Strong Data Stewardship Key to Protecting Customer Information

Whether it's Facebook's recent leak of users' phone numbers or Heartland Payment Systems' exposure of 134 million credit cards in 2008, the risk of data breaches is becoming an increasingly realistic fear. A strong data stewardship program, balancing the benefits of big data with the concerns of customer security, can help alleviate concerns, according to Forrester Research financial analyst Fatemeh Khatibloo.

"Good data stewardship helps protect organizations from misuse/abuse of customer data by ensuring that there are checks and balances in place that define what appropriate use is and by ensuring that the whole organization is on board with how that data should be governed," Khatibloo says.

In her report, "Building Data Stewardship Is a New Customer Intelligence Imperative," she explains that most existing data stewardship programs are "highly decentralized" and, therefore, in need of restructuring.

"The implementation of good data stewardship will prevent breaches and security risks, reduce data redundancy, strengthen compliance and enforcement of existing policies, and improve the firms' transparency, the report states. In it, Khatibloo recommends implementing a data stewardship program that will create a liaison position for communications between the various groups (IT, customer intelligence, and legal teams) involved in data collection.

According to the report, there are two approaches companies can take to implement good data stewardship.

A cross-functional task force approach is best for firms in nonregulated industries that collect limited "sensitive" data. This is "a good choice for firms that have a chief privacy or chief data officer in place, where the greater need is for a liaison between this individual and business users," the report states.

A centralized dedicated approach is more suitable for firms dealing with data, including individuals' health and financial information, as well as those dealing with global customers. "Firms that have experience in implementing shared services models will find it easier to create a dedicated data steward position because that individual will need to have both enforcement authority and the ability to charge back groups within the organization for services in support of data governance," according to the report.

Both approaches require the implementation of several steps to be successful, Khatibloo explains. Organizations must:

Create a universal glossary within the organization for all data practices;
Identify appropriate customer intelligence practitioners to cultivate good data stewardship;
Adequately train data practitioners in privacy, compliance, and master data management; and
Treat good data stewardship as a priority by promoting it as an opportunity rather than an additional cost.

Follow-up is key to implementing any successful data stewardship program. "One major concern is nonenforcement. If a data stewardship practice has been put into place, the organization must ensure that the person/people who are accountable actually have authority to enforce those policies," Khatibloo says.