Opinion: Data Governance Will Eclipse CIO Role

Computerworld - People who try to predict the future are awed by the prescience of Gartner CEO Michael Fleisher, who in April 2000 said 95% to 98% of dot-coms would fail within the next 24 months. He nailed it. In hindsight, the dot-bomb was common sense, and we all kicked ourselves for not connecting the dots sooner.

I think that by 2010, hindsight will once again make clear what should be obvious now. By then, companies, including some of the largest in the world, that hadn’t created a centralized function for data governance will have gone out of business. The safe refuge that has been provided by bricks and mortar is set to crumble amid the new realities of the information economy.

The signs are there for the noticing:

1. Convergence of information risk functions. This was the theme at the Secure360 conference in St. Paul, Minn., last month. For a growing number of companies, this will be the year they finally bring data privacy, information security, physical security, records and knowledge management, dedicated auditors, dedicated attorneys, and business continuity and risk management functions together under the umbrella of "information risk management." The goal? To prevent catastrophic information-related events, such as massive security breaches.
2. Escalating risk of information compliance. At a recent conference in Wisconsin of compliance officers from large companies, five of the 35 companies represented said they had elevated the compliance officer to the C level. Why? Because of the heightening complexity and risk of complying with various data-related regulations. In response to the new U.S. Federal Rules on Civil Procedure regarding legal discovery, for example, several general counsels have ordered the establishment of centralized "litigation servers" that store copies of all of the companies’ electronic files. They think this is the only way to preserve and cheaply produce evidence for pending or foreseeable litigation. It’s a very small leap of logic for them to propose that all of their companies’ data, not just copies, should be centralized.
3. Fundamental role of information. Wal-Mart may think it’s in the retail business, but it’s really in the supply chain information business. Exxon Mobil may think it’s in the oil business, but it’s really in the energy-information business. GE, Ford and Medtronic may think they’re in the business of making things, but they’re really in the business of continual process improvement. Chief knowledge officers have been preaching this sermon for years, but the spate of outsourcings gone awry has finally brought home to boardrooms the message that IT isn’t a commodity; it’s the core competency.

How does this all add up? Let me connect the dots: Data must soon become centralized, its use must be strictly controlled within legal parameters, and information must drive the business model. Companies that don’t put a single, C-level person in charge of making this happen will face two brutal realities: lawsuits driving up costs and eroding trust in the company, and competitive upstarts stealing revenues through more nimble use of centralized information.

CIOs may see this as an opportunity to finally play a strategic role in the company. The very best of them will indeed live up to the "I" in their titles.

But let’s face it: The vast majority of CIOs aren’t CIOs; they’re CTOs. They’re the top guy in charge of making sure the network and applications are up and running. They’re not about the what — the information; they’re all about the how — how the information is moved and stored. And in most companies, CIOs aren’t the people the CEO and CFO turn to for advice on what the "next big thing" will be for their businesses.

This is why I don’t think CIOs will be the ones to solve the information-as-business problem. At first, the people appointed to consolidate data governance and risk will report to the CIOs as the best natural fit. But external auditors will become more vigilant about the conflicts of interest this arrangement can create and will start insisting on their separation.

That’s when the chief information strategist will eclipse the CIO, who will more and more be called a CTO to better differentiate the two roles. And the CIO moniker, with all of its old baggage, may fall into disuse.

So don’t throw away that old data map just yet. It may be the blueprint for a promising career.

Jay Cline is a former chief privacy officer of a Fortune 500 company and now president of Minnesota Privacy Consultants. You can reach him at cwprivacy@computerworld.com.

Read more about Privacy in Computerworld's Privacy Topic Center.