“Are you DataSmart?”
This is the question that drives our entire approach, because we think it represents the intersection of data strategy, technology, and law. We want every one of our clients to be DataSmart, because if you aren’t examining all of those issues and how they interact, you’re going to fall behind.
So what exactly does it mean to be datasmart?
It breaks down into two components, one procedural and one philosophical.
The procedural aspect is, effectively, do you follow the DataSmart Method? This is a comprehensive, analytical, and rigorous examination of every facet of your company’s relationship with the data it touches, produces, or holds. We’ve discussed before on the blog, in the podcast, and in the book why a data inventory is the right first step in any data-based venture, whether you’re starting a new business or branching out into a data partnership. Put briefly, you can’t achieve your goals if you don’t understand the tools at your disposal. A data inventory provides you with the framework for how your company can proceed to grow in the same way that it outlines the assets you have that require the most attention, the most protection.
Next, you have to assign a value to the data uncovered in your audit. Some may be more important for short-term needs, while some data is “investment grade,” in that you recognize but cannot monetize its value. Figuring out exactly how to assign a value to data is a complicated process, but it is crucial to developing an operational awareness of your data. The valuation is also essential to other tasks, ranging from buying cyber insurance to evaluating a pitch in a Series A investment round. Valuation, just like you were taught early in grammar school, is an ongoing process of estimation and refinement.
Third, you have to structure your data in a way that makes sense. This process is not only about internal arrangements for control and management, but also the nature of your third-party relationships. The right structure in a data partnership can mean the difference between success and a lawsuit. This is also the stage where you do the most to put your data to work; simply possessing information is of little to no value. The information has to be leveraged to secure its full potential. The structure provides the strength and the access points to your data assets whereby all monetization and partnerships will be connected.
The last practical step is about protection. Your data loses its value and your company faces liability if you don’t take the necessary precautions against loss, theft, or misuse. Like any asset, data has to be safeguarded in order to ensure its continued usefulness. But unlike other assets, data doesn’t always (or even mostly) come from the efforts of the business or its operations. Indeed, the truly valuable data is often information about clients or competitors. As such, you have to protect the data not only for your own benefit but also to secure the rights of the individual who generated the data in the first place. That’s the theory behind comprehensive data security legislation like the GDPR, and it’s why you have to implement controls like data minimization, access limitation, and oversight.
Those four steps — identify, value, structure, protect — are the practical component of being DataSmart.
But as I mentioned, there is also a philosophical angle to the DataSmart Method. Your business has to recognize that data is not simply information; it is currency, it is value, it is your brand. The information and data you possess may be worth far more than the bricks and mortar of your offices, the materials in each of your products, or even the secret sauce on your sandwiches.
You have to understand what the informational value you have before you can harness its potential, just as you have to recognize that data security is no longer optional in today’s market. It’s only the companies that can adopt both a practical and a theoretical approach to data that will thrive.
So it’s worth asking again – are you datasmart?