The digital age has transformed data into assets, requiring a new way to protect your organisation’s balance sheet.
The role of chief financial officer has expanded enormously in the past decade. Traditionally, CFOs are the custodians of an organisation, which simply means that the buck stops with them on everything in the assets and liabilities sections of their balance sheet.
In the digital age, this custodial role should now encompass all the data in an organisation. Data is no longer seen as an operational by-product. It is very much a “tangible” asset that can be monetised and valued. This means it falls into the same bucket as property, machinery, and brands.
Accordingly, data must be protected just as much as traditional financial and fixed assets and managed with the same degree of diligence. What should happen is, as we know, vastly different to what does happen. The many media reports on this issue, and the daily experiences of employees reflect this discrepancy. In short, that data is not treated consistently inside and outside organisations.
What do I mean by this?
As a CFO, you may be very aware of your responsibilities towards your organisation’s data. Accordingly, you abide by a strict governance framework to keep the data you work with secure at all times – both inside the organisation, and when sharing it with others outside the organisation. But data isn’t neatly ring-fenced in one area and looked after by a single person. Data is ubiquitous, and many people in an organisation use it in different ways and at different times. It could be as simple as capturing a healthcare patient’s personal medical history on your organisation’s system or listing the number of passengers when filing a flight record. It might be even as basic as your annual taxi expense claims or as complicated as the information needed to put a satellite into orbit.
Given this, consider whether it is even humanly possible to know if every employee in your organisation abides by the same rules and frameworks with exactly the same consistency demanded by your organisation’s data governance framework. For example, if you are the CFO of a large bank or a huge medical group with tens of thousands of employees, the answer is no. Even if your organisation has only ten employees, the answer is probably still negative.
It’s not a stretch, then, to suggest that as a CFO, you are failing in your fiduciary duty to protect your organisation’s assets.
If this is something that hasn’t occurred to you before this point, you should take notice. Responsibility for how data is collected, stored, accessed, used and destroyed falls under the auspices of the chief financial officer as much as the chief data officer, because it is an asset and has value. If anything goes wrong with that data – it’s used inappropriately, lost or incorrectly destroyed, for instance – as CFO, you may be liable to a very large stakeholder audience that could include regulators, customers, patients, and taxpayers.
This is a reality that will be tested by regulators and other authorities before too long. Seismic changes in the past year related to data security, such as the General Data Protection Regulation and the Notifiable Data Breaches Act, mean organisations and their executive teams are facing greater pressure and scrutiny than ever before, and more rules to understand and obey. At the personal level, the implications of failure are significant: hefty professional indemnity insurance, legal penalties, fines, class action lawsuits, and professional purgatory.
Against this rather frightening scenario there is good news. There are ways to protect your data and give you, as CFO, the comfort and confidence when connecting disparate data sources internally or with external business partners.
Using IXUP’s patented software environment, every single piece of data is encrypted, and the encryption key is not stored with the data to ensure you retain control of your data. I’ll draw an analogy: it’s like trying to clone a human body by having to find out the unique encryption code for each of its 37 trillion cells. The IXUP layers of security give you peace of mind that all your data is locked down and managed according to objective standards.
As a CFO, your job is getting harder, the rules more complex and the risks more intense by the day. It is your role to identify the threats to your company assets, how to mitigate them and drive value to deliver against the bottom line. Don’t ignore the challenges of and the solutions to safeguarding data alongside your other assets.
David Bonham is Chief Financial Officer and Chief Operating Officer of IXUP, an Australian software technology company.