“Successful data strategy starts at the top,” it noted, and said that for a data strategy to be creating “tangible and consistent impact”, it must be implemented through clear programs “endorsed at the highest levels of the organisation.”

To lead data strategy effectively, the report provided five steps for legal counsel to take when implementing such processes.

The first, is to create a consensus on principles for good data governance, with emphasis on “an agreed set of data management principles.”

“Successful data strategy relies on agreed principles deployed consistently at all levels of the organisation, from CEOs making decisions on third party data sharing to sales assistants entering customer details into databases,” the report explained, and said there is a need for structural balance between the safeguarding against risk and the ability to exploit potential rewards.

Legal counsel must also “be transparent to protect against risk,” the report stated, considering a “focus on mere compliance” runs the risk of disinteresting or alienating customers.

It called for “simple, transparent communication with customers,” as being best practice, noting that consumer outrage regarding data use “is most often sparked by a mismatch between their understanding and the organisation’s actual practices.”

Counterweighting transparency, the report then outlined the importance of the value and benefits to consumers of the sharing of their data.

VIEW ALL

“Consumers need to know how their data will be used, but also what they’ll get in return,” it explained, citing a statistic that 41 per cent of Australian consumers “are comfortable allowing a trusted brand to transfer their information to third parties if there are clear benefits to doing so.”

As this requires “better collaboration across business functions,” this creates a “positive role” lawyers can play – to act as enablers across business functions and teams.

The report reminded legal counsel not to “set and forget” their organisation’s policies and practices, due to the recent transformations of the data landscape and a concern around the fact that “almost half of ASX 200 privacy policies have not been updated in the past two years.”

Since it is “virtually impossible” to predict what will happen with data in the next three or four years, “data strategy must be constantly updated in step with new use cases, capabilities and regulatory changes,” it said.

Rounding out the advice for a fit-for-purpose data strategy, the report noted that “there’s no point investing in data if it’s not secure.”

“Your data will be worthless if it is already accessible in the market,” it warned.

“More importantly, the erosion of trust with your customer base in the event of a breach could be fatal.”

Security, the report said, needs to be implemented “at every point where data is collected, used and commercialised.”

Citing the benefits of securing of data assets, the report entertained the idea that security can be “an enabler for data exchange, enrichment and analysis.”