The MIT CISR Data Board defines a data strategy as "a central, integrated concept that articulates how data will enable and inspire business strategy." Essentially a data strategy defines and details:
- What data the organization has or plans to gain access to
- Who within the organization has access to all or parts of the data
- Where the data is being stored and how to access it
- How the data is being used within the organization
- How the data is being protected within the organization
It's not a shock to anyone that most businesses today either already have a wealth of data on their customers, computers, industry, etc. or can gain access to all that data within minutes vis various sources. But all of this data can become overwhelming, if you don't know what it's being used for or how to store it, and a potential liability if it's not being protected properly.
That is where a data strategy comes in to play.
Why Develop a Data Strategy?
You may be thinking, "Yes, we have data but i'm not overwhelmed and it's protected. Why do I need this?"
Well...can you answer these questions about your data?
1. What is your vision for your data?
You should know how you want to use the data you have stored.
2. How do your employees use the data?
Chances are you've spent the time and resources to gather all this information and give your employees access to it, but do you know what they should or can be using it for? Better yet, do they know what they should or can be using it for?
3. is the data making you money, or does it have the potential too?
4. Depending on the type of data you have, if it's breached, what are the consequences?
Data breaches happen every day. With all of the personal and confidential information many companies have about their customers, knowing how to handle a breach is mandatory.
If you can answer these questions and have a detailed strategy for your data, that's great and you're ahead of most of your peers, but if you can't, it's time to get to work.
Data Strategy Goals
A well developed data strategy will not only ensure you have the answers to the above questions, but should also:
- help you plan how you're going to use the data to fulfill the company vision
- define how the company can maximize the data it has
- determine what data is necessary, what is needed, and establish procedures for disposing of unnecessary data
- justify business decisions made using the data
Overall a data strategy will help align all areas of the business on how to utilize the data to further your product or service offerings or developing new sources or streams of revenue. It will also ensure everyone understands the importance of data security and give them guidance on what they can do to keep it secure.
Developing a Strategy
Build your Team
The first step of any project like this is to gather your team and assign roles. For something of this scale you want to make sure you have individuals from all throughout the company, with varying points of view, who understand what data is being collected, where it's being stored, how it could be used, how to best protect it, what if any security measures are already in place, and any organizational limitations or requirements that exist for that data. The roles these team members will be assigned indicate who is responsible for the following (and more):
- Ensuring compliance standards are met
- Deploying new or updating existing technologies used in conjunction with the data
- Keeping employees informed about new or changing policies
Identify your Data
Before you can do anything you need to identify your data, meaning you should be able to pinpoint:
- What kind of data you're collecting, including who you're collecting it on
- Where and how it's being collected
- Who has access to it
- What legal requirements are associated with it
- What it is being used for
Basically every piece of information about your data should be included in this section.
Set Data Goals
When we say set goals, we are referring to goals on:
- How you're using the data, or how you would like to use the data to further the overall organization goals
- How to collect more data - if necessary
- How the data is to be accessed and shared within the organization
- How the data is to be stored and protected
These goals can be short term, to help monitor progress, and long term, to really plan out your data related activities. But in general these goals should give you a clear direction for how your data is to be used and protected.
In this section it's important that you clearly define and lay out the processes for the utilization, sharing, and accessing of data. Make sure everyone is taking identical approaches to this to ensure the security of the data and the vision set forth in your data goals. This will also ensure everyone is operating with the same information and outlook when using the data to justify large organizational decision.
Determine Data Storage and Security Measures
In our opinion, this is one of the most important parts of your strategy. A data breach can cost a lot of money and has been the downfall of many businesses. Don't let that happen to you. Make sure your network is secure, everything is being updated and backed up, and you're following good general security practices throughout the organization. In regards to your data specifically:
- Make sure you're not collecting data you don't need
- Make sure you're following legal and ethical data storage guidelines
- Obtain any necessary permissions from the data subjects to use and store their information
- Only give access to those who need it
Our tip: Ask yourself, what measures would you want a company to take to protect your personal data? If you're not doing all, or a majority of those things within your business, it's time to reevaluate some things.
Data is no doubt a good thing for businesses. It gives us a wealth of information on our customers, products, and industries and can help determine our next moves and overall goals, but it doesn't come without responsibilities. Make sure your employees know how to safely and ethically collect, access, utilize, share and secure all the data they're given access to by laying out the policies and procedures in a data strategy specifically developed for your business and your data.
If you would like an extra set of eyes to ensure you're taking every security measure necessary, give us a call! We data data security seriously and so should you!