Once upon a time, not so long ago, the top companies on the US stock exchange, the most valuable companies, were oil companies. Today, they are technology companies – particularly ones that have personal data at the core of their business model. Personal data is the new oil! For many companies, personal data has become one of their most valuable assets. For many other consumer companies, it will likely become one of their most valuable assets. If you’re the CFO and you’re looking at where to invest and what you should be protecting, you must consider personal data in your greater business model. It will not only give you a good return, preventing its misuse also means you save on costs to reputational damage and regulatory issues. Think about this. For a lot of companies, their loyalty program is fast becoming a key profit centre, if not the most profitable part of their business. And these programs are entirely built on personal data, which can be used to provide better and more tailored services to consumers, afford an opportunity to cross-sell, and give key insights into business development. Executed well, these can provide a fair value exchange, where customers understand what their personal data is being used for. However, businesses do not always do a good job of communicating and being transparent about this – ensuring the success of such programs should be a key concern and focus of CFOs. CFOs, especially as part of the C-suite, must make sure their businesses do the right thing and build customer trust. This can be achieved by ensuring that this new and highly valuable asset, personal data, receives the funds due for the personnel, technology and governance that will ensure its appropriate use and protection. Much of the narrative around privacy in recent years has been around data breaches and highly focussed on the security of personal data. While security is a critical element of protecting privacy it’s not the whole picture. The Deloitte Privacy Index shows that data breaches, if handled well, can actually lead to an increase in trust. However, businesses will find it very hard to recover from a breach of trust due to the misuse of personal data, such as disclosing that data to third parties that your customers would not expect. This is why investment in the security of personal data, and good governance around how that data will be collected, used, and disclosed is imperative. Previously, privacy officers and those whose role it was to ensure good governance around the use of personal data were not seen to be a priority area for spending. But that has changed. Now and into the future, CFOs will increasingly need to understand the value that good privacy and data protection brings to their business. Good privacy practice is no longer a luxury, but a necessity for businesses handling personal data. So it’s definitely time for CFOs to recognise the value personal data brings to their business and how good personal data governance and good privacy enhances that value. Then they can correspondingly consider the risk of not making this a priority – be it the risk of underinvesting in the protection of that data, IT, or under investment in good personal data handling practices. So what can CFOs do? Invest in good data governance capability. This involves not just policy and procedure, but also the right technology to underpin that. For example, if you don’t have a single view of your customers, and you have a myriad of legacy information systems and low visibility of your vendor landscape, you are essentially creating privacy risk. You won’t be able to meet your regulatory obligations easily, and your costs to do so will go through the roof. On the flip side, not having a good handle on your customers’ data through good data governance will likely mean you won’t get the maximum business benefit out of the personal data you’ve collected either. Invest in good communication. Recruit privacy professionals who will help drive the program from a customer trust point of view by speaking the language and offering fresh insight – that type of investment will see a significant return, and will help businesses decrease their risk of regulatory fines or other impacts from a breach of trust, i.e. lower stock price, loss of customers, etc. Good privacy professionals won’t only help shield you from privacy risk, they will help you find ways that you can maximise the use of the personal data available to you – after all, a customer that trusts your brand through high data use transparency and good value exchange is more likely to give you more personal data, increasing your asset base. Do some analysis. Figure out what data is worth to your business, what money you are making from it, and apportion resources to its protection and governance accordingly. There is ample evidence to suggest that there is still a disconnect between how much businesses are spending on governing and protecting data versus what it’s worth. Talk to the right people. CFOs can engage with teams who can help them solve these problem: data governance teams create good data governance models, good privacy teams build good privacy governance and then help with the implementation of that. Start now. It’s all but inevitable that Australia and other countries around the world will pass laws similar to those that have recently taken effect in Europe with the General Data Protection Regulation, requiring good data and privacy governance – so get on the front foot now, don’t be caught out at the last minute. There’s already been a motion passed in the Australian Senate for GDPR level laws – it’s on the radar. The economy has shifted, so having good data governance and knowing how the personal data you hold is going to enhance your business will set you apart from the rest. This is how the most valuable companies in the world are getting their edge, so why wouldn’t you as well?