When Tim Berners-Lee declared data to be the “new raw material of the 21st century” back in 2011, he was perfectly describing the direction many economies were heading in – from industry to insights and intelligence.
But in the six years since, data has defied the economic principles that many commodities adhere to: unlike other raw materials, the more plentiful the data the more valuable it becomes. It is coveted like precious metals and valued accordingly for its power to drive the insights that help transform businesses.
The data a company owns can help it to cut costs, open up new markets and identify new business; it can make the difference between taking the lead or seeing rivals overtake it. As such, data has a value that shouldn’t just be acknowledged, but recorded and accounted for.
Data rich businesses are being acquired not for what they do, but for what they know, while exchanges trading in data have become profitable businesses in their own right, in the same way as exchanges that trade in metals, currencies and more.
Just as a business’s finances are carefully recorded, detailed, audited and regulated, the recognition of data is reaching a similar point of maturity. The financial good governance of a business is inextricably linked to its value, and the same can be said of data governance.
Now, the uses of data have reached such a level of value to businesses that it is becoming subject to more stringent standards and controls to safeguard its value and availability, which also ensures its responsible usage.
In South Africa, the Protection of Personal Information Act (PoPI) enshrines the constitutional right to privacy by safeguarding personal information through regulating the way in which it is processed, and providing individuals with recourse should their personal information not be processed in accordance with the regulation.
Section 19 of the Act, which deals with security safeguards, states that organisations must take appropriate measures to protect personal information against unlawful access or processing, as well as loss, damage, or unauthorised destruction. Companies must further take measures to identify risks, maintain safeguards against such risks, and ensure that these safeguards are continually updated in response to new risks.
Businesses are further responsible for keeping their security and data protection up to date and to make sure anybody who handles data on their behalf – whether internal employees or external suppliers – does the same.
The crafting of such regulation in South Africa – and across many countries around the world – are in response to a growing digital economy, where personal data is moving faster, further and more freely than ever.
Furthermore, rapid advancements in artificial intelligence and machine learning are giving businesses the ability to automate processes across the organisation and extract even greater value from the data that they have.
This is made possible through the maturation of cloud computing at the infrastructure, platform and software level, giving businesses the ability to extract, collate and analyse data at incredible volumes and speed – even from across previously disparate systems – and fully explore the potential and value of their data.
Companies should view PoPI as an opportunity to better align their organisations; data protection regulation is likely to continue evolving, and a clear view of how data moves across the business will be critical to staying on top of change.
While it may be enough for companies to merely comply with the regulations, taking a long-term view can help them work more efficiently and differentiate themselves in a highly competitive market.