Creating an analytics-driven organization 5. Consider legal, regulatory and trust issues throughout While responses will vary by geography and sector, we have identified a the journey number of priorities in addressing the legal and regulatory questions relating The legal and regulatory questions that surround the use of data represent to data usage. a significant barrier. Concerns such as privacy, data protection, competition law and intellectual property rights remain hugely sensitive. The potential CFO priorities for managing the legal and regulatory penalties for the misuse or loss of data are rising. For example, the European issues relating to data: Parliament Committee on Civil Liberties recently voted up to 5% of annual worldwide turnover, or €100m for data privacy breaches. • Confront the legal issues on an enterprise-wide basis, rather than through silos In recent EY research, 70% of consumers said that they are “never happy” for companies to share personal information. And 49% say that they will be less • Put in place information management processes that minimize willing to share personal information over the next five years.3 the likelihood of the business unwittingly holding legally questionable data • Build a new structure for handling the legal issues, and consider Questions CFOs and CIOs should be able to answer about the establishing roles such as chief privacy officer organization’s legal approach to data: • In legal decisions, consider the customer and not just the needs of 1. Do we regularly review our practices for the management of legal the business issues around data processing? 2. What binding corporate rules or global operating procedures do we have in place for data privacy? How much is an organization worth? 3. Are the databases we have developed as a company protected as a To identify new sources of value that exist in an organization, and to cultivate strategic asset, with the use of copyright and other relevant IP? future opportunities for value creation and protection, many CFOs are turning 4. Do we have an in-house contact or privacy officer who is designated to big data and analytics. Analytics is becoming a crucial pillar, enabling to deal with data privacy-related questions? organizations to protect existing value and drive further growth. 5. Do we regularly audit our IT security to check compliance with data protection rules? 6. Do we have an established committee that is close to the board and which defines and manages data strategy? 3. The Big Data Backlash, EY, 2013. Partnering for performance Part 3: the CFO and the CIO 21