Corporate boards may need to add more ethical considerations to their data governance policies. Recent public announcements regarding the promotion of false and misleading information by Twitter and Facebook demonstrate the type of policy decisions boards may have to make as the rules for handling data continue to take shape.
Insights from the 2019 BDO Board Survey indicate that boards are recognizing that data governance is extremely important to the growth of their business. According to the survey, 47 percent of respondents reported that they have implemented or updated internal data privacy policies and 43 percent have increased budgets and resources to ensure data privacy.
While much of this attention to data privacy is driven by the General Data Protection Regulation (GDPR) that took effect last year and the California Consumer Privacy Act (CCPA) which takes effect in 2020, BDO asserts data governance needs to expand beyond privacy concerns.
“The new standard in data governance is not just privacy, it’s ethics. Boards should ensure not only that companies are prepared to comply with current and developing data privacy regulations, but that they are implementing a holistic data ethics program with a framework that guides data ownership, transparency, consent, privacy and financial value,” Karen Schuler, national leader of BDO’s Governance, Risk and Compliance, wrote in a press release.
Recent events suggest that handling of customer data ethically must be part of any data governance policy. Implementation of new regulations, legal considerations and public pressure are causing companies to review how consumer data is collected, used and sold. The collection, buying, selling and use of customer data has become big business for tech companies in particular, but now the use and ownership of customer data is coming under much greater scrutiny across all industries. Boards should be aware that their policies on the use and ownership of customer data have consequences. Unpopular or poorly designed data governance policies can affect a company’s reputation, causing customers to flee and drive the stock price lower; it can open the company up to lawsuits and lead to fines and penalties from regulators. Wells Fargo’s unethical use of customer data to create fake accounts for its customers led to $1.7 billion in fines and the company is still working to rebuild its reputation with customers.
Directors should also know that the impact of a company’s data governance policy can extend to any data a company handles, promotes or endorses, even if the company didn’t produce the data in question. Perhaps the broadest application of this type of ethical data governance policy is currently being illustrated in the public announcement of the different approaches Twitter and Facebook have taken regarding political advertising. While Facebook has chosen to allow all paid political advertising on its platform—even false or misleading ads—Twitter has chosen to ban all political advertising, including ads for causes like abortion.
Since both companies say political advertising is only a small percentage of their revenue, they appear to be using their data governance policy to send a conscious message to customers and shareholders about political discourse in the U.S. For these two companies and others, how they handle the promotion of misleading political messaging is important to their reputation as a trusted information source. Whether a company is trusted or not is important to its future growth. Paying attention to how Twitter and Facebook are affected by their decisions, may help boards determine if there are similar ethical considerations regarding data governance that require policy adjustments.