Published on December 13, 2023, 4:27 am
For CIOs, it has become essential to have visibility into the data within their organization. This allows them to establish management and usage policies that maximize the value of this information. For some companies, it means transferring data ownership to business functions while IT focuses on creating an environment that respects both privacy and cybersecurity, while also effectively integrating analytics.
In the era of the data economy and the democratization of Information Technology, there is an epochal shift looming for CIOs: specifically focusing on data governance and providing business users with the technological tools to autonomously manage and analyze data. Luca Seravalli, CIO of Duferco Energia (an electricity and gas trading company in the liberalized market), states, “Data governance is a process that involves the entire organization and aims to provide business functions with tools to independently create insights from data.” This is done by “transferring data ownership from IT to business but still leaving Information Technology in charge of security and compliance governance.”
Data governance involves defining how a company manages data from birth to disposal. It entails foreseeing how information is collected, used, shared, responsibilities are assigned, access is distributed, monitoring activities are performed, and retention and deletion policies are applied.
Keeping data organized allows for effective management and enables actions based on requests or needs while ensuring compliance, security, efficiency, and competitiveness for the company. According to Edoardo Venini, Consultant for Data Protection and Cybersecurity, “Ordering” data enables effective management so that actions can be taken based on requests or needs while ensuring compliance, security effectiveness, and competitiveness.
For a company like Duferco Energia operating in the retail energy market industry, discussing big data and data governance means delving straight into the heart of their business. Retail energy market actors handle enormous amounts of data related to customers, suppliers, employees, as well as everyday administrative tasks. Recently added to this mix is the massive input from new electronic meters (smart meters), which transmit data every fifteen minutes. Duferco’s data governance project is designed to guide their transformation “from a company with a lot of data to a data-driven company,” according to CIO Seravalli. The plan spans three years and is based on the guidelines of the International Data Management Association (DAMA), an international organization for data governance standardization.
“The goal is to make business functions more aware of the data they handle,” explains Seravalli. “Over time, IT will no longer be responsible for preparing reports upon request but will provide business with the necessary data sources for independent analysis and insights.”
In this new role, IT becomes a neutral enabler that allows for the development of technological tools in a compliant and secure manner. “IT is becoming democratized because a broader user base has access to its tools, and that’s also what we’re experiencing,” emphasizes Seravalli. “Currently, we are working on using data as a Business Intelligence tool and creating our own data governance. Later on, there will be a shift to direct use of data by the business, with IT providing the tools to ensure a secure environment.”
This process involves the entire organization, and as Seravalli points out, it is “more about training and culture than technology.” While there is strong commitment from the board, transforming individuals takes time.
At the core of any data governance project is undoubtedly the classification and labeling of data. This proactive preparation enables setting priorities for protection and intervention while structuring appropriate remediation plans for potential incidents or situations. As Venini highlights, “Depending on an organization’s type, sector, and specific activities, certain types of data are more strategic or valuable than others.”
For InterStudioViaggi, personal data protection is one of its central IT objectives. Alessio Maffei, CIO & Communication Manager at this educational travel company, explains that they handle a large volume of data related to minors. The company utilizes a specific IT platform for tour operators. Over the years, they have implemented systems that support operational departments and customers, such as booking platforms and front-office and back-office systems. These systems allow collaboration with other group companies in the UK and USA.
“This operational machine is characterized by peak loads during specific times of the year and requires very careful data handling,” says Maffei. “Our company transports around 10,000 passengers per year for educational trips, so cybersecurity and compliance with privacy regulations are crucial.”
To comprehensively address cybersecurity issues, the company has pursued two strategies: expanding expertise through collaboration with a consulting firm and migrating to the cloud.
“We are implementing various technological evolutions within our infrastructure that will culminate in the full implementation of a private cloud over the next three years,” reveals Maffei. “This will enable us to enhance data protection, mitigate the risks of attacks, and respond to any threats in real-time.” A private cloud infrastructure ensures constant monitoring, system reliability, redundancy across multiple sites, backup in different geographic areas, as well as managed support in