Privacy and value in robust data governance framework
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
There’s a phrase I hear tossed around a lot in conversations about data, particularly from the upper echelons of organisations: “exploitation and utilisation.” On the surface, it seems harmless enough. After all, businesses have always sought to make the most of their resources, right? But as someone who has spent years working in data protection, I can’t help but feel a certain unease when I hear these terms being used interchangeably, or worse, without any real consideration for their long-term implications.
Exploitation. It’s a word that carries weight, and not in a good way. It implies a kind of one-way, extractive relationship—something that doesn’t sit right when we’re talking about personal or sensitive data. When businesses talk about “exploiting” data, it often reflects an ideology that places short-term gain above everything else: above privacy, above trust, and above the long-term health of an organisation. The risk is that it can lead to actions driven by profit, at the expense of the individual, and that’s a dangerous path to walk.
Utilisation, on the other hand, sounds a bit more benign. We all want to use our resources effectively, don’t we? But the problem is that the language we use can shape the mindset we adopt. When we talk about utilising data, it’s easy to forget that we’re dealing with people’s lives, their identities, their behaviours — data is, after all, a reflection of who we are. And when the approach is one of mere “utilisation,” it can all too easily lead to thinking of that data as a commodity, to be processed and used with little regard for the consequences.
Now, I’m not saying that businesses shouldn’t make use of the data they collect. Far from it. As a consultant, I work with companies every day, helping them navigate the labyrinth of data protection regulations and encouraging them to leverage data in ways that benefit both the organisation and the individuals whose information they hold. But here’s the thing: it’s not just about “using” the data — it’s about doing so in a responsible, ethical, and transparent manner. That’s the key distinction, and it’s where so many get it wrong.
As consultants, we have a responsibility to steer organisations away from this exploitative mindset and towards one of more thoughtful, sustainable utilisation. Data should never be viewed solely as a tool for extracting profit; it’s a powerful resource that, when managed properly, can drive innovation, create personalised experiences, and enable organisations to truly understand the people they serve. But in order to get to that place, you need a clear understanding of governance.
And that’s where things get tricky. Utilisation without governance is like sailing a ship without a rudder. It’s easy to get off course, and before you know it, you’re in murky waters, dealing with compliance issues, breaches of trust, or worse. Governance isn’t just about ticking boxes for regulatory compliance; it’s about building a culture of responsibility from the top down. It’s about creating systems, processes, and controls that ensure data is handled properly — at every stage of its lifecycle. That means giving individuals the control over their own information, making sure their consent is obtained, and most importantly, ensuring that their data is used only for the purposes they’ve agreed to.
When I consult for a company, the first thing I do is look at how they approach governance. Do they have clear policies and procedures in place? Are these communicated effectively to all stakeholders, from the boardroom to the operational teams? Are they constantly reviewing and updating these policies to stay ahead of new regulations and threats? The effectiveness of governance in any data-driven initiative determines how far you can push the envelope in terms of utilisation without crossing into exploitation.
This is why it’s critical to shift the conversation away from exploitation and towards responsible utilisation. Yes, businesses can benefit from data, but it’s imperative that they do so in ways that align with ethical principles and legal requirements. When the framework is built on strong governance, that’s when data can truly be leveraged for good. When the board is aligned on this ethos, when data handlers understand their responsibilities, and when the people whose data is being used can trust that their rights are being respected, then you have something worth building on.
I’ve seen it too many times where organisations fail to prioritise this balance, driven more by the need to push the boundaries of data use rather than considering the deeper, long-term consequences. It’s a slippery slope, and once you start down it, it’s hard to reverse course without significant damage to your reputation and trustworthiness.
In the end, it’s not about exploitation or utilisation — it’s about stewardship. We are stewards of the data people have entrusted us with, and that stewardship requires discipline, responsibility, and, above all, respect. Without that, all the data in the world won’t matter in the long run.
business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com