As the worlds of data science and business collide, more and more companies are starting to question the value of the proprietary information at their fingertips, and the ways their data can be monetized both securely and ethically.

To answer some of the many questions we receive on data exchange and commercialization strategies, we’ve put together this introductory post which explores some of the major factors organizations need to consider before embarking on data exchange and commercialization.

Before making bold investments in specialized staff, hardware, and software, it’s important to consider how your business approaches three key factors: user privacy, data security, and data governance. We’ll start with the most important, protecting customer privacy.

Understanding your privacy obligations

To keep within the law under Australia’s Privacy Act, and to address basic business ethics, it’s necessary to acquire permission from the individual whose data is being collected. This is vital before data can be collected or used for any commercial purpose, including data exchange.

This informed consent or permission can be captured in a number of ways. Firstly, data owners collecting data through their own customer-facing digital services, software, or website should ensure that data exchange provisions are included in end-user agreements and website terms. Intentions to exchange or on-sell data to third parties should be clearly marked and communicated in simple, easy to understand language. Customers should understand what data you’re collecting and for what purpose, and they must be given the opportunity to opt out of such activities.

Likewise, data owners who collect data through loyalty schemes – or similar avenues – will want to ensure their membership terms of use include specific provisions allowing data exchange. Depending on the industry you operate in, there may be additional privacy-related laws and regulations to take into consideration. For instance, the terms and conditions of bank collection statements prevent them from sharing private information about customers in a personally identifiable way.

The most important factor at play here is trust. You are in a reciprocal relationship with your customers, built on a fundamental trust and understanding about what products and services are being exchanged, and for what value. It’s critical that their informed consent is granted before this relationship is extended to include the collection, and potential exchange of, data relating to their behaviors.

Accounting for data security

Organizations that want to participate in data exchange should also carefully consider what information is safe to release from an enterprise perspective. Many businesses wouldn’t want to reveal data that shows revenue figures or KPIs, for example. Parameters about what data assets are fit for collection and ‘internal use’ versus ‘external commercialization’ are usually set as part of an organization’s broader data strategy; these guidelines should be regularly revisited and evaluated by data owners.

Data security doesn’t stop at the collection and authorization for exchange, however. It’s also important to consider the mechanisms and technology through which the data exchange itself will occur. The days of handing over un-encrypted hard drives and USBs are coming to an end.  Through data exchange governance technologies like Data Republic, you can ensure your data is securely encrypted and stored before provisioning access to authorized parties.

Remaining in control of your data security after the exchange occurs is another important factor – you want to understand how any external parties will be applying insights in the future. As such, you should consider technologies that provide you with transparent audit capabilities and lineage tracking of access to your data.

Acknowledging the importance of data governance

For all of the above reasons, having a strong organizational approach to data governance is crucial.  Agreed data governance procedures should explicitly underpin the collection, analysis, and distribution of data within organizations to ensure security and consumer privacy are maintained.

If you haven’t already, we also highly recommend appointing a specific person – often designated the data security officer – who has the authority to ensure that proper governance is carried out. In addition, we recommend that organizations have a comprehensive data strategy in place that spells out how, when, and why data will be handled.

Once you have structured your data framework around privacy, security, and governance, then further considerations around investment for data monetization can be made. By building this solid foundation in security and governed data management, you ensure that when your organization is ready to commercialize proprietary data, the data is both of high quality and your organization is confident and aligned in its approach to data exchange.

We hope this introduction to preparing for data commercialization has been helpful. If you have a specific question regarding data commercialization, please don’t hesitate to contact us.