Implementing Data Governance & Privacy Programs to Correct Audit Violations

Customer Story - Data Governance Implementation

Recent changes to data privacy regulations resulted in the client needing to establish a Data Governance & Privacy Program and reevaluate their collection and storage strategy regarding customer personal identifiable information (PII). Within a limited time frame, the client needed to meet and exceed regulatory requirements, requiring a comprehensive data discovery effort, business process modification, and elimination or safeguarding of years of accumulated customer data.

Call for Help: 

• External resources were needed to establish a Data Governance Program, transforming how the client handled and stored customer PII due to the client’s capacity gap.
• The task at hand would include mapping the journey of customer PII through various systems, modifying numerous business processes that handled PII, eliminating redundant or unnecessary PII, and safeguarding the remaining PII. Successful implementation would avoid potential financial penalties and limit the client’s exposure to risk.

Farwell Advisor Support: 

• The FarWell advisor acted as the Project and Program Manager, working with key stakeholders to develop a delivery roadmap tying together multiple cross-disciplinary projects into a cohesive, yet easy to digest plan.
• The roadmap and associated messaging served as an integral communication tool which was used to build a common operating picture for employees and executives alike.
• The FarWell advisor constructed detailed timelines, communicated project status across the organization, and managed the work of multiple teams concurrently.

Results:

Successful implementation ensured the client maintained compliance with financial regulations, avoiding potential penalties associated with non-compliance.

• The client gained a better situational awareness of the journey and storage of customer PII through various systems.
• Modified 25 front-end business and back-end processes to minimize the inflow of sensitive customer data and deleted or encrypted/masked millions of sensitive customer records.