Data councils: Why do I need one, how do I build one?

Throughout history, bringing more people to the table has been a best practice for making better decisions. King Arthur had his knights of the round table. Superman had the Justice League of America. Even Darth Vader had the Empire behind him.

Data is no different. In an era when most business decisions are (and should be) driven by data, having a data council makes a world of sense. In fact, with the increased focus on data policies and data privacy, not having a data council is bad counsel indeed.

What does a data council look like?

So, what exactly does a data council look like? It should comprise representatives from every business unit that has some responsibility for protecting, collecting, creating, sharing, or accessing data. A shortlist of members might include marketing, IT/security, Legal, HR, accounting, customer service, sales, and partner relations. The goal of a data council is twofold:

1. To set the strategy and policies for how data is handled throughout the organization
2. React quickly to new data developments such as a potential data breach, shifting market sentiments, new technology (e.g., AI-based customer service), or new compliance requirements.

A data council will help decide how, when, why, and where data is used in your business:

• What kinds of data should we collect?
• How do we ask for and secure permission to collect personal data?
• Who should have access to specific data and how do they request that access?
• What data practices will we allow and not allow?
• Do we treat new data differently than old data?

Data security officer

It’s important to note that a data council doesn’t displace the role of a data security officer. Issues such as data compliance, data security, etc. are still the responsibility of the chief security officer. Instead, a data council is designed to help make business decisions that either impact or are impacted by data. For example, the decision to roll out a new mobile customer service app might require registration and the collection of personal information. The data council could discuss how to best collect that information, whether existing information could be used for known customers, and how long data should be stored.

Engage a data council early

Engaging a data council early in business processes can have a profound impact on the success of new service rollouts, marketing initiatives, and online experiences. Most of us have experienced the frustration of investing time in a new application or campaign only to have it shot down at the eleventh hour by a legal department decision. This kind of unilateral decision making undermines innovation. By engaging with the legal department earlier in the process as part of a data council, stakeholders can present their business case and hopefully find a balance between protecting the company’s interests and pursuing new opportunities.

Perhaps the most compelling reason to create a data council is your customers. Studies show that customers are increasingly concerned about how their data is stored, shared, and secured. When customers see that a brand takes their data privacy seriously, they’re more willing to share data with them and more open to engaging with them. In that sense, you can think of a data council as your own personal “trust us” league.