The ICO holds CEOs responsible, but the customer is the boss

Hefty fines mean data regulation and ethics, previously a specialist topic, is now being discussed at the highest level of organisations. Facebook, in particular, knows data protection authorities have claws, being fined $5bn last week by America’s Federal Trade Commission. Brought on by privacy violations linked to the Cambridge Analytica scandal, the amount dwarfs the $3b set aside by Mark Zuckerberg cover this.

Elected to lead, not to read

With fines this large, leaders need to move fast or find themselves under scrutiny from the board. Ask Paul Pester, former CEO of TSB, how it feels when a board loses patience with IT failure. Sadly the full extent of how much data governance is shaping technology is a lesson the majority of executives have yet to learn.

64% of UK IT professionals think C-level executives should lose their jobs if a breach is serious enough, according to a 2018 McAfee report. So how should leaders conduct themselves when the real danger for an executive might not be a fine, but a firing? Today, business leaders need to immerse themselves in the role of technology and appreciate how data governance compares alongside other business risks. To succeed today, the C-suite needs to:

  • Be aware of what agreements and levels of consent data-gathering business activities obtain from users, and how data is managed throughout the life cycle.
  • Sense-check technological workarounds, progress updates and strategies others give them. Appreciating the technology issues to look for is the first step in being able to ask the right questions; an essential skill.
  • Look for future senior leadership candidates with a genuine passion for understanding the value and risks data accrues.

Who should regulate who?

All leaders still have someone to answer to, and more often than not this includes a regulator. Some paint a utopian vision of a world where businesses and public sector organisations govern themselves, however research shows UK organisations don’t accept this. No matter how much they might grumble, 42% of data leaders told research firm Coleman Parkes they would prefer regulators such as the ICO, above anyone else, to set the rules everyone should abide by.

This is not to say organisations -public and private alike- shouldn’t end their internal philosophising. Instead, they should consider regulator-enforced rules as the new normal and raise the level of internal discussions from satisfying compliance to embracing data governance as a strategic priority. Organisations should be debating how best to stay competitive by applying technology, increasing agility and demonstrating thought leadership. Meanwhile, regulators from the ICO to the Federal Trade Commission need to, and likely will, continue demonstrating data governance legislation has claws. British Airways’ contested £183 million fine won’t be the last.

The ICO as trend setter

It becomes increasingly clear regulators are going to play a significant role as the data privacy and ethics landscape advances at a rapid pace. As recently as January, Google was fined 50 million Euros by the French data protection watchdog. Hungary’s watchdog has also issued two fines of its own totalling €410,000. When Facebook was fined last May by the ICO, the Information Commissioner, Elizabeth Denham, took the opportunity to explain the office’s actions. They are designed to drive meaningful change in data governance and protection within organisations to protect the rights of their customers. This fundamental purpose of the ICO is easily forgotten by executives that view a cruder image of the ICO as simply the punisher.

The ICO’s mandate dictates a future where data is handled with all the expertise and consideration an organisation can bring to bear. Organisations would do well to go with the flow rather than against it. Consider what a long-term strategic view on data governance might be, and position the organisation to regulators and customers as a progressive leader instead of a laggard.

Whereas before executives could claim ignorance and pass the buck, this is unacceptable to a data protection agency. Companies need to work urgently to get clear visibility and active governance of their data in place. Put tech-passionate people in leadership positions, and work on the assumption regulators will punish failure. But, most of all, relish the opportunity to demonstrate leadership in data governance to regulators. Their faith in your commitment will pay dividends.

Approaching data management in a proactive, strategic way brings its own benefits. It boosts customer confidence and brand loyalty, delivering valuable insights from good data, and a sustainable business. Moving ahead of the curve is the only sensible course of action when the waves are crashing higher and higher. Unless you have $3.5b burning a hole in your pocket?

Recent Posts


Big future for big data at Big Data LDN


Data projects delivered at cost deficit – how DataOps changes this


Accelerating People Analytics