Who should own your organisation’s data?
Who at your organisation is responsible for data? And who should be?
Did you know that by next year, global data creation is projected to reach more than 180 zettabytes? And that data is a conduit for risk. Keeping it secure and compliant, while extracting valuable insights, is an increasingly complex task.
That’s why I believe that the owner of your organisation’s data should be the person tasked with other types of organisational governance. Data governance—the framework of processes and policies that ensures data is managed responsibly throughout its life cycle, from acquisition to disposal—needs to be treated just like any other company asset.
In many organisations, the one responsible for governance is the CRO. So why shouldn’t they manage data, too? It’s a controversial take, especially since data has long been the domain of the CIO, but changing times call for different ways of working.?
Increasing regulations make data visibility even more important
Data regulations are on the rise globally, as well as here in Australia. Once the realm of data-
intensive industries, today even small companies are bound by government privacy and security regulations that keep customer data secure. And that’s not to mention many other regulations, such as those surrounding employee data, healthcare information, and sustainability requirements.
For example, most ASX200 companies will have to report scope 3 emissions for the period beginning 1 Jan 2025. Companies will need to prepare an annual sustainability report, yet many organisations are discovering that the data platforms they’ve been building to do so aren’t delivering the desired results.?
This is where compliance regulations crash headfirst into infrastructure demands. It simply can’t work to task one department with regulatory compliance, and yet another department to make technical and infrastructural decisions. The decisions are inextricably linked—the platform that is required to enable sustainability reporting should be the same one that derives business insights and powers customer service interactions.
The owner of data governance should own the data
It goes without saying that if you don’t protect, use, and dispose of your data properly—while keeping it compliant—your organisation is at risk. And the exponential growth of data and the rise in regulations is making this task increasingly difficult.
领英推è
Compliance falls squarely in the domain of the CRO, and for many organizations it may fall to the CRO or a CDO who is wearing multiple hats. Given the importance of data for proper compliance, shouldn’t these roles have control over the data they’re responsible for governing?
Let’s be honest. If it’s the CRO’s job to manage risk, how can they possibly accomplish that task without ensuring that the organisation’s largest asset, its data, is secure? And how can a CRO legitimately protect data from risk if they don’t have a stake in how that data is stored, managed, and secured?
So while everyone agrees compliance is a CRO issue, the larger move of giving the CRO remit over an organisation’s data asset is a rarity. But it’s essential. Most organisations still place data under the remit of the CIO, and that needs to change.?
CIOs are stretched too thin
A decade ago, data was a tech asset when technology was a niche part of a company—and so it made sense that it was handled by the CIO.
But we’re no longer in that world. All companies are tech companies. All companies are data companies. We’ve seen breakneck technological innovation, rising compliance regulations, and mind-blowingly vast volumes of data.
As a result, C-suite leaders have less confidence that IT departments can successfully do their jobs. This is in part because the role of the CIO has shifted as their remit has exploded. While someone may have once been a system administrator responsible for infrastructure, their remit has expanded to deploying AI and cloud storage. They’re being simultaneously tasked with keeping legacy systems running while also pushing the strategic innovation of data-driven companies forward.?
Should the CIO be stuck managing the compliance of their data? Absolutely not. They should be empowered to refocus on what they do best: managing the technology itself.?
The impetus for CIOs to adjust their roles is dire. Industry regulators have started issuing enforceable undertakings to highly regulated industries where their data is not deemed to be sufficiently governed, accurate, timely, and compliant. The fallout could take years to recover from.
The organisations that succeed in mobilising their data will be the ones who empower the data governors to make technological decisions, with heavy collaboration with the CIO.?
What does this look like? I’ll tell you next.
Analytics, Leadership, Advice & Advocacy
1 个月Absolutely agree it should not be CIO. The only think I would add is that I do think if the Risk function is not within Strategy, then there is a lot of value to having Strategy being a heavily invested party to ensure it is a balanced perspective of data- security and risk mitigation, but equally strategic value as providing value should be the number one purpose of data.
Director - Enterprise IT Solutions and Services
1 个月Great perspective and a conversation that is too familiar.
I like the data mesh idea, I think in this the CIO is responsible for setting up a data architecture, governance, lineage, and then the data owner/steward is responsible for their data to be consumed as a product by other users.
Partner at ADAPT | CIO Edge Advisory Board | +14K | ANZ CXO GTM
1 个月Great piece, Max. You’ve nailed a critical debate that’s playing out across boardrooms right now. In May 2024, ADAPT surveyed over 350 Australian CIOs and CDAOs, & the results reinforce your argument—data governance is rapidly shifting beyond the CIO’s domain. While CIOs remain focused on modernisation, security, & AI strategy, CDAOs are increasingly owning compliance & governance. This isn’t just a job reshuffle; it’s an acknowledgment that data is no longer just an IT asset—it’s a business driver. Your point about CIOs being stretched too thin resonates strongly. Our research shows CIOs rank "Tech modernisation & simplification" as their #1 priority, while governance doesn’t even make their top 10 priority. Meanwhile, CDAOs rank “Ensuring compliance & governance†in their top 4, reflecting a clear trend toward specialisation. Rather than shifting responsibility entirely to one executive, I see the future of data ownership as a cross-functional model. The CIO enables the tech, the CDAO ensures governance and biz value, & the CRO mitigates risk. This kind of alignment is what separates reactive organisations from truly data-driven enterprises. (easier said than done) We are publishing refreshed insights in Feb 2025 at #CIOEdge.
Capitalising on the AI revolution by helping people deliver business value from their Data Assets
1 个月The person responsible for creating it should own it.