CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | MARCH 20238CIOReviewIN MY OPINIONIntroduction The value and the risk of data are context dependent. It depends on how it is used. The comparison with oil is not sufficient. Data has an infinite usage, not consumable and simultaneously usable. Data owners have a particular context, but they cannot know all the ways in which their data could be used. On the one hand, unlocking the full value of data requires opening it up to all potential users firmwide and beyond. On the other hand, this exposure is very risky. New governance practices must open data access, to get the most value from data, without increasing the risk. The investment in information technology should be also progressive and justified by an actual return. Collaboration is key to unlocking the data value. It is not just about the data itself. To maximize the return, a composable architecture that allows the resources' reusage and combination with an ecosystem of component providers, is key. Data Usufruct Frequently, local domain data asset owners used to have full responsibility for risk and determining access. However, the risk and the return on data use are ultimately an enterprise concern that is better addressed by a consensus of a broader group of users. To clarify the roles and responsibilities of data owners, data users, and data governance body, it is necessary to reframe data ownership as data usufruct. This clarifies the roles and responsibilities and aligns the risk-reward incentives toward business goals. Usufruct is a legal concept that means the right to use an asset. A usufruct is a right conferred to a person or group, usufructuary, to use and derive income or benefit from someone else's property. The usufructuary has the right to use the asset, but cannot significantly alter, damage, destroy or dispose of the property because it belongs to the proprietor.The new governance gives data "owners" full rights to control all aspects of a data asset, especially risk determination, but not the access decisions. It is the data governance body that gives access to users and grants the right to use the asset as long as they do not "damage the data"; that is, use the dataset to violate existing data ethics, compliance or use-case agreed rules. Use-case rules are especially important because data assets have many potentials uses that siloed data creators and users cannot foresee. These use cases represent huge potential benefits for the enterprise. Meanwhile, the data governance body reserves the rights of the data asset "proprietor", the rights to assess value and risk, determine potential damage to the asset, and decide the right to access, only when there is a real business need. The data governance body is responsible, considering the assessment, to agree with users on the right and rules of usufruct in each use-case. The idea is to maximize the return, controlling the risk. DATA AS A BUSINESSBy Ricardo Leite Raposo, Director of Data & Analytics, B3Ricardo Leite Raposo
< Page 7 | Page 9 >