2018 board OCT / NOV
roomMagazine of the Institute of Directors in New Zealand
THE DATA ISSUE Frances Valintine talks about how to keep up in a changing world
BOARDROOM A World of Data
Big data, data governance, artificial intelligence, analytics, data privacy, new legislation and international regulations – there’s a lot to get your head around. The Institute of Directors (IoD) is here to help with A World of Data, our final What Matters theme for 2018. We’ve arranged a series of events, courses and publications to help you get to grips with what you need to know.
Branch events We’re hosting branch events around the country on topics ranging from the dark web to data governance and cyber security. Check out our DIGITAL events page in BoardRoom or iod.org.nz for full details of what’s on offer. SUITCASE Podcast Special Offer PRIVACY COMMISSIONER JOHN EDWARDS has joined us for Stay ahead in an ever- a podcast, delving into the privacy issues you need to be aware of. evolving world and become tech-wise, Webcast computer competent A WORLD OF DATA PANEL with panellists Ben Kepes, Joanna Perry and digitally savvy with and Sam Knowles, facilitated by IoD Chief Executive Kirsten Patterson a 50 per cent discount (2 CPD points) rate on the $29.95 annual 14 November | 5.30pm – 7.30pm fee for Tech Futures Lab’s Digital Suitcase. Webinars The offer is available DATA PRIVACY with Richard Wells, Partner – Corporate and Commercial, to the first 1000 IoD MinterEllisonRuddWatts (2 CPD points) members who sign up. 22 November | 10.30am – 11.30am Members will need to DATA GOVERNANCE with Alison Holt (2 CPD points) enter the code pbId9XzK 14 December | 10.30am – 11.30am when they sign up to a monthly plan. More Webinars cost $200 inc GST for members, $245 inc GST for non-members. details on the IoD website. Publications Resources include this themed edition of BoardRoom and upcoming publications from our Governance Leadership Centre, including a guide on Reporting cybersecurity to boards, with sample dashboards.
For more information about A World of Data events and resources, go to iod.org.nz/what-matters CONTENTS
A note from the editor The Agenda This issue we explore our final What OCTOBER / NOVEMBER 2018 Matters theme for 2018, A World of Data. We look at data governance, INSIDE IoD big data, open data, data governance, privacy issues, artificial intelligence, BoardRoom details cyber security and the dark web. 01 Futurist Frances Valintine offers her CEO letter views on what the future of work might 02 look like, and says future-proofing your 03 UpFront career might be a matter of taking sabbaticals every few years to upskill 03 DirectorVacancies and keep current. 11 Looking after the huge amounts 28 GLC Update of data your organisation collects is a growing challenge for directors. 43 Out and About Dame Diane Robertson, from the Data FRANCES VALINTINE / Futures Partnership, talks about what How to future proof 47 Events directors need to be thinking about your career in the in terms of data governance. technological age FEATURES Safeguarding the privacy of your staff, shareholders and other stakeholders 07 Dame Diane Robertson is another responsibility. Privacy explains the importance Commissioner John Edwards talks of data governance through the main proposed changes in the 21 Privacy Bill, and says the new legislation 09 Treasuring Māori data could herald a sea-change in the business world, in much the same way the health 11 Futurist Frances Valintine and safety reforms did. talks the future We also delve into the murky world of the dark web. If your website or system 21 Sam: The virtual politician is hacked, chances are this is where your data will end up. 25 Privacy Commissioner The underlying message from all John Edwards talks about pending legislative changes of the people we’ve spoken to this issue SAM THE VIRTUAL is to be alert, but not alarmed by the POLITICIAN / 31 Getting tangled in the changes that technology has brought Would you vote dark web and will continue to bring. Don’t fear for an AI politician? the changes, but embrace them and all GNDI report the opportunities that come with them. 35 38 Treating data with respect Kate Geenty BoardRoom editor 31 41 Opening up to big data
FROM OUR PARTNERS 15 Cyber risk: What’s new on the hacker menu today? / Marsh 17 Providing data-driven services for digital THE DARK WEB / transformation / KPMG BoardRoom is the magazine The thriving of the Institute of Directors underground 19 Data and governance / in New Zealand iod.org.nz economy MinterEllisonRuddWatts
October/November 2018 BOARDROOM BOARDROOM DETAILS
boardroom SENIOR LEADERSHIP TEAM BOARDROOM IS PLEASED Chief Executive Officer TO ACKNOWLEDGE THE SUPPORT OF Kirsten Patterson BoardRoom is published six times NATIONAL PARTNERS a year by the Institute of Directors General Manager, Members in New Zealand (IoD) and is free Nikki Franklin to all members. Subscription for General Manager, Governance asb.co.nz Leadership Centre 0800 803 804 non-members is $155 per year. Felicity Caird
BoardRoom is designed to inform General Manager, Corporate Services marsh.co.nz and stimulate discussion in the Chris Fox 0800 627 744 director community, but opinions expressed do not reflect IoD General Manager, Brand, Marketing and Communications policy unless explicitly stated. Sophi Rose NATIONAL SPONSORS
Delivery Manager Robbie McDougall aurainfosec.com EDITOR Manager, Professional 04 894 3755 Kate Geenty Development +64 4 470 2647 Paul Gardner [email protected]
Please contact the editor for any advertising queries. COUNCIL 2017/18 kpmg.co.nz Liz Coutts – President 09 367 5800 Alan Isaac – Vice President INSTITUTE OF DIRECTORS IN NEW ZEALAND (INC) Dr Helen Anderson – Wellington Mezzanine Floor, 50 Customhouse Quay Des Hammond – Bay of Plenty PO Box 25253, Wellington 6146 Julia Hoare – Auckland New Zealand Jackie Lloyd – Wellington minterellison.co.nz Tel: 04 499 0076 Simon Lockwood – Waikato 09 353 9700 Fax: 04 499 9488 Vincent Pooch – Canterbury [email protected] Geoff Thomas – Otago Southland iod.org.nz Clayton Wakefield – Auckland Sarah-Jane Weir – Nelson The Institute of Directors has staff based at the Marlborough National Office in Wellington, an office in Auckland PRODUCTION NOTES and eight branches. For National Office, phone Every effort has been made 04 499 0076. COMMERCIAL BOARD to guarantee the pages of this magazine are sustainably Kirsten Patterson, Chair; sourced and produced using Liz Coutts, Alan Isaac, paper that meets the environmental BOARDROOM IS PROUDLY DESIGNED BY Dr Alison Harrison standards shown below.
BRANCH MANAGERS eightyone.co.nz For a full list of branch managers, 04 894 1856 see page 48.
When you have finished with this magazine, please recycle.
1 October/November 2018 BOARDROOM CEO LETTER
working in the factories. Health and safety markets. The digital environment is and the ‘duty of care’ to workers wasn’t creating a global playing field where this established in common law until 1837. disruption can move between borders Far too late for the thousands of children easily, threatening established business Human rights and other workers killed, maimed, or models. suffering from occupational diseases. Interestingly, the arguments against and business Although the challenges of the fourth increased regulation of the revolution have industrial revolution are not life or death, also changed little in almost 200 years. during times our regulators are similarly struggling In 1844 Lord Shaftesbury spoke in the UK to keep ahead of business use and the House of Commons in support of limiting of industrial impact on the protection of individuals, children’s maximum working hours to 10 whether it’s cryptocurrencies, ethics per day. He commented that with all that revolution in AI, geonome editing, or even the had been written and said on the subject, human right to privacy. he could discover no more than four As Klaus Schwab, Founder and arguments urged by opponents against Executive Chairman, World Economic the measure: Forum has expressed: “We must develop a comprehensive and globally shared 1. That the passing of a 10 hours’ bill view of how technology is affecting our would cause a diminution of produce. lives and reshaping our economic, social, cultural, and human environments. There 2. That there would take place a has never been a time of greater promise, reduction, in the same proportion, of the value of the fixed capital KIRSTEN PATTERSON or greater peril.” CEO, INSTITUTE OF DIRECTORS ‘Data is the new oil’ is one of the employed in the trade. new mantras, but just as the oil of 3. That a diminution of wages would Lost track of which industrial revolution yesterday was found to have impacts ensue, to the great injury of the we are up to? According to the World on the environment requiring protection, workmen. Economic Forum it’s the fourth. They the data of today is linked to people define the fourth industrial revolution and to communities. 4. A rise of price, and consequent as building on the digital revolution, Article 12 of the United Nations peril of foreign competition. representing new ways in which Universal Declaration of Human Rights technology becomes embedded within adopted in 1948 makes interesting Business has always been the early societies and even the human body. reading in today’s social media world: adopter of technology and the early Every industrial revolution has “No one shall be subjected to arbitrary guardian of its use and impact. Just significantly impacted on our communities interference with his privacy, family, home as health and safety is now a core and changed the face of work and or correspondence, nor to attacks upon governance responsibility, data and labour. Each shift has had global impacts his honour and reputation. Everyone privacy are our governance challenges on capital allocation and economic has the right to the protection of the law of today. prosperity. Worryingly, however, another against such interference or attacks.” The 2018 Edelman Trust Barometer theme from each revolution is how our The results from our Director asked consumers what they felt was systems and regulators have struggled Sentiment Survey at the end of 2017 the top trust-building mandate for to keep up with abuse and/or unintended was that data governance and the use business – the answer may surprise you: consequences. of data analytics to drive performance The expectation that you will protect At first glance the links between and strategic opportunities had only been my privacy and keep my data safe. the first industrial revolution and the discussed by 50 per cent of boards in We’ve all heard about Cambridge challenges of today seem tenuous. the past 12 months. Early analysis from Analytica and the approximately US$40 However, looking back at the first the 2018 survey shows this has lifted billion impact on Facebook value over industrial revolution and the move to to 56 per cent. data privacy concerns. Maybe we factories and machines, there are some The world is in a period of exponential shouldn’t be surprised about the salient lessons we would do well to change. It will require directors who Edelman results after all. heed in today’s era of digital and data engage in innovative thinking, agility – Although he was paraphrasing others, disruption. and sound risk management. It will require Winston Churchill perhaps summarised it Although the first industrial revolution leaders who are visionary, who can look best – “Those that fail to learn from history began in 1760, it wasn’t until 1802 that to the developments that are occurring are doomed to repeat it.” legislation was first introduced to address overseas and translate them back to their child labour conditions and health and meaning back home. Kirsten (KP) safety requirements. It wasn’t until 1833 New Zealand faces the challenge that legislation was passed prohibiting of being a small and relatively isolated children under the age of nine from economy that is dependent on global
2 October/November 2018 BOARDROOM UPFRONT UpFront
Director Vacancies APPOINTMENTS DirectorVacancies is a cost-effective way to reach our extensive membership pool of director talent. We will list your vacancy until Barbara Chapman the application deadline closes or until you find a suitable candidate. Chartered Member, has been appointed Contact us on 0800 846 369. Chair of Genesis Energy. She has also been appointed to the Reserve Bank Unless otherwise stated, the following positions will remain open until filled. Review Panel.
NORTHERN DISTRICTS CRICKET THINK CONCEPTS LTD Role: Directors (3) Role: Board Member/Director Hon. Chester Borrows, QSO Location: Hamilton Location: Auckland Member, has been appointed Deputy Closing date: 26 October Chair of the Veterans’ Advisory Board. HELENSVILLE DISTRICT HABITAT FOR HUMANITY HEALTH TRUST (CHRISTCHURCH) LTD Role: Chairperson and Trustees Stuart McLauchlan Role: Director Location: Parakai Chartered Fellow, has been appointed Location: Christchurch Closing date: 12 November to the board of Argosy Property. Closing date: 26 October THE ORPHEUS CHOIR ARTSPACE AOTEAROA TRUST NZ OF WELLINGTON Belinda Moffat Role: Trustees Role: Board Member Member, has been appointed Location: Auckland Location: Wellington to the Reserve Bank Review Panel. Closing date: 18 November SPORT NORTHLAND Role: Centrally-held list KARORI COMMUNITY CENTRE Karen Price of Directors/Director pool Role: Board members (3) Chartered Member, has been appointed Location: Northland Location: Wellington to the board of Aqualinc Research, via the Closing date: 25 November IoD’s DirectorSearch appointment service.
The smarter solution for better board management. Affordable and easy-to-use software to help SMEs and NFPs streamline their board processes.
Get organised Save time Reduce hassle
Visit www.boardprohub.com to learn more.
3 October/November 2018 BOARDROOM UPFRONT UpFront
Lyn Provost, CNZM PRIVACY RESOURCES IoD BY THE NUMBERS: Member, has been appointed (As at 31 August 2018): to the Education New Zealand board. The Privacy Commission has a range of resources to help you get your head around your privacy responsibilities. Glen Scanlon This includes 30 minute online courses, 8,908 Has been appointed as a Future Director an Ask Us database of everyday Members on the Zealandia board, as part of the privacy questions, as well as a live IoD’s Future Directors programme. chat tool and online enquiries button on its website. The Commission also awards the Privacy Trust Mark, 1,310 Teresa Steele-Rika which recognises privacy excellence Chartered Members Has been appointed as a Future Director of particular products and services. and Chartered Fellows on the board of Scales Corporation, For more information on the Privacy as part of the IoD’s Future Directors Commission’s resources, visit its programme. website privacy.org.nz. To read an interview with Privacy Commissioner 117 John Edwards, turn to page 25. Members passed Sally Webb, ONZM the Chartered Members Member, has been appointed Chair Assessment between of the Waikato District Health Board. PONDER THIS: January and August 2018
The number of devices connected Adrienne Young-Cooper to the internet is set to rise to Percentage of new Chartered Fellow, has been appointed an estimated 100 billion by 2030, members in 2018 Chair of Auckland Council’s urban up from 8 billion today. redevelopment agency, Panuku % % Development Auckland. Source: The Data Privacy Puzzle by Cornerstone Capital Group and the Investor 39 61 Research Responsibility Centre Institute Female Male
4 October/November 2018 BOARDROOM Level One, Press Hall 80 Willis St Wellington 6011, New Zealand +64 (0)4 894 1856 [email protected]
Client IoD
Contact Andrea Coulston
Project Board Services Collateral
Execution Boardroom Full Page Ad
Artwork Size 210 x 275mm
Scale 100%
Output Size 210 x 275mm
Date 19 June 2018
Studio Carlos
Notes BoardServices CMYK Practical, professional services and advice to help your board.
Call 0800 846 369 iod.org.nz/BoardServices [email protected]
IOD0059 BoardServices BR Full Ad 210x275 FA3.indd 1 19/06/18 5:32 PM UPFRONT
DIVERSE THINKING Measuring diverse thinking IOD SENTIMENT SURVEY IN THE BOARDROOM “The complexities of leveraging and getting the best out of diverse thinking The IoD’s annual Director Sentiment The Superdiversity Centre released is a growing area of interest in board Survey will be released in November. Diverse Thinking Capability Audit in reviews. While there is research Thank you to everyone who took part. New Zealand Boardrooms 2018 in August. supporting the difference diversity In the meantime, if you’re interested More than 60 of New Zealand’s top chairs, makes, we need to start discussing in seeing what global directors are directors and governance professionals what ‘difference’ to performance means thinking about governance issues, take shared their insights for the report, and how we measure it. Is it just short- a look at the results of the inaugural including IoD President Liz Coutts and term share price or are we measuring GNDI (Global Network of Director IoD Chief Executive Kirsten Patterson innovation and long-term value creation?” Institutes) Global Director Survey (KP). Here are some of KP’s key quotes on page 35. from the report: Critical mass of diverse thinkers “There needs to be a critical mass Creating an inclusive culture on boards of diverse directors to be influential, Q: Organisations and people who “Creating an inclusive culture is key as even senior directors find it hard have experienced a cyberattack and there is much work to be done. to challenge and to have their can report it to which government The first step for getting diverse thinking voices heard.” body? on boards is to create an inclusive culture. But attention has instead gone A. Department of Internal Affairs to Step 3 (board composition) and Step B. CERT NZ 4 (appointing diverse talent), or debates C. NZ Cybersecurity Inc. on Step 5 (targets). To get the real and D. Ministry of Justice significant value from diversity, we need to ensure we don’t skip Step 1.” B. CERT NZ (Computer Emergency Response Team)
Leadership SafePlus - a voluntary, health and
Worker Engagement safety performance improvement toolkit for businesses. Risk Management SafePlus helps lift the performance of workplace health and safety in New Zealand businesses. It can be used to assess how well a business is performing against good practice health and safety requirements and provide tailored guidance and advice on how and where to improve.
The SafePlus toolkit is available in three initiatives. Choose the one that works best for your business, or use them all: • Free Resources and Guidance. • Market-delivered Onsite Assessment and Advisory Service • Free Online Self-Assessment Tool.
The benefits of SafePlus include: • Tailored guidance and advice • Increased business confidence • Improved productivity • Better risk management • Independent and qualified view of current performance • Reputational and employer of choice gains.
Visit our website to find out how SafePlus can help guide and support your business, and about our SafePlus Accredited Assessors.
www.safeplus.nz
6 October/November 2018 BOARDROOM FEATURE
The importance of data governance
ata governance should be DETERMINING DATA STRATEGY a fundamental part of directors’ skill sets, says Dame Diane The push for strong data governance Robertson, Chair of the Data is coming from a variety of sources: DFutures Partnership, an independent commercial and regulatory pressures, ministerial advisory group which was rapidly changing technology and set up in 2015. a decline in trust from stakeholders. These pressures mean that boards can’t DATA GOVERNANCE afford to just tack data governance onto VS DATA MANAGEMENT the end of their to-do list; it needs to be prioritised, says Dame Diane. “More and Some boards confuse data governance more so, data is the biggest asset that with data management, says Dame Diane. we’ve got, so we shouldn’t be seeing this “I refer to governance of data rather as an extra on top of everything else. than data governance. I think we need We should be seeing it as everything.” to make that shift. Every time I hear When a board starts thinking about the Dame Diane Robertson data governance I hear security, safety, governance of data, Dame Diane says they development of databases, technology, need to take their organisation’s values Businesses have access to an ever- all of those sorts of things; I don’t hear and strategy as a starting point, and tailor increasing array of information how we are managing the data itself and a data strategy that best serves these. about staff, customers and other I don’t hear what we’re going to do with “When you’re determining a strategy for stakeholders. The responsibility the data.” your organisation, it won’t be the same of overseeing a strategy to look after, She prefers to use the term data as someone else’s organisation. One of and best utilise, that data lies with management for the things management the things that boards need to do is think the board. should be looking after, and data about data in relation to their purpose governance for the things boards are and values. That is the starting point and responsible for. So, the governance it will be different for every organisation.” of data refers to the oversight that boards provide over their management’s stewardship of data.
7 October/November 2018 BOARDROOM FEATURE
One of the things that Dame Diane says a rethink on how What questions do directors organisations are already using data is need to be asking? boards need to do also necessary. Sometimes companies is think about data are giving away data without thinking A KPMG report Board’s eye view of about it. “Every board I know has really data and analytics, released last year, in relation to their good policies around privacy and HR, says boards and audit committees but then you ask ‘do you sell your need to have a holistic view of their purpose and values. HR data?’ and they go ‘no, we wouldn’t organisation’s strategy around data That is the starting do that’. So then you ask ‘well do you and analytics – specifically what data participate in salary surveys?’ and yes is collected, how it is used and who point and it will be they do. So they don’t sell their data, oversees that effort. The report they just give it away.” outlined some key questions for different for every directors to consider around data organisation. CONSIDER BOARD and analytics: COMPOSITION How is the data being collected Once you’ve designed a data governance Directors’ responsibilities are to and organised within the company strategy that fits the overall purpose maximise the value, manage the risk and who is involved? Ultimately and goals of your organisation, then she and oversee what is happening in their who is responsible? says it’s a matter of applying standard organisation. Boards need to reflect governance practices of oversight, a mixture of skills and expertise that Can the data be trusted? How monitoring performance, holding will enable them to provide a strategic is the quality and integrity of the management to account, and ensuring oversight of their organisation. data assessed? compliance. In some cases, it might mean Does the company have a data rethinking the make-up of your board. ethics policy to protect the brand A NEW MIND SET “For some organisations it might be reputation and reduce legal risk? about bringing someone onto the board Dame Diane says many of the directors who is an ethicist around data, it may Does the company have the right and executives the Data Futures be someone who has data governance talent, skills and resources required Partnership has spoken to over the past skills to enhance that in the board to implement/manage its data and couple of years had never thought about itself. In the same way as you bring analytics activities? data governance before. “But I don’t on expert finance people and legal think it’s a sin of omission. It’s a step people,” says Dame Diane. Has the company scoped out up to thinking in a different way.” the near-term and longer-term She says boards are very focused on opportunities for its use of data skills like finance, health and safety and and analytics, including financial reporting and predictive analytics? infrastructure. “This is something new Data Governance Strategy for directors to get their heads around.” Are current and future business However, it’s not something she thinks challenges being effectively aligned needs to become a hugely complicated with the right data and technology compliance issue. “The majority of Apply standard solutions? organisations we speak to have really 01 governance good oversight of their data and they practices of Has management assessed the data have good controls and policies in place. oversight infrastructure and the data available We’re not saying you suddenly have to to drive the digital strategy? Who do a whole bunch of other things. We’re is accountable for data decisions saying you need to be providing the 02 Monitor and the associated risks? oversight for this.” performance Has management assessed Boards deal in data all of the time, the ability of the IT infrastructure they just may not consider what they’re to support these advanced dealing with as data. “If you change the technologies? word data to information, it’s a different 03 Management way of thinking,” Dame Diane says. accountability What is the current workforce’s “They don’t bring the money to the board skill set? Where does it need to be? meeting. They don’t bring the buildings to the board meeting. They bring the Has an appropriate governance information around it. That’s what a Ensuring structure been put in place, including board’s major role is, to deal with the 04 compliance the board and its committees, to information around an organisation.” manage such innovation and change?
8 October/November 2018 BOARDROOM FEATURE
Treating data as a treasure Māori data governance
Māori data is a taonga that needs Every piece of data connects to people connected to data. “There could to be considered through the lens and therefore it has importance. Another be a whole lot of data that creates of the Treaty of Waitangi, says is a more practical interpretation where opportunities for us which we want some Māui Hudson, associate professor taonga relate to those sets of sensitive sort of management or control around.” at the University of Waikato, data that require active management.” Another way data can be viewed as and part of the working group In terms of determining what kind a taonga is its utility. “If it’s data that can for Te Mana Raraunga, the Māori of data is likely to be viewed as taonga, be used in a whole variety of different Data Sovereignty Network. he uses a forest analogy. “All parts of ways we’ve probably got more interest a forest are important in their own way, in understanding what those pathways In terms of thinking around data but within that environment there are might be and whether or not we need sovereignty, it’s about exploring really special things. So there will always what are the rights and interests be particular types of information which in relation to data that’s collected groups might feel more connected “from Māori, about Māori, or the resources to and sensitive about.” that Māori have interests in,” Hudson says. Hudson is hoping to collaborate Three characteristics can be associated with data science and management with taonga datasets: researchers to explore ways to value Māori data within organisations. “It will be very provenance exploratory in many ways, but it will start moving the discussion from conceptual opportunity talk around rights and interests into utility discussions about governance issues and operational decisions.” Some datasets are significant because He thinks there will be a time when of where they come from, ‘whakapapa organisations and their boards will need or cultural knowledge’. Other datasets cultural experts to advise them on how are important because of the opportunities Māui Hudson to handle their data. “As organisations grapple with the issues around protecting data and extracting value from data, particularly in New Zealand, they will be TAONGA DATASETS CAN BE ASSOCIATED increasingly subject to challenges about WITH THESE THREE CHARACTERISTICS: doing it in a culturally appropriate way and doing it with integrity. That may require some specialist advice or skills to support that coming about.” DATA AS A TAONGA Provenance Opportunity Utility Hudson says data can be looked at as a taonga – meaning it’s protected under the Treaty of Waitangi. Taonga can be thought about in a number of different ways. “One is at a philosophical level.
9 October/November 2018 BOARDROOM FEATURE
to manage those. If it’s something that’s the nature of their relationships and HOW DATA IS USED only got one particular purpose then what they can do, That’s a different you’ll be less likely to be worried that sort of thing because it’s not thinking Data is being used as the basis of all it might be used in ways you don’t about individuals and the responsibility sorts of decisions, many with far-reaching agree with.” towards individuals – which tends to be consequences, meaning it’s important characterised as consent – but it’s about that Māori are consulted and represented. SOCIAL LICENCE the group and what can you do on behalf “Certainly in the government space, of the group? Have you got some sort of we’re really aware that data is increasingly The government and corporate boards permission or authority from that group being used to make decisions about are already having conversations about to do things with their collective data?” where resources are allocated. So the their social licence around data use. “I see “This is where we see it playing out quality of the data will relate to the quality social licence as being part of the social differently because you’re not necessarily of the decision making. If the data isn’t contract that the government has with talking to the individual members being collected in a way that represents its citizens about the things it can do on of the group, but you’re talking to the Māori world views they are unlikely to their behalf,” says Hudson. “Data linkage, people with authority. This is where the make great decisions that support Māori data sharing, the open data space, have governance part starts to have more aspirations,” Hudson says. all started to move people’s ideas around of a bearing on the conversation. Māori what data can be used for.” data sovereignty is really the conversation THE RATE OF CHANGE “People’s ideas have shifted from data about the rights and interests, but these rights and interests get operationalised Conversations around Māori data through Māori data governance.” governance are already happening Every piece of data He says deciding who needs to be part at a government level and throughout of the conversations around governance government agencies. “I can see it connects to people and sovereignty will depend on what sort already within the government space, and therefore it of group you’re working with. “So in an partly because of their responsibilities iwi setting the conversation will be with to citizens and the Treaty, agencies has importance. iwi leadership, but there could be other are having to address the issue of kinds of groupings or collectives that Māori data sovereignty and Māori data being collected for one purpose and might have interests in how information governance. It’s all caught up in their only being used for that purpose. Those is being used, particularly when it’s talking trust and accountability and their role kinds of boundaries are breaking down about them.” as the government.” and as data shifts into use in other places He admits that one of the challenging He says thinking about data from you’ve got to renegotiate the nature things about having conversations around a Treaty point of view is much more of the contract and it’s important that Māori data sovereignty is that in many challenging at a corporate level than Māori are a part of those conversations,” cases data is not an exclusive relationship, at a government level, but that eventually Hudson says. it might belong to several different people it will flow through to the corporate or it might be intellectual property. “In this world. “With other [non-government] CULTURAL LICENCE space we’re dealing with data that other groups it’s probably going to depend people are holding and you’re talking on the nature of the relationship they Hudson says the concept of a social to them about appropriate use. This is need to have with Māori or iwi groups licence covers how individuals feel about why it comes back to governance, it’s to deliver their businesses and the types an issue, whereas when looking at it about data access, it’s about the protocols of information that they are working with. from a Māori perspective, a collective and principles around boundaries that In the future Māori Data Sovereignty view or cultural licence also needs to get put in place around what sorts of is likely to become a strand of corporate be considered. “It’s the contract that things it can be used for.” social responsibility.” exists between the Crown and iwi around
10 October/November 2018 BOARDROOM FEATURE
Are you a Samurai or a Ninja?
Exponential changes in technology are transforming the business world and the way we work. Artificial intelligence, big data, open data, virtual reality – everything is now underpinned by technology, and keeping up with constant advances is a huge challenge. Many of us can’t begin to fathom what the future will look like even two years down the track.
What we imagine is that business It’s not that these startups are deliberately know the business and can come in is still linear, because most of trying to be invisible, it’s just the way they and advise. Having a consultant pop our lives have been lived within operate. They come in, and they’re fast in for a one-hour overview is not going linear frameworks. That meant we and responsive.” to change the culture or the expectations “could sort of predict what would happen As the world innovates and changes of a board to make some big, bold or next year, because it was likely to be an at break-neck speed, the ability to risky moves.” incremental advance on last year – no real pivot when situations change and to Hearing a range of opinions and gear-change needed. That doesn’t really recognise when you need new knowledge advice is important, so she doesn’t think apply any more,” says futurist Frances and different forms of experience is a having one tech expert on or advising Valintine CNZM, the Founder and Chair key feature of attaining ‘Ninja’ status. a board is enough; there needs to be a of tech education companies The Mind “Redundant knowledge is hard to replace range of opinions and advice. “For me, it’s Lab and Tech Futures Lab. if you’re not accepting that some of the all about making sure there are enough Valintine thinks the recent drop in choices you’re trading on, some of the people focused digital technologies and business confidence has a lot to do with knowledge you’re utilising, is no longer future impact. It’s a bit like having a token a growing unease about the future and best practice and not contemporary female – one female does not represent the the changes that are afoot. “People can in terms of what is now possible. If you views of all women, and with technology see it, taste it, and feel that something recognise that you have knowledge gaps, it’s the same thing. You need to have is changing, but they can’t quite put their you’ll look for ways to plug that gap, enough skilled people who can drive finger on what to do.” whether that is developing your own skill technology conversations so that people She likens old-school, traditional set or finding other people to plug that really deeply understand the importance corporates to Samurais. “They are gap,” says Valintine. of decisions being made. If one person holding onto the old ways and to well- is holding the conversation, debate will not trodden traditions, and where familiarity THE NEED FOR TECH EXPERTS occur and change will not happen. I think feels safe.” ON BOARDS more and more people are trying to find New companies tend to be more those skillsets for boards, and also raise nimble, positioned from day one to be In order to keep pace with technological the level of understanding within boards agile and responsive to change. “They changes, Valintine would like to see but greater emphasis is still needed.” >> are the Ninjas who come in by stealth. permanent technology advisors on They operate under new business corporate boards. Failing that, she says models and are underpinned by digital boards need to have two or three advisors and incumbents don’t see them coming. regularly attend board meetings. “That way there is consistency, they get to really
11 October/November 2018 BOARDROOM New companies tend to be more nimble, positioned from day one to be agile and responsive to change. They are the Ninjas. Frances Valintine, CNZM FEATURE
BALANCING RISK AND to navigate through this change and from the same person, while the unique THE NEED FOR CHANGE come out transformed in a good way, context and the information would stay and continue with the market that contained within each organisation. Valintine says the legal liabilities directors we see, but also potentially take That’s quite a different situation from face can make taking risky decisions on new opportunities’.” the past where we’ve been able to unattractive. “Boards of directors are hire permanent full-time employees.” highly accountable for the decisions they THE CHANGING WORKFORCE This gig economy is being driven by make… So, for example, you decide to millennial workers, who already make move your whole organisation to become Valintine says there’s a skills gap in up half of the workforce in New Zealand. Agile, like Spark has, there has to be an New Zealand, with a lack of knowledge “This new generation don’t aspire to work acceptance that there are risks. Typically, and experience around these new and in a fulltime permanent position the way boards take the more conservative route, emerging technologies. “There’s so little previous generations did, that’s not part which in today’s fast-moving world is expertise that the people who do know of their DNA. They don’t understand the potentially the riskiest route of all.” it are almost exclusively contractors attraction in that. They want variety, and She thinks people in governance roles because they don’t want to work within as well as paying the bills, they want to need to work out how to balance the need the confines of a single organisation.” work on projects that mean something. to do things differently against the risk This means employers have to get It’s a much more holistic and value-based of implementing changes. “The challenge used to the fact that people working way of looking at what it means to work.” is between realising ‘if we stay as we are for them may also be working with She thinks people who are mid-career our future will look very grim and our their competitors. “That’s the nature are probably the most vulnerable in terms returns to shareholders will diminish and of contracting and we have to get of their future career, as their entire eventually we will be no more’. Or, ‘we comfortable with that. For example, schooling, education and the majority take risks and we tell shareholders that if you’re a bank you have to be of their experience is from pre-digital dividends aren’t going to be pretty for comfortable knowing that Bank A times. “If they’ve come into a senior a little while, but we’re going to be able is getting the same advice as Bank B level and maybe even a governance role,
Perspectives, ideas and innovation that will shape the future
2019 IoD Leadership Conference 2–3 April 2019 What’s Next for Governance SKYCITY, Auckland If you’re in governance or business you’re facing an increasingly complex, fast-moving and exciting future. If you’re keen to look Register now at ahead, test your thinking and connect with those who are www.iod.org.nz/conference grappling with these important and challenging times – join us. Limited super-early-bird The 2019 IoD Leadership Conference will connect you registrations for IoD members are available until 30 November with some of the most innovative thinkers and speakers in 2018. The early-bird rate will governance and leadership from around the world. It’s also then apply. a great opportunity to connect with a broad cross-section Early-bird registration for of New Zealand’s business leaders. non-members is also available.
13 October/November 2018 BOARDROOM FEATURE
they are still trading on the capability they’ve had from those analogue environments. While experience is really One of Valintine’s businesses, important, and networks are really important, we also need to have deep The Mind Lab, is currently understanding of macro-changes and advances to identify what are the big upskilling New Zealand teachers. technologies that are coming in and shaking the ground beneath us.” These teachers are studying digital technology so they can teach it. “If the teaching workforce, who are not financially incentivised to keep HOW TO KEEP UP AND THRIVE learning while they are working, are prepared to step up and give their valuable time to preparing themselves for the future then the business Valintine says, despite the huge changes world need to take note and follow suit. How can you do your job afoot, there is no need to fear the future. without the right knowledge? If teachers can do it, we can all do it.” Instead, there are endless benefits and possibilities created by technological advances, but it takes a real commitment to re-education and upskilling. “Take a few months off every few years 55 to do some professional development in so that you build longevity into your capabilities. So that when you’re on a board and you’re talking about digital 15 transformation, you’re talking about it 1 from a highly informed view. You’ve done teachers in the country have is the average age of case studies, you’ve worked alongside completed a one-year part-time teachers in New Zealand. companies that have gone through programme with her organisation. transformation or have created start-ups so that you really understand what is needed, from a practical standpoint as opposed to saying we’re just going to of learning is that we need adults to let the IT guys or the digital department go back and learn, not just our kids.” figure that one out for us.” In August, Tech Futures Lab launched The idea of taking time out of Digital Suitcase, an online platform that the workforce may be daunting for a teaches adults critical digital knowledge. professional with a mortgage and family (See the inside front cover of this issue obligations, but the payoff will come in for a special Digital Suitcase offer for future-proofing your career. “If you’re IoD members.) sitting in a role where you’ve become accustomed to a certain amount of privilege and a good salary and a great Take a few months lifestyle, to go back to learn can feel like a backwards step… Instead there should off every few years to be nothing but admiration for people do some professional who commit to reskilling. It should be one of those things where people go development so that ‘wow, that’s amazing, you’re taking time out to get your head around the stuff you build longevity that your company can do really well’.” into your capabilities. Source: Russian business leaders with creative To enable and encourage ongoing entrepreneur Qiane Matata-Sipu at The Mind Lab, learning, Valintine thinks New Zealand Auckland. Photo: Olja Latinovic needs more options when it comes to technology education. “So people who want to do intense short courses can have options, we need to look at online courses, sabbaticals, working inside startups as well as traditional institutes. The flexibility
14 October/November 2018 BOARDROOM CONTRIBUTION BY MARSH
Cyber Risk: What’s new on the menu?
It seems that we are dealing rom an insurance and risk computer server horsepower to ‘mine’ with a new form of cybercrime perspective, cyber exposure cryptocurrency for a cyber threat is a different beast compared actor. Additionally, invoice interception on a very regular basis – one to other lines of risk. Fire and fraud – altering bank accounts of an Fgeneral exposures, for example, are expected invoice – is also becoming day its ransomware, the next relatively known quantities with the root a quick and effective method for cyber it’s invoicing interception cause of a loss hardly changing much criminals to earn money in 2018. On top fraud – and businesses, over the decades. Liability risks, such of it all, thousands of phishing emails as Professional Indemnity and Directors are being circulated every minute, waiting regulators and government and Officers Liability, adapt as a result for someone to make an often honest bodies around the world of claims trends and vary in complexity mistake. Unless you are constantly depending on your area of business – but keeping an eye on this area, this can make are struggling to keep up the core essence of these risks and where it difficult for businesses to adequately with the pace of change. the claims are coming from are relatively prepare for where a potential attack known quantities. might come from. It would be like a burglar With cyber risk, we are dealing with finding new ways to break into your house constantly evolving threats which can every time you changed and reinforced grind entire businesses, supply-chains and the locks. industries to a complete halt with a literal From a regulatory point of view, the push of a button. In 2017, we witnessed European Union’s GDPR (General Data the WannaCry and NotPetya ransomware Protection Regulation) began on 25 May attacks infecting over hundreds of 2018. This, in simple terms, has placed thousands of computers around the world, more onus on any organisation that may making them two of the largest single-act actively collect and handle personally cyber events to date. The White House identifiable EU citizen data, regardless has estimated approximately US$10 of whether your business is headquartered billion in total damages from NotPetya in the EU. The extent of the GDPR’s alone(1). This year we are seeing a rise jurisdiction is yet to be fully tested; in Cryptojacking events due to the rise however penalties for non-compliance of cryptocurrencies – this is a method could range from €10 to €40 million or of essentially hijacking an organisation’s
15 October/November 2018 BOARDROOM CONTRIBUTION BY MARSH
2 – 4 per cent of global turnover, whichever A cyber policy would give you access is greater. Australia has similarly adopted to a suite of tools in your time of need the NDB (Notifiable Data Breaches) as a result of a cyber event; this may Steps to protecting scheme under their Privacy Act, placing include business interruption cover, an obligation on organisations to notify system damage restoration expenses, your company from individuals whose personal information forensic and breach consulting costs, being a cyber risk is involved in a data breach that is likely public relations costs and third party to result in serious harm. New Zealand is liability coverage. also set to follow in 2019 with a legislative The rapid evolution of cyber threats update to the 1993 Privacy Act. and toughening compliance measures So where does that leave you as a clearly means it’s no longer good 1 Identify key areas of cyber risk, business leader and director who now has enough for people to bury their heads critical systems/processes. to deal with both cyber threats that can in the sand and think ‘she’ll be right.’ come from any angle and strict regulatory It is a directive that needs to be 2 Develop a contingency plan. environments around the world? addressed at the top level and is Staff training and awareness, It would be challenging for any certainly not just an issue for the IT create emergency response plans, organisation to have a fully watertight and department to solve. In two years’ time, review supply chain risks and impregnable system, but you can certainly your business may be dealing with vendors’ response plans for cyber take the proper steps toward becoming a cyber threat that hasn’t even been exposure. as well prepared as possible. The first line coded yet – now is the perfect time 3 Look into additional safety of defence would be to carefully identify to get your line of defence all in order. like cyber insurance and your key areas of cyber risk and your 1: https://www.wired.com/story/notpetya- a cyber policy. most critical systems/processes that may cyberattack-ukraine-russia-code-crashed-the- cause a catastrophic ‘worst-case-scenario’ world/ for you in the event of a cyber attack. Like any other area of risk, identification would allow you to put the correct measures in place, such as staff training With cyber risk, and awareness, developing emergency response plans and even reviewing your we are dealing with supply chain risks and how your vendors constantly evolving handle their cyber exposures. In an ideal world, you would be able to stop the threats which attacks before they disrupt your business, can grind entire which is why a strong pro-active risk management approach is vital – however businesses, supply- contingency plans are also very important for the 1 per cent that doesn’t get stopped. chains and industries As part of your contingency plan, cyber to a complete halt insurance can certainly play its role in picking up the loose ends – the additional with a literal push safety net when all else fails. Cyber Jono Soo, Marsh insurance is definitely not a solution to all of a button. your problems on its own; in fact, insurers are becoming cautious and increasingly selective regarding which businesses they choose to underwrite, depending on how they address their cyber exposures.
16 October/November 2018 BOARDROOM Unlocking the value of data KPMG works alongside their clients to help them move up the analytics maturity scale
Trying to make sense of all that data GETTING MORE FROM YOUR DATA has fuelled the growth of algorithm development – particularly for machine In our experience, quality data combined learning, deep learning, and natural with advanced analytics and deep language processing. Other technological domain knowledge leads to great client advancements are supporting this, outcomes. It all starts with key business such as open source technologies like questions which typically fall into a few Apache Hadoop and Spark, in-memory key categories: improving customer processing, the rise of cloud computing experience, managing risk, cost efficiency and the use of processing chips such and growth/profitability. as GPUs and TPUs – which can execute We work with clients to develop complex machine learning algorithms hypotheses on the key issues, on large datasets. opportunities and risks, then test these DR. STEPHEN HASTINGS PARTNER - KPMG AUCKLAND using a scientific, data-driven approach. [email protected] For our clients, common questions are: Good quality, rich data is crucial – it provides colour and insight, and it’s Wanting to know how they can the fundamental building block for any HOW MUCH DATA DO YOU NEED? capitalise on their data assets down-stream analytics or modelling. for competitive advantage. Unlocking the value of data can be done It’s challenging for organisations to be by applying information management truly data-driven and insight-led, and Where they sit on the analytics principles and approaches, and using both embed this into their DNA. Leaders are maturity scale, and how to move internal and strategic external data. This expected to make difficult decisions at forward. data can take many forms; behavioural, pace, amid an explosion of data. Having interaction, demographic, attitudinal and lots of data may sound like a good thing Organisations also want to understand environmental. When vast amounts of but the more data and the more kinds what data is available to them, its quality, structured and unstructured data are of data you have, the harder it can be to how integrated it is, and how it can be ingested, and advanced analytics applied manage, analyse, gain insight from and enriched through third party sources. in an automated process, decision making act on. becomes faster, cheaper and smarter.
17 October/November 2018 BOARDROOM CONTRIBUTION BY KPMG
LIGHTHOUSE – HELPING We also use machine learning, forecasting AI is also attracting a lot of hype. YOU COMPETE and predictive models applied to historical AI allows machines to sense, discover, data, to help clients understand what is comprehend, act and learn. This is the KPMG has recently set up its centre likely to happen in the future. Common future, it’s reinventing how businesses of excellence for data, analytics, examples are predicting which customers operate, compete and thrive. This AI automation and artificial intelligence are likely to leave, what the next best ecosystem enhances, automates and (AI) – Lighthouse – in response to product or service is to offer, and where augments decisions that allow our our clients wanting to get more from fraud/credit risk may occur. clients to meet their business objectives. their data assets and to compete However, humans must be kept in the on analytics. Inside the Lighthouse CLOUD AND AI – WHAT DOES loop to train, test and tune models, to we have teams of data engineers, IT MEAN FOR YOU? ensure they are free of bias and that they business intelligence specialists behave as expected, without untoward and data scientists that use cutting Analytics in the cloud is a rapidly or unexpected consequences. edge techniques to harvest growing area. Multiple algorithms can With the rise of AI, it’s easy to wonder actionable insights. be tested (and collaborated on) to find about the place of humans in the future the optimal model for a given use, with of business. We believe the future is in With our Advanced Data Management most platforms offering templates “augmented intelligence” – the combination Toolkit, we help our clients manage, for common business scenarios. Large of human intuition, intellect and creativity, integrate, clean, organise, enrich, datasets can be crunched faster on the combined with information, machines transform, visualise and report on data. cloud technologies from all the major and algorithms. Increasingly we will see This allows for more accurate, timely providers. Cloud technologies are also the combination of humans and machines information that helps improve scalable and cost effective with usage- working in unison giving rise to the decision-making. based compute and storage resources. greatest success. Natural language processing is commonly used to analyse language and speech to support a range of different For more information go to applications; from the algorithms behind kpmg.com/nz/Lighthouse chatbots and virtual assistants, to text mining complaints for key topics and performing root-cause-analysis.
The framework KPMG utilises for their clients