Stricter privacy laws, increasing data breaches, and the massive amount of data brands are collecting make effective data governance essential to both stay compliant and maintain consumer trust. Watch our in-depth conversation with Blueprint Technologies Director of Data Strategy Mark Milone to gain insights on what data governance consists of, why it’s so important, and how to get started to put your organization on the right track. He also walks through the data lifecycle, shares the business outcomes that good practices can impact, and details specific considerations and metrics related to loyalty programs.
Hello, everybody. Welcome to another edition of Annex Cloud's Market Movers. Today, we are talking to Mark Milone, Director of Data Strategy at Blueprint Technologies. I'm super excited about this session. We get to talk about privacy and security and data governance and all these things that we all need to know about, but we don't talk about a whole lot. So welcome, Mark.
Thank you Erin. Glad to be here.
Why don't we get started and give us a little bit of your background and how you got started in focusing in on this topic of all topics.
Yeah, sounds good. So I'm an attorney by trade originally. I started in cybersecurity and privacy. I worked originally in finance doing transactional work, intellectual property, contracts, things of that nature. And then eventually started moving into cyber security. Then published one of the first law books on cyber security law, and that got the attention of different industries, and I eventually moved into aerospace and defense. So I worked in that space for about 10 years and was helping with a number of digital transformation initiatives.
In the course of that work, what I was seeing was a lot of issues around data. At the time, we didn't really call it data governance, but eventually that's what it was. So my practice shifted out of law and into data governance. And really helping companies in the midst of their digital transformation, helping them move into the digital space by really being able to unlock the value of data. And when I say unlock the value of data, that's really an enterprise-wide effort. And that's where the challenge is. That's why it's governance, to get these different groups, sometimes different business units, different functions, and getting them all together so that they can leverage their data, not just to manage risk, but also to deliver things of value
Yeah. And I love that you said it needs to be this broad reaching initiative. How do people get started and how do you know that you need it? Although I guess I probably think everybody needs it today, because certainly digital transformation is the hottest topic and everybody I think is going through it. But if they already don't have a group that's overseeing this, where could that live or who should start it? We probably have an audience of marketers, where do they go?
Yeah. Yeah. It's interesting because when I think about these challenges, they all kind of started with cyber security. And I'm thinking about back in 2007, '08, and it always starts with some escape, you know? And there's some source of pain and then people focus on that, and usually there's a small team that focuses and then as that team grows it eventually becomes a group. You know? And I think that cyber was where it kind of started. And then also privacy, and you always see these things arise in response to, like I said, an escape. And then it tends to live in that organization for a little while, until you see that it's broader than just that organization. So to use an example, I've seen companies where there have been challenges with HR data, for instance, from a privacy perspective.
If you have some kind of escape, then chances are you have a privacy group that lives in HR, but then depending on your business, you may find that you use personal data for more than just your HR needs. And then you can see the privacy group kind of expand from there. So when I think about the natural progression and maturity of data governance, I usually think of it as you start with cyber where it's really how do I protect the information? Then you start thinking about privacy, which goes to how can I actually use this information and also comply with these different obligations? And then eventually as you mature, it reaches data governance, which adds the real value proposition of how do I manage this data to increase its quality, make it more discoverable, make sure that people can use it, right? That's the democratization piece. And make sure that people understand it, that's the literacy piece.
All of those things together is typically what people mean by data culture. When I think about data governance, why don't we go ahead and we'll work sequentially starting with cyber security. When I think about cyber, typically what we think about is technical and administrative controls that help you control the confidentiality, integrity and availability of information, right? Those are the big kind of things that you need to do for cyber security. Privacy is, basically the thing you need to understand, is are you working with personal data, right? There's a data aspect. Or is there some use of data that has a privacy implication, right? Or are you processing that data? And then the other big thing to think about is what region are you working in? Because there can be compliance obligations when you're working within that region or you're somehow impacting that region. Right?
Is that GDPR and those kinds of things?
Yeah. GDPR, things like that. And then obviously California is the big kind of US law, but then data governance, it's more than compliance. I think of privacy and cyber security for the most part as being data risk management, which is just one side of the equation. When I think about data governance and you look at all of the things that data governance can be for an organization, I like to think about four different things of value, value streams. There's managing the life cycle of the data, and that's where part of the privacy piece gets managed. I think about managing a catalog so that you can actually discover the data that you need to use and manage. I think about managing your pipeline so that you can increase the quality of the data and make it available for things like decisioning, analysis, reports, business intelligence, things like that. And then I think about security, where you talk about access decisions and protection and whatnot.
So those four value streams are the outcomes that I want to see from data governance, and then what you need to do to really have a holistic point of view for data governance, you need to think about who plays a role in seeing those outcomes. Right? And I try to look at it as simply as possible, where really you need to have leadership establishing the strategy and objectives that tell you what data do you manage from a life cycle perspective? What data do you need to discover in your catalog? Right? What data should you be focusing your quality improvement efforts on in your pipeline, and what data presents the greatest risk, so that you can secure that data, right? That's the leadership kind of setting the tone.
And all of that flows down to the people who are producing the data and the people who are consuming the data. In between the producers and the consumers is typically your platform. And when you think about those value streams and those different people that are involved in the value stream, those are the things you really need to think about in your operating model. What I find, my own opinion is that people spend a lot of time talking about tools and focusing their budget and their efforts on tools. But tools are just one piece of the puzzle. If you don't spend an equal amount of time thinking about people, process, metrics, communications, those real foundational things, all the tools in the world aren't really going to solve your problem and you won't have a solution. So that's how I kind of view data governance, if that makes sense.
Yeah. I love that. And just like everything else, right? So if you're not taking everything into account, it can't be holistic. I like the part about, so life cycle of data. We in the loyalty side talk about customer life cycle. So there's data that we're collecting at every customer touchpoint, essentially. So that's probably just a piece, though, of what you're talking about as far as life cycle of data. Is it where it comes in, how it ends up going out? Do I retire it? Do I-
those kinds of things.
Yeah, that's right. I mean, when you think about the customer journey, there's certain discrete points where data's coming in, data's coming out, and wherever there's a disconnect, that's that you need to focus your efforts on fixing that piece of the customer journey. The same thing with data, right? So using my example of the life cycle value stream, the way that I think about it, once again, this is just me simplifying it so that you can talk to the broadest audience possible. Right? And have it apply in the most circumstances. The way that I think about it from a life cycle perspective is at the top, you have the leaders, they're setting your strategy and objectives, right? Those strategies, the business goals and objectives, will tell your data producers, what data do I need to collect and share? Right? That's kind of the first step in your life cycle is collecting and sharing the data.
Then the platform has to focus its efforts on processing that data so that the consumer at the end of the value stream can actually use the data, and they need to understand what purpose they're using it for and ideally document that purpose so that it aligns to the strategy and objectives. And then use the data. And that is kind of like at a very simple level, that's the life cycle. At each one of those handoffs and each one of those components in the way you manage your life cycle, there's going to be people process and technology for each, for your leaders.
For instance, I would argue that when it comes to leadership, they just want metrics. For the most part. They want to be able to show that things are happening and they're happening effectively. And at the end of the day, their reason for being is usually not data governance, right? They just want to make sure that it's working. The data producers will need certain roles and responsibilities and metrics around the data they produce. And then the platform will have people process and technology working there and the same thing with consumers. So that's kind of how I would think about that operating model for the life cycle.
Oh, that's really interesting. And then thinking about it, as you were saying, the data and the data collection comes from the top. When I think about loyalty and the initiatives that are happening-
I would venture a guess that when... so what happens a lot of times is you'll sign up for a loyalty program and you'll give your email address and then there's that, or there's a unique identifier associated with you, and there's very little, hopefully, very little personal identifiable information, right? But then you want to learn more about me. And so there might be questions that I can answer or a profile I can fill out like my birthday and some of those kinds of things. It doesn't seem to me that that collection of that kind of data is always going all the way up to the top. So essentially our audience here really should be concerned about making sure that the data they're collecting aligns with the corporate philosophy around this. Champion this, these are the things that we believe we need in order to drive revenue, and these are the things we need to be adding in. So it seems like this group, this data governance team or what have you needs to be talking on a fairly regular basis to be able to help and support each other?
Yeah. I mean, I think if we're going to now focus the lens on customer loyalty and what kind of metrics might be important for customer loyalty, I would think about it, I would narrow the scope of what I'm describing.
What I would say is I think that leadership will be interested more, in the same way that you have key performance indicators, there may be some KPIs for loyalty, and there are, right? There's a whole bunch of different things you could use. But I would say from a data governance perspective, they're probably going to focus on key risk indicators to understand specifically, as you know, that one of the goals of customer loyalty is to personalize the experience of the customer, which means you have to be collecting some kind of personal information to offer that personalized experience. The more personal you get, I would argue the higher the risk, right? So how are you actually going to measure the risk, and who owns that metric, and what data is feeding that metric? And then how does that metric get communicated up the chain, and then eventually to someone in a position of leadership so that they know are consent being managed, or when you have a data subject request come in, how long does it take before you respond to the request?
How many mistaken responses, did you always validate that that is in fact the person who's requesting the data? There are all these different ways of measuring the risk around that personal data and the personalized experience. Not everything should be reported up to leadership. There should always be balancing with metrics so that you actually have some degree of confidence that you're actually getting an accurate view of the outcome that you're looking for. Right? Because metrics in and of themselves don't really tell you if you're succeeding in what you're trying to do. You need to kind of look at it from a bunch of different directions. So let me just kind of pause there. Does that make sense? Am I answering your question?
Yeah, again, I think this is fascinating. There's a bazillion questions going in my mind like, okay, well, how do we do this? Who do we need to know, how do we implement, all those kinds of things, but that's probably a discussion for another time. But yeah, it is. And I guess one of the things you said early in that answer was around how are you utilizing it the right way?
We talk about personalization a lot. And so I collect a certain amount of data from you around your purchase behavior, around some additional information you might tell me about what you like to do. Maybe I'm an outdoor retailer, and so I know what you're buying, but then I also say, "Well, do you like to cycle, do you like to hike? Do you like to ski?" And then I get to know these kinds of things about you. So then I'm serving up messages that talk to items that you're going to need on your next ski vacation or something. If they've given me their consent, that's okay, right? Or are there other things I need to be concerned about?
Yeah. So I think one of the challenges with consent is what are they consenting to? Right? So it depends on the notice that you're providing them. Because at the end of the day, the consent needs to be informed. And I think what you're touching on is what I think of as data ops, which is data operations. It's basically, in the same way that you have something called dev ops, which is a software development type concept, you apply that to data so that... And what I would say is, one of the real pieces of value of data governance is data ops, where you understand how to put teams together to solve problems. And what I would say is when you're gathering consent, the challenge is, is that consent in alignment with the stated purpose of the data consumer, right? The person using that data.
And that's why, if you remember, when I was describing the life cycle, going from collection and sharing of the data producer, processing on the platform, and then purpose and use for the data consumer, that's why I think it's important from a data governance perspective to document the intended purpose of that use of the data, because you do need to periodically go back and make sure that the consent you gathered aligns to that use. And if you don't have these things documented formally, bear in mind that when I say data governance, all data governance, it's the formal authority and control over data. And by formal, I mean written down, right? It should be part of your company policy. Because if and when a regulator comes knocking, they're going to want to see what policies are you using to manage that data?
So what I would say is, getting back to your original question about consent, you need to be able to understand who is the person that was responsible for gathering that consent and managing that consent. And that's why I argue that it's the producer of the data who's in the best position to manage the consent, to make sure the data's of a sufficient quality, all those things. You try to get that as far back as you can at the source of truth. What I would say is anytime that the consent or the quality of that data is not sufficient, data ops is there to make sure you put the producer and the consumer together to fix whatever that challenge is. If it's a consent issue or a data quality issue. What I would say is this is where customer loyalty comes in in my mind, because if you have that actual relationship with the customer, it becomes much easier to reach back out and say, "Look, we have a new use that we would like to make of your data, and this is what it is," right? You're giving them transparency.
I think that the trouble or the problems that companies get into is a lack of... When you lose trust, right, you lose your customer's trust, once you lose that trust it's gone. And the way you get trust is through transparency in setting the right expectations. So as long as you have that dialogue with your customer and they trust that you are a good steward of their data and you're using it and you're being clear, what you're using it for, if you have a new use, then you can reach back out as part of your loyalty program and say, "Look, now we want to do this, and this is how you're going to get value from what we're doing." That type of dialogue I would argue is what builds that trust.
Wow. That really takes that relationship to a whole nother level. I can't say that I've ever seen an outreach like that as a consumer, that's telling me this is how you're going to use your data. And I personally really like it, because I think, to your point, it gets to the trust factor. I think some people would be concerned like, oh my gosh, if I start telling somebody and I'm giving them the option, if I bring it up that people are going to back out and they're not going to want to do these kinds of things. But when we talk about loyalty, we talk about building more of an emotional connection with your customer. That's why we want to do things that are more personalized. We want to elevate that relationship. And doing something like that, where you reach out and you say, "Hey, we're going to collect some more data, and here's how we plan on using it, and we plan on making your life easier by doing it." I mean, I think that's terrific. I'm going to start preaching that as we start talking to people some more, because I think it really makes good sense.
As you're talking about loyalty and other things that we can do, because again, I think people take for granted that, all right, your cookies are going away, I need first-party data for whatever reason, I want to know who this customer is. So again, loyalty program means there's a box I'm checking that gives consent. And I think they're kind of like, "Okay, I'm covered." Are there other things that we should be concerned about, or other, I guess, tips for us on how we go about managing those and making sure that we're doing things the right way?
Yeah. I would say it could be worth your time to do an assessment, a self assessment, or bring someone in to help you assess what your current maturity is from a data governance perspective. Because the more mature your data management, data risk management is, the more value you'll be able to extract from that data, and the better you'll be able to manage whatever risk is associated with the data, especially as you personalize things and start doing things like predictive analytics. The way that I look at it is depending on where your maturity is, you could be better off focusing on certain things that are more likely to deliver something of value quickly to you. So when I think about customer loyalty from a data governance perspective, I tend to think of it in three different levels, where at the very basic level, you're just looking at transactional type things. It's just a snapshot in time, and you're going to want to focus on certain things there.
The next level I think of is at that intermediate level, as you're starting to learn more about your customer and personalize things, adding more dimensions to the data. And then at the top, we would have a predictive type situation where you're actually trying to predict what will evoke that emotional connection with your customer and giving them an experience that's really meaningful to them. And each of those things you're going to want to focus on what are those components and controls that are actually going to give you the most return on investment?
No, that's great. A couple of things that we always coach our clients on, two things. One is from, as a loyalty provider, we don't want to take any data that we don't need to take. So again, we don't have to take personally identifiable information, we're not going to do that. And there's plenty of technology and ways that we can get around that in the structure of the program. And then we always also recommend that you don't collect any data you're not going to use. Why? Because you need to manage it. Right? But then also the customer then begins to think that, hey, if they've collected this, what are they going to do with it? And if they don't see you actually utilizing it, then that takes down that trust factor too, I think.
Yeah. I tend to think of those, what you are describing, I think of it over on the data risk management side. Because when I think about the idea of security, what I tend to think about is when you're the producer of the data, you need to make sure that you understand how sensitive the data is. That's usually what people mean by the classification of the data. Then that classification will allow the platform to better implement its access controls. You provide less access if it's more sensitive.
This has been super interesting. Is there anything that I didn't ask that you think the audience needs to know about?
Yeah. I think that customer loyalty is a really complex, interesting area. I would say because of third-party cookies going away, I bet that you're going to see more people trying to get customer loyalty programs stood up, and they're going to have different degrees of comfort with data, different degrees of maturity. I would guess that a lot of people will be just in the beginning of their journey at the basic level. And I would say that if you're just starting, from a data governance and data management perspective, I would really start thinking about capturing data, right? And this is going to be snapshots in time, but you have to start somewhere. Start capturing some data. Because the way that these things work is you want to have metrics to see if you're delivering something of value.
I always say that metrics cannot be more mature than the program it's measuring. So you need to start somewhere. So I would start with that transactional snapshot. And then as you collect that, you can start looking at trends. And then as your data governance, data management capabilities mature, then you can actually start measuring outcomes. And that's where you want to eventually be, because it's those outcomes that you're going to communicate to leadership.
What success looks like for a data governance program, or really any program, a customer loyalty program, in my mind what success is, your metric is communicated to leaders and they look at it periodically as part of a steering team type scorecard, report card, whatever you want to call it. That is influencing the direction of the company. So I would say if you're just starting in this journey, one of the things that you can really do to head in the right direction is spend some time thinking about specifically your data model. That's something that a lot of people don't necessarily spend too much time on, and specifically the data model around your customer, because that's going to tell you what are the important attributes of a quote unquote customer.
Really what you're trying to do at the end of the day is you need to be able to uniquely identify that customer, because if you're not able to do that, you won't be able to offer a personalized experience and you won't be able to offer personalized rewards that actually increase that loyalty and establish that emotional connection. So a little bit of time spent doing that and thinking about that. If and when you decide to do that, you'll have to bring together a bunch of different people, probably, who manage different systems that may feed that model. And a word of advice is if you try to bring those people to the table, and they're not willing to sit down and have a discussion with you around this, then they should not be part of your program, because it will not work. And you'll save yourself a lot of time focusing on the people who actually want to contribute to that discussion.
Who understand that there's perhaps a right way and a wrong way. Right? This is a reality that's not going away and it needs to be understood and respected.
Great. Well, I guess one of the things you mentioned earlier in the discussion was having an assessment, and understanding maybe where your company is today and where it could go, and I think that's something you guys do, right?
Yeah, that's right. So I lead the data governance practice at Blueprint. And one of the services that we offer is assessing your maturity. We have a methodology for very quickly assessing where you are, specifically thinking about all of those components that I described before for your operating model. Then we can assess it and we can quickly build up recommendations for a future state, and then create a prioritized roadmap so that you really start focusing on the areas that are going to get you speed to value. What I like to do is I really believe in incrementally delivering value, and where I see a lot of challenges from data governance come is when people create very big, heavy programs and they don't get the momentum they need. And really they're not able to empower their users, empower their business to do things, and they don't get support.
I like to see data governance as an enabler, really delivering things of value to the business. So I like to find problems that the business is trying to solve and then come to that problem with data management, data risk management, and working up solutions to that problem using small projects and then building on that success. So what I would say is I have this practice, and in the course of my practice what I try to do is develop patterns for data governance and data management, and then make it easier for people to take those patterns and apply them to their platforms. And that's really what I think is the recipe for success on these things.
I really like that. It's obviously very different, but from a loyalty perspective, we always say more of the crawl, walk, run approach, or you just KISS, keep it simple, you can always build on it. There's layers, you can do more, but don't go boil the ocean right away. Certainly isn't going to get you where you need to be. So it sounds like if they're doing that, if they're taking those steps with loyalty, they can be doing that with data governance, and it goes really well hand in hand if I'm understanding correctly.
Yeah, no, that's right. I mean, the challenge is pick the lightest weight governance model that will work. I think part of the challenge is data governance means so many different things to different people. It's easy to say choose the lightest weight, but if you don't really have a sense of all the different complexity, it's hard to really make the right choice, I would say.
Well, great. Well thank you for that. So how do people get a hold of you if they want to?
Yeah, the easiest way is LinkedIn. You can look up Mark Milone, you can also reach me at Blueprint. It's email@example.com. And yeah, feel free to reach out. I don't know, maybe we could provide my contact info as part of the material.
Yeah, definitely. We'll make sure people know how to get a hold of you. Like I said, when we started, this is a really, really important topic and I don't think we dig deep enough into it. So I think this is going to be helpful for lots and lots of people. So thank you so much for your time. I enjoyed this very, very much.
Great. Thank you very much for the opportunity, Erin and Tracy, I really appreciate it. And definitely look forward to talking with you again sometime.
Thank you so much.
SVP of Growth, Annex Cloud
Director of Data Strategy
For more than 10 years, Annex Cloud has been the worldwide leader in technology and service solutions that transform customer loyalty experiences for organizations, extending valued customer engagements, ultimately making beloved brands. Powered by the modular, comprehensive and scalable Loyalty Experience Platform™ solution suite, Annex Cloud customers capture and use zero- and first-party data to seamlessly deliver value-based individualized experiences across the entire customer journey—from awareness to purchase to retention, loyalty, and advocacy. This one-to-one engagement helps enterprises accelerate growth by increasing average order value, repeat purchase frequency, and customer lifetime value. Annex Cloud is recognized by respected industry analysts and integrates with more than 100 market-leading technologies to seamlessly integrate loyalty across the tech stack.
Blueprint connects strategy, cutting-edge technology solutions, and services at scale to help companies plan smarter, act faster and drives exceptional, scalable, and repeatable results while increasing flexibility and agility. Specialties include facilitated innovation, enterprise architecture, go-to-market strategy, customer experience strategy, supply chain optimization and organizations change management, governance, data migration, application development, cloud and infrastructure, data science and analytics, and more.
To learn more about Blueprint Technologies, visit https://bpcs.com/