPR and CCPA. Compromising either side was not an option, so Howard’s solution was to build a first-of-its-kind information management capability, designed from the outset to maximize the use of data while preserving hard-earned client and market trust.
Howard’s role can be contrasted with JoAnn Stonier’s role at Mastercard, which in many respects evolved from the CPO role. Indeed, Stonier was originally the CPO, and she expanded the role to include information governance, which was a precursor to her current CDO role. As the information governance program began to be better defined, Mastercard understood that greater focus was needed on data risk, data quality, and obtaining additional data sources and therefore elevated her role to that of CDO.
Separate from the CPO role at Mastercard, Stonier’s CDO role is responsible for the operational aspects of GDPR compliance as well as for data quality, governance, management, sharing, and disclosure relating to all types of data, along with balancing data risk with business opportunities.
Read Also: Data Monetization in Finance: Trends and Opportunities
While some organizations will decide to keep the two roles distinct, because of the commercial emphasis of the CDO role, they may choose to elevate its importance, with the CPO role potentially becoming a subset or splinter of the CDO role.
Inextricably linked to how companies will define the roles of CDO and CPO in the future is the amount of investment they choose to make in related technologies and tools to improve the overall quality of their data. This includes obtaining a deeper understanding of where it comes from, how it is used, and where it goes. This richer data will be highly valuable, primarily because of how it will be used to present an accurate, comprehensive picture of a company’s financial health.
As a consequence, the future impact and enhanced profile of the new-age CDO and CPO (or some combination thereof) could be dramatic. Just how dramatic will depend on the extent to which these essential professionals are able to improve data quality and therefore enable companies to make smarter strategic decisions leading to significant performance-enhancing results.
Balancing Profit and Privacy
The idea of selling personal data has acquired tremendous support in the digital age. Individuals generate large amounts of data through internet activity, mobile app usage, and other digital interactions, therefore the idea of monetizing this personal data has evolved. This trend is being driven by a rising understanding of the intrinsic value of data in the information economy. From location data to browsing habits, personal information is increasingly being considered as a commodity that individuals can control and potentially profit from.
In the realm of personal data monetization, navigating the challenges related to privacy and consent is crucial. These challenges are central to maintaining the trust and confidence of individuals whose data is being collected and used. Here’s a closer look at these pivotal challenges:
- Informed Consent: One of the primary challenges is ensuring that individuals are fully aware of what data is being collected, how it is used, and whom it may be shared with. Informed consent means that data subjects are informed about the scope and implications of data collection before they agree to it.
- Data Minimization: This principle involves collecting only the data that is strictly necessary for the intended purpose. Avoiding unnecessary data hoarding is key to respecting individual privacy and reducing potential risks associated with data breaches.
- Control and Choice: Offering individuals control over their data is a fundamental aspect of addressing privacy concerns. This includes providing options to opt out of data collection or modify their consent at any time.
- Data Anonymization: Implementing techniques to anonymize data is a key strategy to protect individual identities. Anonymization involves removing or altering personal identifiers so that data cannot be linked back to an individual.
- Data Security: Ensuring robust security measures to protect data from unauthorized access and breaches is non-negotiable. Strong data security practices are essential to safeguard personal information from cyber threats and data leaks.
Addressing these challenges is vital for companies engaged in data monetization. It’s not just about legal compliance; it’s also about building and maintaining trust with individuals whose data is being used. In a world where data privacy concerns are increasingly prominent, companies that effectively manage these challenges can differentiate themselves and gain a competitive edge.
Balancing Profit and Ethics
On one hand, there’s the undeniable potential for financial gain from selling personal information. On the other hand, there’s the moral responsibility to protect individual privacy. Companies engaging in this practice must navigate this balance carefully, ensuring that their pursuit of profit does not override ethical considerations. This balance involves respecting data privacy, adhering to fair data practices, and maintaining transparency in data transactions.
Impact on Individual Privacy
As more personal information becomes commoditized, the risk to privacy escalates. Individuals may find themselves vulnerable to data misuse, identity theft, and privacy invasions. Understanding and mitigating these risks is crucial for those involved in personal data transactions, be it individuals selling their own data or companies facilitating such trades.
The Process of Selling Personal Data
Selling your location data and behavioral information is becoming a more popular method of monetizing personal data. Companies are becoming more interested in understanding consumer trends, making location and behavioral data more useful. This data contains information about the places visited, shopping habits, and online activities. To sell this data, individuals often use platforms or apps that enable the transaction, ensuring that their data is anonymized and securely handled to safeguard their privacy.
Legal Framework for Data Sales
Understanding the legal framework is crucial when you sell data online. Laws such as the General Data Protection Regulation (GDPR) in the EU and various state laws in the USA set strict guidelines on personal data handling and sales. These laws typically require explicit consent for data collection and use, ensuring individuals are aware of and agree to their data being sold. Adherence to these legal frameworks is essential to avoid penalties and maintain ethical standards in data transactions.
Securely Monetizing Your Digital Footprint
To securely monetize your digital footprint, individuals must take proactive steps. This involves choosing reputable platforms that prioritize data security and privacy. Individuals should thoroughly understand the terms and conditions of data sale, specifically what data is being collected, how it is being used, and who it is being shared with. Using services that offer control over data sharing and provide options to withdraw consent at any time is also advisable for maintaining control over personal information.
When it comes to selling data to third parties, a variety of mechanisms and channels are employed, each with its own set of processes and considerations:
- Data Aggregation Platforms: These platforms collect data from individuals, aggregate it, and then sell it to interested third parties. They typically anonymize the data to protect individual identities.
- Direct Sales: Individuals can directly sell their data to companies interested in specific types of information. This requires a more proactive approach but offers more control over who receives the data.
- Data Marketplaces: Online marketplaces where individuals list their data for sale are becoming increasingly popular. These platforms act as intermediaries, facilitating secure transactions between data sellers and buyers.
- Broker Services: Data brokers act as intermediaries who manage the sale of data between individuals and companies. They often handle larger volumes of data and have established networks of buyers.
- App-based Data Sales: Some apps allow users to monetize their data by opting into data-sharing programs within the app. These apps collect data and sell it to third parties, sharing a portion of the revenue with users.
These channels offer various ways for individuals to monetize their data, each with different levels of involvement and control over the data sale process. Choosing the right channel depends on the type of data being sold, the desired level of privacy, and the individual’s comfort with different data transaction methods.
Conclusion
Depending on current market trends and business needs, certain data formats are in higher demand. Keeping up with these trends might help you choose the most profitable data to sell. Consider selling your data across various platforms or services to maximize your earnings possibilities.
The monetization of personal data is a rapidly changing topic that presents both benefits and concerns. The key to its success is to strike a balance between pursuing financial benefits and adhering to ethical data practices. To strike this balance, we must be vigilant, responsible, and forward-thinking in order to respect individuals’ integrity and privacy while capitalizing on the value of our data.
As we look ahead, technical developments, legislative changes, and altering public attitudes about data privacy and ownership will surely affect the field’s future development.