According to Gartner (who?!) 25% of major global organisations will have appointed a chief data officer (CDO) by the end of next year. So, what exactly does, or should, a CDO do? I am actually hosting a panel discussion of this topic at IRM’s Data Governance/Master Data Management in May, so I’d be very interested in any reader’s views. In the meantime, here are my initial thoughts.
The idea of a CDO has developed because of the rise of big data and the Internet of Things (IoT): there are now so many potential sources of information that might be of value to the organisation, across a wide range of departments, that the business needs someone who can advise on the value to be derived from that information, where it can be deployed and how, which data should be prioritised, and be responsible for the provisioning of that data. However, this raises a number of issues.
The most important, in my view, is the question of trust, which seems to have largely been ignored in most of the discussions I have seen on this subject. By trust, I do not simply mean that the data itself must be of good enough quality to support the decision making (automated or otherwise) that might be derived from it but also that customers can trust that their personal information will be used responsibly and that they can trust that it will be maintained in a secure fashion. In other words, trust encompasses both security and compliance as well as governance.
As an aside here, trust—in terms of all three of these issues—applies as much to big data and IoT as it does to traditional data, as I have discussed in various forums previously. For example, a lot of machine generated data is duplicated, people will mistakenly include personal information in social media, there are lots of abbreviations in social media that needs to be standardised before you can usefully combine it with customer information. I could go on: it is a mistake to think that governance, compliance and security do not apply to big data or IoT.
But this question of trust raises other issues for CDOs. In particular, how does the CDO relate to compliance, security and governance and is the CDO a position within the business or within IT? The problem is that if the CDO does not have some control over these trust issues then he or she will effectively have responsibility without authority. It seems to me that the CDO must have the authority to ensure that programmes are in place to ensure that data is trusted. In particular, I think there is a case for the CDO to have authority over data governance and the CDO will need to liaise closely with the CISO (chief information security officer).
As for whether the CDO should be seen as part of the business or IT, clearly the role spans both and requires knowledge of both. However, ultimately the position is about delivering value to business departments and I am therefore inclined to think that the CDO should actually be in the business, though I guess that there will be significant disagreement about this.