Data trust and governance: Strategic imperatives for company directors

Thursday, 21 November 2024

Julie Kilner,  photo
Julie Kilner,
Director, BDO
    Current

    The AICD Brisbane Directors’ Lunch: Governance 2024 focused on challenges and compliance obligations for boards and company directors. Here BDO outlines highlights of the event, which included an update on the latest regulatory environment and data governance priority areas for boards.


    The AICD Brisbane Directors’ Lunch: Governance 2024 focused on key compliance obligations for boards and company directors. Presentations by Corporate governance lawyer Sonya Beyers FAICD, BDO Tax Partner Andrew Jones and Slater & Gordon board member Jacqui Walters GAICD, followed by a panel discussion, covered regulatory shifts, tax compliance, and innovation in governance.

    As the Data Trust Lead at BDO, effective data governance practice is a challenge that I regularly see with my clients as they seek advice on how to successfully navigate this evolving landscape.

    Organisations are increasingly focusing on both the internal accuracy and reliability of data for reporting and decision making and as an external obligation to build trust with customers around the use of their personal information.

    Data governance is a key enabler of these outcomes and company directors play a pivotal role in championing these efforts.

    Embracing the regulatory landscape

    The Brisbane event highlighted the rapidly changing regulatory environment. Instead of viewing new regulations as obstacles, attendees emphasised the need for directors to adopt an inquisitive mindset to address operational risks for long-term resilience.

    The regulatory landscape has been evolving at a breathtaking pace, driven by the outcomes of various Royal Commissions.  Numerous pieces of economy wide and industry specific legislation now impose duties on directors making governance more dynamic than ever.

    From a data trust perspective, it is relevant that the Privacy and Other Legislation Amendment Bill 2024 was introduced to Parliament on 12 September 2024. The introduction of the statutory tort for serious invasions of privacy is a significant development in Australia’s privacy law landscape and aims to enhance privacy protections and provide individuals with additional options for redress in cases of serious privacy invasions. This legislation will further reinforce the importance of directors actively overseeing data governance within an organisation.

    Key components of effective data governance practice

    1. Effective identification, oversight and mitigation of data-related risk: Robust risk management frameworks and a strong data incident response plan will support organisations to navigate data-related risk areas. Key areas of focus for boards and company directors should include technology risk and assurance, data asset inventories and staying up to date with the regulatory landscape to ensure that their organisation is adopting best practice.
    2. Promoting a culture of ethics and compliance: Boards and company directors should champion the importance of all staff when it comes to data-compliance and ethics. Consider training programs, regular communication and promoting awareness of privacy issues amongst employees to ensure everyone is aware of the role they have to play.
    3. Supporting a data ‘stocktake’ to understand what data is held: Recent changes to Australia’s Privacy Act may leave businesses open to harsher penalties unless they take proactive measures to identify and minimise data kept in their archives. Proactive organisations should stocktake the personal data they hold to understand what they have, where it’s stored and why it was collected to determine what risks are associated in holding the data.
    4. Overseeing the creation, management and audit of data governance policies, systems and controls: Directors should oversee data governance policies, in line with organisational objectives and regulatory changes. It is imperative that policies are communicated to the broader organisation and that training is provided to ensure understanding of and adherence to these policies.
    5. Promoting data breach readiness and response planning: A clear response plan and communication strategy is a critical component of data breach readiness. Plans should be rehearsed to ensure that key personnel understand their roles. Communications with customers and employees should be transparent and regular.
    6. Advocating for ongoing improvements across the data governance framework: Boards and directors should set measurable data governance KPIs aligned to track progress. Investing in automation tools and technology can enhance data quality and monitor governance effectiveness, ensuring transparency and accountability when it comes to improving data governance practices.

    Balancing Compliance and Innovation: A delicate juggle

    Boards play a crucial role in driving innovation, but directors face a delicate balancing act as they often find themselves stretched between addressing compliance obligations and fostering strategic growth. This tension can stifle innovation if not managed properly.

    Several innovative strategies were suggested at the Brisbane Directors Lunch to help boards navigate this landscape:

    • Revamping meeting structures: To maximise the board’s strategic focus, some organisations are dedicating longer, face-to-face sessions to strategy, and shorter, remote meetings to compliance reviews. Giving sufficient airtime data and privacy compliance will mean that these matters will be enabled to progress, rather than stagnating as they continually drop off the agenda. Additionally, introducing unstructured time for brainstorming and feedback can foster more meaningful discussions.
    • Encouraging iterative decision-making: Instead of waiting for large, capital-intensive projects, boards should be more actively involved in smaller, iterative investments to allow for quicker adjustments, mitigating risks associated with innovation.
    • Leveraging technology and AI: As regulations become more complex, the integration of technology and AI in boardrooms can help alleviate the process and administrative burden that compliance can bring. There is even potential to use humanoid robots in the future to analyse board discussions and provide actionable insights. While this might seem futuristic, early adopters have already seen improvements in meeting efficiency.

    Future outlook

    As directors face increasing demands to navigate the evolving landscape, staying up to date with regulatory changes and innovation strategies is crucial. Directors must move beyond the traditional compliance mindset. By embracing regulatory changes as opportunities and by fostering innovation, boards can not only fulfil their legal obligations but also position their organisations for sustainable growth. The boardroom is more than just a place for ticking boxes, particularly when it comes to data governance. It’s a space where strategic vision, regulatory foresight and innovative thinking converge to shape the future of organisations.

    Contact us

    Julie Kilner is a Director in BDO’s Digital Team and National Data Trust lead and is passionate about helping people and organisations find, protect and realise the value of their information and data. To learn more about how BDO can support your organisation’s digital transformation and data governance needs please contact BDO’s Digital Team.

    Latest news

    This is of of your complimentary pieces of content

    This is exclusive content.

    You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.