Establish a Program Data Governance Model

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 39 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
Welcome to module 2.4 establish a program data governance model.
00:08
In this module
00:09
we will discuss understanding centralization of data governance, understanding decentralization of data governance and understanding potential hybrid solutions.
00:22
Now, when we talk about
00:23
a program
00:25
around data governance
00:27
for for our privacy program,
00:29
it's important to understand that there are benefits and downsides
00:34
to the three most common types whether you have a centralized
00:38
data governance model, a local or decentralized data governance model or a hybrid
00:44
of the of the two,
00:46
regardless of the model chosen should ensure information is controlled distributed to each or two decision makers.
00:53
Centralist, typically one person is in charge, allowing for the direction to flow from a single source.
00:59
So for smaller organizations it may be beneficial to have a centralized
01:04
data governance model to ensure that one individual has the authority to make the decisions and
01:11
uh huh
01:12
disseminate that information ought to internal and external
01:17
stakeholders.
01:19
However, a larger organization
01:21
may determine that a privacy officer or someone who has a C level position have responsibilities and that they would be the ones who would be the central figure. So it really depends on the organization and the culture,
01:34
local or decentralized decisions uh that are made locally
01:40
can't result in having less
01:42
what we would say in the industry, red tape or
01:46
hurdles to overcome.
01:48
And there is a wider span of control at the local level.
01:53
Maybe a global organization needs to have a local presence in certain regions of the world to ensure that privacy regulations that could potentially change or dramatically impact
02:05
how privacy is governed or managed within that area
02:09
is impacted. And and that doesn't take away from the resources that may be required to run the overall global program
02:20
or different areas. So having a local or decentralized program may be necessary. And of course there's the hybrid option which is a combination of centralized and decentralized hybrid is going to be less likely in a smaller organization and more likely in a mid or large organization
02:38
where,
02:40
for example, if there is a large tech organization, they may have a privacy officer or a VP of privacy at their headquarters. However, they have plenty of local presence around the globe to ensure that local decisions are made and that their reaction to those
03:00
types of events related to the privacy program are handled
03:06
uh in a way that reflects the requirements of that region.
03:14
Here's a slide here that I found on the web from Mckinsey. You can see I have my source here and just in general, when it
03:22
when it comes to centralizing or decentralizing uh anything, it's just important to know that when you're looking to centralise, uh there's at least what
03:32
according to Mckinsey would state here that there's a series of Yes, is they need to have 23 questions. Is it mandated to external stakeholders will require it? If so. Must it be done at a group center
03:46
or number two? Does it add significant value to add 10% of the market capitalization or profits of the group? If you're really looking at expenses related to your program, that could be a factor. If not, is it a key part of a larger initiative that would add 10%? Now, those percentages are just examples. Maybe 10% within your organization?
04:05
Wouldn't be a lot. However, for a lot of organizations, a 10% fluctuation is significant. So it could provide some major savings for you too. Centralist.
04:15
Are there a slow, Does it avoid risk of bureaucracy, business rigidity or reduce motivation or distraction? It's another consideration from a culture standpoint of centralization or not centralizing?
04:28
Not that these are going to apply to your organization, but when it comes to creating your data governance of how your program is going to operate, it's important to really work through whether centralization, decentralization or a hybrid model
04:42
is important for your organization.
04:46
Here's a question
04:46
privacy decisions made locally as an example of a blank governance model.
04:51
The answer, of course, is decentralized.
04:57
In this module, we discussed data governance modules
05:00
models, excuse me, such as centralized, decentralized and hybrid. We also discussed the benefits and downsides of each model.
Up Next