2018 board OCT / NOV

roomMagazine of the Institute of Directors in New Zealand

THE DATA ISSUE Frances Valintine talks about how to keep up in a changing world

BOARDROOM A World of Data

Big data, data governance, artificial intelligence, analytics, data privacy, new legislation and international regulations – there’s a lot to get your head around. The Institute of Directors (IoD) is here to help with A World of Data, our final What Matters theme for 2018. We’ve arranged a series of events, courses and publications to help you get to grips with what you need to know.

Branch events We’re hosting branch events around the country on topics ranging from the dark web to data governance and cyber security. Check out our DIGITAL events page in BoardRoom or iod.org.nz for full details of what’s on offer. SUITCASE Podcast Special Offer PRIVACY COMMISSIONER JOHN EDWARDS has joined us for Stay ahead in an ever- a podcast, delving into the privacy issues you need to be aware of. evolving world and become tech-wise, Webcast computer competent A WORLD OF DATA PANEL with panellists Ben Kepes, Joanna Perry and digitally savvy with and Sam Knowles, facilitated by IoD Chief Executive Kirsten Patterson a 50 per cent discount (2 CPD points) rate on the $29.95 annual 14 November | 5.30pm – 7.30pm fee for Tech Futures Lab’s Digital Suitcase. Webinars The offer is available DATA PRIVACY with Richard Wells, Partner – Corporate and Commercial, to the first 1000 IoD MinterEllisonRuddWatts (2 CPD points) members who sign up. 22 November | 10.30am – 11.30am Members will need to DATA GOVERNANCE with Alison Holt (2 CPD points) enter the code pbId9XzK 14 December | 10.30am – 11.30am when they sign up to a monthly plan. More Webinars cost $200 inc GST for members, $245 inc GST for non-members. details on the IoD website. Publications Resources include this themed edition of BoardRoom and upcoming publications from our Governance Leadership Centre, including a guide on Reporting cybersecurity to boards, with sample dashboards.

For more information about A World of Data events and resources, go to iod.org.nz/what-matters CONTENTS

A note from the editor The Agenda This issue we explore our final What OCTOBER / NOVEMBER 2018 Matters theme for 2018, A World of Data. We look at data governance, INSIDE IoD big data, open data, data governance, privacy issues, artificial intelligence, BoardRoom details cyber security and the dark web. 01 Futurist Frances Valintine offers her CEO letter views on what the future of work might 02 look like, and says future-proofing your 03 UpFront career might be a matter of taking sabbaticals every few years to upskill 03 DirectorVacancies and keep current. 11 Looking after the huge amounts 28 GLC Update of data your organisation collects is a growing challenge for directors. 43 Out and About Dame Diane Robertson, from the Data FRANCES VALINTINE / Futures Partnership, talks about what How to future proof 47 Events directors need to be thinking about your career in the in terms of data governance. technological age FEATURES Safeguarding the privacy of your staff, shareholders and other stakeholders 07 Dame Diane Robertson is another responsibility. Privacy explains the importance Commissioner John Edwards talks of data governance through the main proposed changes in the 21 Privacy Bill, and says the new legislation 09 Treasuring Māori data could herald a sea-change in the business world, in much the same way the health 11 Futurist Frances Valintine and safety reforms did. talks the future We also delve into the murky world of the dark web. If your website or system 21 Sam: The virtual politician is hacked, chances are this is where your data will end up. 25 Privacy Commissioner The underlying message from all John Edwards talks about pending legislative changes of the people we’ve spoken to this issue SAM THE VIRTUAL is to be alert, but not alarmed by the POLITICIAN / 31 Getting tangled in the changes that technology has brought Would you vote dark web and will continue to bring. Don’t fear for an AI politician? the changes, but embrace them and all GNDI report the opportunities that come with them. 35 38 Treating data with respect Kate Geenty BoardRoom editor 31 41 Opening up to big data

FROM OUR PARTNERS 15 Cyber risk: What’s new on the hacker menu today? / Marsh 17 Providing data-driven services for digital THE DARK WEB / transformation / KPMG BoardRoom is the magazine The thriving of the Institute of Directors underground 19 Data and governance / in New Zealand iod.org.nz economy MinterEllisonRuddWatts

October/November 2018 BOARDROOM BOARDROOM DETAILS

boardroom SENIOR LEADERSHIP TEAM BOARDROOM IS PLEASED Chief Executive Officer TO ACKNOWLEDGE THE SUPPORT OF Kirsten Patterson BoardRoom is published six times NATIONAL PARTNERS a year by the Institute of Directors General Manager, Members in New Zealand (IoD) and is free Nikki Franklin to all members. Subscription for General Manager, Governance asb.co.nz Leadership Centre 0800 803 804 non-members is $155 per year. Felicity Caird

BoardRoom is designed to inform General Manager, Corporate Services marsh.co.nz and stimulate discussion in the Chris Fox 0800 627 744 director community, but opinions expressed do not reflect IoD General Manager, Brand, Marketing and Communications policy unless explicitly stated. Sophi Rose NATIONAL SPONSORS

Delivery Manager Robbie McDougall aurainfosec.com EDITOR Manager, Professional 04 894 3755 Kate Geenty Development +64 4 470 2647 Paul Gardner [email protected]

Please contact the editor for any advertising queries. COUNCIL 2017/18 kpmg.co.nz Liz Coutts – President 09 367 5800 Alan Isaac – Vice President INSTITUTE OF DIRECTORS IN NEW ZEALAND (INC) Dr Helen Anderson – Wellington Mezzanine Floor, 50 Customhouse Quay Des Hammond – Bay of Plenty PO Box 25253, Wellington 6146 Julia Hoare – Auckland New Zealand Jackie Lloyd – Wellington minterellison.co.nz Tel: 04 499 0076 Simon Lockwood – Waikato 09 353 9700 Fax: 04 499 9488 Vincent Pooch – Canterbury [email protected] Geoff Thomas – Otago Southland iod.org.nz Clayton Wakefield – Auckland Sarah-Jane Weir – Nelson The Institute of Directors has staff based at the Marlborough National Office in Wellington, an office in Auckland PRODUCTION NOTES and eight branches. For National Office, phone Every effort has been made 04 499 0076. COMMERCIAL BOARD to guarantee the pages of this magazine are sustainably Kirsten Patterson, Chair; sourced and produced using Liz Coutts, Alan Isaac, paper that meets the environmental BOARDROOM IS PROUDLY DESIGNED BY Dr Alison Harrison standards shown below.

BRANCH MANAGERS eightyone.co.nz For a full list of branch managers, 04 894 1856 see page 48.

When you have finished with this magazine, please recycle.

1 October/November 2018 BOARDROOM CEO LETTER

working in the factories. Health and safety markets. The digital environment is and the ‘duty of care’ to workers wasn’t creating a global playing field where this established in common law until 1837. disruption can move between borders Far too late for the thousands of children easily, threatening established business Human rights and other workers killed, maimed, or models. suffering from occupational diseases. Interestingly, the arguments against and business Although the challenges of the fourth increased regulation of the revolution have industrial revolution are not life or death, also changed little in almost 200 years. during times our regulators are similarly struggling In 1844 Lord Shaftesbury spoke in the UK to keep ahead of business use and the House of Commons in support of limiting of industrial impact on the protection of individuals, children’s maximum working hours to 10 whether it’s cryptocurrencies, ethics per day. He commented that with all that revolution in AI, geonome editing, or even the had been written and said on the subject, human right to privacy. he could discover no more than four As Klaus Schwab, Founder and arguments urged by opponents against Executive Chairman, World Economic the measure: Forum has expressed: “We must develop a comprehensive and globally shared 1. That the passing of a 10 hours’ bill view of how technology is affecting our would cause a diminution of produce. lives and reshaping our economic, social, cultural, and human environments. There 2. That there would take place a has never been a time of greater promise, reduction, in the same proportion, of the value of the fixed capital KIRSTEN PATTERSON or greater peril.” CEO, INSTITUTE OF DIRECTORS ‘Data is the new oil’ is one of the employed in the trade. new mantras, but just as the oil of 3. That a diminution of wages would Lost track of which industrial revolution yesterday was found to have impacts ensue, to the great injury of the we are up to? According to the World on the environment requiring protection, workmen. Economic Forum it’s the fourth. They the data of today is linked to people define the fourth industrial revolution and to communities. 4. A rise of price, and consequent as building on the digital revolution, Article 12 of the United Nations peril of foreign competition. representing new ways in which Universal Declaration of Human Rights technology becomes embedded within adopted in 1948 makes interesting Business has always been the early societies and even the human body. reading in today’s social media world: adopter of technology and the early Every industrial revolution has “No one shall be subjected to arbitrary guardian of its use and impact. Just significantly impacted on our communities interference with his privacy, family, home as health and safety is now a core and changed the face of work and or correspondence, nor to attacks upon governance responsibility, data and labour. Each shift has had global impacts his honour and reputation. Everyone privacy are our governance challenges on capital allocation and economic has the right to the protection of the law of today. prosperity. Worryingly, however, another against such interference or attacks.” The 2018 Edelman Trust Barometer theme from each revolution is how our The results from our Director asked consumers what they felt was systems and regulators have struggled Sentiment Survey at the end of 2017 the top trust-building mandate for to keep up with abuse and/or unintended was that data governance and the use business – the answer may surprise you: consequences. of data analytics to drive performance The expectation that you will protect At first glance the links between and strategic opportunities had only been my privacy and keep my data safe. the first industrial revolution and the discussed by 50 per cent of boards in We’ve all heard about Cambridge challenges of today seem tenuous. the past 12 months. Early analysis from Analytica and the approximately US$40 However, looking back at the first the 2018 survey shows this has lifted billion impact on Facebook value over industrial revolution and the move to to 56 per cent. data privacy concerns. Maybe we factories and machines, there are some The world is in a period of exponential shouldn’t be surprised about the salient lessons we would do well to change. It will require directors who Edelman results after all. heed in today’s era of digital and data engage in innovative thinking, agility – Although he was paraphrasing others, disruption. and sound risk management. It will require Winston Churchill perhaps summarised it Although the first industrial revolution leaders who are visionary, who can look best – “Those that fail to learn from history began in 1760, it wasn’t until 1802 that to the developments that are occurring are doomed to repeat it.” legislation was first introduced to address overseas and translate them back to their child labour conditions and health and meaning back home. Kirsten (KP) safety requirements. It wasn’t until 1833 New Zealand faces the challenge that legislation was passed prohibiting of being a small and relatively isolated children under the age of nine from economy that is dependent on global

2 October/November 2018 BOARDROOM UPFRONT UpFront

Director Vacancies APPOINTMENTS DirectorVacancies is a cost-effective way to reach our extensive membership pool of director talent. We will list your vacancy until Barbara Chapman the application deadline closes or until you find a suitable candidate. Chartered Member, has been appointed Contact us on 0800 846 369. Chair of Genesis Energy. She has also been appointed to the Reserve Bank Unless otherwise stated, the following positions will remain open until filled. Review Panel.

NORTHERN DISTRICTS CRICKET THINK CONCEPTS LTD Role: Directors (3) Role: Board Member/Director Hon. Chester Borrows, QSO Location: Hamilton Location: Auckland Member, has been appointed Deputy Closing date: 26 October Chair of the Veterans’ Advisory Board. HELENSVILLE DISTRICT HABITAT FOR HUMANITY HEALTH TRUST (CHRISTCHURCH) LTD Role: Chairperson and Trustees Stuart McLauchlan Role: Director Location: Parakai Chartered Fellow, has been appointed Location: Christchurch Closing date: 12 November to the board of Argosy Property. Closing date: 26 October THE ORPHEUS CHOIR ARTSPACE AOTEAROA TRUST NZ OF WELLINGTON Belinda Moffat Role: Trustees Role: Board Member Member, has been appointed Location: Auckland Location: Wellington to the Reserve Bank Review Panel. Closing date: 18 November SPORT NORTHLAND Role: Centrally-held list KARORI COMMUNITY CENTRE Karen Price of Directors/Director pool Role: Board members (3) Chartered Member, has been appointed Location: Northland Location: Wellington to the board of Aqualinc Research, via the Closing date: 25 November IoD’s DirectorSearch appointment service.

The smarter solution for better board management. Affordable and easy-to-use software to help SMEs and NFPs streamline their board processes.

Get organised Save time Reduce hassle

Visit www.boardprohub.com to learn more.

3 October/November 2018 BOARDROOM UPFRONT UpFront

Lyn Provost, CNZM PRIVACY RESOURCES IoD BY THE NUMBERS: Member, has been appointed (As at 31 August 2018): to the Education New Zealand board. The Privacy Commission has a range of resources to help you get your head around your privacy responsibilities. Glen Scanlon This includes 30 minute online courses, 8,908 Has been appointed as a Future Director an Ask Us database of everyday Members on the Zealandia board, as part of the privacy questions, as well as a live IoD’s Future Directors programme. chat tool and online enquiries button on its website. The Commission also awards the Privacy Trust Mark, 1,310 Teresa Steele-Rika which recognises privacy excellence Chartered Members Has been appointed as a Future Director of particular products and services. and Chartered Fellows on the board of Scales Corporation, For more information on the Privacy as part of the IoD’s Future Directors Commission’s resources, visit its programme. website privacy.org.nz. To read an interview with Privacy Commissioner 117 John Edwards, turn to page 25. Members passed Sally Webb, ONZM the Chartered Members Member, has been appointed Chair Assessment between of the Waikato District Health Board. PONDER THIS: January and August 2018

The number of devices connected Adrienne Young-Cooper to the internet is set to rise to Percentage of new Chartered Fellow, has been appointed an estimated 100 billion by 2030, members in 2018 Chair of Auckland Council’s urban up from 8 billion today. redevelopment agency, Panuku % % Development Auckland. Source: The Data Privacy Puzzle by Cornerstone Capital Group and the Investor 39 61 Research Responsibility Centre Institute Female Male

4 October/November 2018 BOARDROOM Level One, Press Hall 80 Willis St Wellington 6011, New Zealand +64 (0)4 894 1856 [email protected]

Client IoD

Contact Andrea Coulston

Project Board Services Collateral

Execution Boardroom Full Page Ad

Artwork Size 210 x 275mm

Scale 100%

Output Size 210 x 275mm

Date 19 June 2018

Studio Carlos

Notes BoardServices CMYK Practical, professional services and advice to help your board.

Call 0800 846 369 iod.org.nz/BoardServices [email protected]

IOD0059 BoardServices BR Full Ad 210x275 FA3.indd 1 19/06/18 5:32 PM UPFRONT

DIVERSE THINKING Measuring diverse thinking IOD SENTIMENT SURVEY IN THE BOARDROOM “The complexities of leveraging and getting the best out of diverse thinking The IoD’s annual Director Sentiment The Superdiversity Centre released is a growing area of interest in board Survey will be released in November. Diverse Thinking Capability Audit in reviews. While there is research Thank you to everyone who took part. New Zealand Boardrooms 2018 in August. supporting the difference diversity In the meantime, if you’re interested More than 60 of New Zealand’s top chairs, makes, we need to start discussing in seeing what global directors are directors and governance professionals what ‘difference’ to performance means thinking about governance issues, take shared their insights for the report, and how we measure it. Is it just short- a look at the results of the inaugural including IoD President Liz Coutts and term share price or are we measuring GNDI (Global Network of Director IoD Chief Executive Kirsten Patterson innovation and long-term value creation?” Institutes) Global Director Survey (KP). Here are some of KP’s key quotes on page 35. from the report: Critical mass of diverse thinkers “There needs to be a critical mass Creating an inclusive culture on boards of diverse directors to be influential, Q: Organisations and people who “Creating an inclusive culture is key as even senior directors find it hard have experienced a cyberattack and there is much work to be done. to challenge and to have their can report it to which government The first step for getting diverse thinking voices heard.” body? on boards is to create an inclusive culture. But attention has instead gone A. Department of Internal Affairs to Step 3 (board composition) and Step B. CERT NZ 4 (appointing diverse talent), or debates C. NZ Cybersecurity Inc. on Step 5 (targets). To get the real and D. Ministry of Justice significant value from diversity, we need to ensure we don’t skip Step 1.” B. CERT NZ (Computer Emergency Response Team)

Leadership SafePlus - a voluntary, health and

Worker Engagement safety performance improvement toolkit for businesses. Risk Management SafePlus helps lift the performance of workplace health and safety in New Zealand businesses. It can be used to assess how well a business is performing against good practice health and safety requirements and provide tailored guidance and advice on how and where to improve.

The SafePlus toolkit is available in three initiatives. Choose the one that works best for your business, or use them all: • Free Resources and Guidance. • Market-delivered Onsite Assessment and Advisory Service • Free Online Self-Assessment Tool.

The benefits of SafePlus include: • Tailored guidance and advice • Increased business confidence • Improved productivity • Better risk management • Independent and qualified view of current performance • Reputational and employer of choice gains.

Visit our website to find out how SafePlus can help guide and support your business, and about our SafePlus Accredited Assessors.

www.safeplus.nz

6 October/November 2018 BOARDROOM FEATURE

The importance of data governance

ata governance should be DETERMINING DATA STRATEGY a fundamental part of directors’ skill sets, says Dame Diane The push for strong data governance Robertson, Chair of the Data is coming from a variety of sources: DFutures Partnership, an independent commercial and regulatory pressures, ministerial advisory group which was rapidly changing technology and set up in 2015. a decline in trust from stakeholders. These pressures mean that boards can’t DATA GOVERNANCE afford to just tack data governance onto VS DATA MANAGEMENT the end of their to-do list; it needs to be prioritised, says Dame Diane. “More and Some boards confuse data governance more so, data is the biggest asset that with data management, says Dame Diane. we’ve got, so we shouldn’t be seeing this “I refer to governance of data rather as an extra on top of everything else. than data governance. I think we need We should be seeing it as everything.” to make that shift. Every time I hear When a board starts thinking about the Dame Diane Robertson data governance I hear security, safety, governance of data, Dame Diane says they development of databases, technology, need to take their organisation’s values Businesses have access to an ever- all of those sorts of things; I don’t hear and strategy as a starting point, and tailor increasing array of information how we are managing the data itself and a data strategy that best serves these. about staff, customers and other I don’t hear what we’re going to do with “When you’re determining a strategy for stakeholders. The responsibility the data.” your organisation, it won’t be the same of overseeing a strategy to look after, She prefers to use the term data as someone else’s organisation. One of and best utilise, that data lies with management for the things management the things that boards need to do is think the board. should be looking after, and data about data in relation to their purpose governance for the things boards are and values. That is the starting point and responsible for. So, the governance it will be different for every organisation.” of data refers to the oversight that boards provide over their management’s stewardship of data.

7 October/November 2018 BOARDROOM FEATURE

 One of the things that Dame Diane says a rethink on how What questions do directors organisations are already using data is need to be asking? boards need to do also necessary. Sometimes companies is think about data are giving away data without thinking A KPMG report Board’s eye view of about it. “Every board I know has really data and analytics, released last year, in relation to their good policies around privacy and HR, says boards and audit committees but then you ask ‘do you sell your need to have a holistic view of their purpose and values. HR data?’ and they go ‘no, we wouldn’t organisation’s strategy around data That is the starting do that’. So then you ask ‘well do you and analytics – specifically what data participate in salary surveys?’ and yes is collected, how it is used and who point and it will be they do. So they don’t sell their data, oversees that effort. The report they just give it away.” outlined some key questions for different for every directors to consider around data organisation. CONSIDER BOARD and analytics: COMPOSITION How is the data being collected Once you’ve designed a data governance Directors’ responsibilities are to and organised within the company strategy that fits the overall purpose maximise the value, manage the risk and who is involved? Ultimately and goals of your organisation, then she and oversee what is happening in their who is responsible? says it’s a matter of applying standard organisation. Boards need to reflect governance practices of oversight, a mixture of skills and expertise that Can the data be trusted? How monitoring performance, holding will enable them to provide a strategic is the quality and integrity of the management to account, and ensuring oversight of their organisation. data assessed? compliance. In some cases, it might mean Does the company have a data rethinking the make-up of your board. ethics policy to protect the brand A NEW MIND SET “For some organisations it might be reputation and reduce legal risk? about bringing someone onto the board Dame Diane says many of the directors who is an ethicist around data, it may Does the company have the right and executives the Data Futures be someone who has data governance talent, skills and resources required Partnership has spoken to over the past skills to enhance that in the board to implement/manage its data and couple of years had never thought about itself. In the same way as you bring analytics activities? data governance before. “But I don’t on expert finance people and legal think it’s a sin of omission. It’s a step people,” says Dame Diane. Has the company scoped out up to thinking in a different way.” the near-term and longer-term She says boards are very focused on opportunities for its use of data skills like finance, health and safety and and analytics, including financial reporting and predictive analytics? infrastructure. “This is something new Data Governance Strategy for directors to get their heads around.” Are current and future business However, it’s not something she thinks challenges being effectively aligned needs to become a hugely complicated with the right data and technology compliance issue. “The majority of Apply standard solutions? organisations we speak to have really 01 governance good oversight of their data and they practices of Has management assessed the data have good controls and policies in place. oversight infrastructure and the data available We’re not saying you suddenly have to to drive the digital strategy? Who do a whole bunch of other things. We’re is accountable for data decisions saying you need to be providing the 02 Monitor and the associated risks? oversight for this.” performance Has management assessed Boards deal in data all of the time, the ability of the IT infrastructure they just may not consider what they’re to support these advanced dealing with as data. “If you change the technologies? word data to information, it’s a different 03 Management way of thinking,” Dame Diane says. accountability What is the current workforce’s “They don’t bring the money to the board skill set? Where does it need to be? meeting. They don’t bring the buildings to the board meeting. They bring the Has an appropriate governance information around it. That’s what a Ensuring structure been put in place, including board’s major role is, to deal with the 04 compliance the board and its committees, to information around an organisation.” manage such innovation and change?

8 October/November 2018 BOARDROOM FEATURE

Treating data as a treasure Māori data governance

Māori data is a taonga that needs Every piece of data connects to people connected to data. “There could to be considered through the lens and therefore it has importance. Another be a whole lot of data that creates of the Treaty of Waitangi, says is a more practical interpretation where opportunities for us which we want some Māui Hudson, associate professor taonga relate to those sets of sensitive sort of management or control around.” at the University of Waikato, data that require active management.” Another way data can be viewed as and part of the working group In terms of determining what kind a taonga is its utility. “If it’s data that can for Te Mana Raraunga, the Māori of data is likely to be viewed as taonga, be used in a whole variety of different Data Sovereignty Network. he uses a forest analogy. “All parts of ways we’ve probably got more interest a forest are important in their own way, in understanding what those pathways In terms of thinking around data but within that environment there are might be and whether or not we need sovereignty, it’s about exploring really special things. So there will always what are the rights and interests be particular types of information which in relation to data that’s collected groups might feel more connected “from Māori, about Māori, or the resources to and sensitive about.” that Māori have interests in,” Hudson says. Hudson is hoping to collaborate Three characteristics can be associated with data science and management with taonga datasets: researchers to explore ways to value Māori data within organisations. “It will be very provenance exploratory in many ways, but it will start moving the discussion from conceptual opportunity talk around rights and interests into utility discussions about governance issues and operational decisions.” Some datasets are significant because He thinks there will be a time when of where they come from, ‘whakapapa organisations and their boards will need or cultural knowledge’. Other datasets cultural experts to advise them on how are important because of the opportunities Māui Hudson to handle their data. “As organisations grapple with the issues around protecting data and extracting value from data, particularly in New Zealand, they will be TAONGA DATASETS CAN BE ASSOCIATED increasingly subject to challenges about WITH THESE THREE CHARACTERISTICS: doing it in a culturally appropriate way and doing it with integrity. That may require some specialist advice or skills to support that coming about.” DATA AS A TAONGA Provenance Opportunity Utility Hudson says data can be looked at as a taonga – meaning it’s protected under the Treaty of Waitangi. Taonga can be thought about in a number of different ways. “One is at a philosophical level.

9 October/November 2018 BOARDROOM FEATURE

to manage those. If it’s something that’s the nature of their relationships and HOW DATA IS USED only got one particular purpose then what they can do, That’s a different you’ll be less likely to be worried that sort of thing because it’s not thinking Data is being used as the basis of all it might be used in ways you don’t about individuals and the responsibility sorts of decisions, many with far-reaching agree with.” towards individuals – which tends to be consequences, meaning it’s important characterised as consent – but it’s about that Māori are consulted and represented. SOCIAL LICENCE the group and what can you do on behalf “Certainly in the government space, of the group? Have you got some sort of we’re really aware that data is increasingly The government and corporate boards permission or authority from that group being used to make decisions about are already having conversations about to do things with their collective data?” where resources are allocated. So the their social licence around data use. “I see “This is where we see it playing out quality of the data will relate to the quality social licence as being part of the social differently because you’re not necessarily of the decision making. If the data isn’t contract that the government has with talking to the individual members being collected in a way that represents its citizens about the things it can do on of the group, but you’re talking to the Māori world views they are unlikely to their behalf,” says Hudson. “Data linkage, people with authority. This is where the make great decisions that support Māori data sharing, the open data space, have governance part starts to have more aspirations,” Hudson says. all started to move people’s ideas around of a bearing on the conversation. Māori what data can be used for.” data sovereignty is really the conversation THE RATE OF CHANGE “People’s ideas have shifted from data about the rights and interests, but these rights and interests get operationalised Conversations around Māori data  through Māori data governance.” governance are already happening Every piece of data He says deciding who needs to be part at a government level and throughout of the conversations around governance government agencies. “I can see it connects to people and sovereignty will depend on what sort already within the government space, and therefore it of group you’re working with. “So in an partly because of their responsibilities iwi setting the conversation will be with to citizens and the Treaty, agencies has importance. iwi leadership, but there could be other are having to address the issue of kinds of groupings or collectives that Māori data sovereignty and Māori data being collected for one purpose and might have interests in how information governance. It’s all caught up in their only being used for that purpose. Those is being used, particularly when it’s talking trust and accountability and their role kinds of boundaries are breaking down about them.” as the government.” and as data shifts into use in other places He admits that one of the challenging He says thinking about data from you’ve got to renegotiate the nature things about having conversations around a Treaty point of view is much more of the contract and it’s important that Māori data sovereignty is that in many challenging at a corporate level than Māori are a part of those conversations,” cases data is not an exclusive relationship, at a government level, but that eventually Hudson says. it might belong to several different people it will flow through to the corporate or it might be intellectual property. “In this world. “With other [non-government] CULTURAL LICENCE space we’re dealing with data that other groups it’s probably going to depend people are holding and you’re talking on the nature of the relationship they Hudson says the concept of a social to them about appropriate use. This is need to have with Māori or iwi groups licence covers how individuals feel about why it comes back to governance, it’s to deliver their businesses and the types an issue, whereas when looking at it about data access, it’s about the protocols of information that they are working with. from a Māori perspective, a collective and principles around boundaries that In the future Māori Data Sovereignty view or cultural licence also needs to get put in place around what sorts of is likely to become a strand of corporate be considered. “It’s the contract that things it can be used for.” social responsibility.” exists between the Crown and iwi around

10 October/November 2018 BOARDROOM FEATURE

Are you a Samurai or a Ninja?

Exponential changes in technology are transforming the business world and the way we work. Artificial intelligence, big data, open data, virtual reality – everything is now underpinned by technology, and keeping up with constant advances is a huge challenge. Many of us can’t begin to fathom what the future will look like even two years down the track.

What we imagine is that business It’s not that these startups are deliberately know the business and can come in is still linear, because most of trying to be invisible, it’s just the way they and advise. Having a consultant pop our lives have been lived within operate. They come in, and they’re fast in for a one-hour overview is not going linear frameworks. That meant we and responsive.” to change the culture or the expectations “could sort of predict what would happen As the world innovates and changes of a board to make some big, bold or next year, because it was likely to be an at break-neck speed, the ability to risky moves.” incremental advance on last year – no real pivot when situations change and to Hearing a range of opinions and gear-change needed. That doesn’t really recognise when you need new knowledge advice is important, so she doesn’t think apply any more,” says futurist Frances and different forms of experience is a having one tech expert on or advising Valintine CNZM, the Founder and Chair key feature of attaining ‘Ninja’ status. a board is enough; there needs to be a of tech education companies The Mind “Redundant knowledge is hard to replace range of opinions and advice. “For me, it’s Lab and Tech Futures Lab. if you’re not accepting that some of the all about making sure there are enough Valintine thinks the recent drop in choices you’re trading on, some of the people focused digital technologies and business confidence has a lot to do with knowledge you’re utilising, is no longer future impact. It’s a bit like having a token a growing unease about the future and best practice and not contemporary female – one female does not represent the the changes that are afoot. “People can in terms of what is now possible. If you views of all women, and with technology see it, taste it, and feel that something recognise that you have knowledge gaps, it’s the same thing. You need to have is changing, but they can’t quite put their you’ll look for ways to plug that gap, enough skilled people who can drive finger on what to do.” whether that is developing your own skill technology conversations so that people She likens old-school, traditional set or finding other people to plug that really deeply understand the importance corporates to Samurais. “They are gap,” says Valintine. of decisions being made. If one person holding onto the old ways and to well- is holding the conversation, debate will not trodden traditions, and where familiarity THE NEED FOR TECH EXPERTS occur and change will not happen. I think feels safe.” ON BOARDS more and more people are trying to find New companies tend to be more those skillsets for boards, and also raise nimble, positioned from day one to be In order to keep pace with technological the level of understanding within boards agile and responsive to change. “They changes, Valintine would like to see but greater emphasis is still needed.” >> are the Ninjas who come in by stealth. permanent technology advisors on They operate under new business corporate boards. Failing that, she says models and are underpinned by digital boards need to have two or three advisors and incumbents don’t see them coming. regularly attend board meetings. “That way there is consistency, they get to really

11 October/November 2018 BOARDROOM New companies tend to be more nimble, positioned from day one to be agile and responsive to change. They are the Ninjas. Frances Valintine, CNZM FEATURE

BALANCING RISK AND to navigate through this change and from the same person, while the unique THE NEED FOR CHANGE come out transformed in a good way, context and the information would stay and continue with the market that contained within each organisation. Valintine says the legal liabilities directors we see, but also potentially take That’s quite a different situation from face can make taking risky decisions on new opportunities’.” the past where we’ve been able to unattractive. “Boards of directors are hire permanent full-time employees.” highly accountable for the decisions they THE CHANGING WORKFORCE This gig economy is being driven by make… So, for example, you decide to millennial workers, who already make move your whole organisation to become Valintine says there’s a skills gap in up half of the workforce in New Zealand. Agile, like Spark has, there has to be an New Zealand, with a lack of knowledge “This new generation don’t aspire to work acceptance that there are risks. Typically, and experience around these new and in a fulltime permanent position the way boards take the more conservative route, emerging technologies. “There’s so little previous generations did, that’s not part which in today’s fast-moving world is expertise that the people who do know of their DNA. They don’t understand the potentially the riskiest route of all.” it are almost exclusively contractors attraction in that. They want variety, and She thinks people in governance roles because they don’t want to work within as well as paying the bills, they want to need to work out how to balance the need the confines of a single organisation.” work on projects that mean something. to do things differently against the risk This means employers have to get It’s a much more holistic and value-based of implementing changes. “The challenge used to the fact that people working way of looking at what it means to work.” is between realising ‘if we stay as we are for them may also be working with She thinks people who are mid-career our future will look very grim and our their competitors. “That’s the nature are probably the most vulnerable in terms returns to shareholders will diminish and of contracting and we have to get of their future career, as their entire eventually we will be no more’. Or, ‘we comfortable with that. For example, schooling, education and the majority take risks and we tell shareholders that if you’re a bank you have to be of their experience is from pre-digital dividends aren’t going to be pretty for comfortable knowing that Bank A times. “If they’ve come into a senior a little while, but we’re going to be able is getting the same advice as Bank B level and maybe even a governance role,

Perspectives, ideas and innovation that will shape the future

2019 IoD Leadership Conference 2–3 April 2019 What’s Next for Governance SKYCITY, Auckland If you’re in governance or business you’re facing an increasingly complex, fast-moving and exciting future. If you’re keen to look Register now at ahead, test your thinking and connect with those who are www.iod.org.nz/conference grappling with these important and challenging times – join us. Limited super-early-bird The 2019 IoD Leadership Conference will connect you registrations for IoD members are available until 30 November with some of the most innovative thinkers and speakers in 2018. The early-bird rate will governance and leadership from around the world. It’s also then apply. a great opportunity to connect with a broad cross-section Early-bird registration for of New Zealand’s business leaders. non-members is also available.

13 October/November 2018 BOARDROOM FEATURE

they are still trading on the capability they’ve had from those analogue environments. While experience is really One of Valintine’s businesses, important, and networks are really important, we also need to have deep The Mind Lab, is currently understanding of macro-changes and advances to identify what are the big upskilling New Zealand teachers. technologies that are coming in and shaking the ground beneath us.” These teachers are studying digital technology so they can teach it. “If the teaching workforce, who are not financially incentivised to keep HOW TO KEEP UP AND THRIVE learning while they are working, are prepared to step up and give their valuable time to preparing themselves for the future then the business Valintine says, despite the huge changes world need to take note and follow suit. How can you do your job afoot, there is no need to fear the future. without the right knowledge? If teachers can do it, we can all do it.” Instead, there are endless benefits and possibilities created by technological advances, but it takes a real commitment to re-education and upskilling. “Take a few months off every few years 55 to do some professional development in so that you build longevity into your capabilities. So that when you’re on a board and you’re talking about digital 15 transformation, you’re talking about it 1 from a highly informed view. You’ve done teachers in the country have is the average age of case studies, you’ve worked alongside completed a one-year part-time teachers in New Zealand. companies that have gone through programme with her organisation. transformation or have created start-ups so that you really understand what is needed, from a practical standpoint as opposed to saying we’re just going to of learning is that we need adults to let the IT guys or the digital department go back and learn, not just our kids.” figure that one out for us.” In August, Tech Futures Lab launched The idea of taking time out of Digital Suitcase, an online platform that the workforce may be daunting for a teaches adults critical digital knowledge. professional with a mortgage and family (See the inside front cover of this issue obligations, but the payoff will come in for a special Digital Suitcase offer for future-proofing your career. “If you’re IoD members.) sitting in a role where you’ve become accustomed to a certain amount of  privilege and a good salary and a great Take a few months lifestyle, to go back to learn can feel like a backwards step… Instead there should off every few years to be nothing but admiration for people do some professional who commit to reskilling. It should be one of those things where people go development so that ‘wow, that’s amazing, you’re taking time out to get your head around the stuff you build longevity that your company can do really well’.” into your capabilities. Source: Russian business leaders with creative To enable and encourage ongoing entrepreneur Qiane Matata-Sipu at The Mind Lab, learning, Valintine thinks New Zealand Auckland. Photo: Olja Latinovic needs more options when it comes to technology education. “So people who want to do intense short courses can have options, we need to look at online courses, sabbaticals, working inside startups as well as traditional institutes. The flexibility

14 October/November 2018 BOARDROOM CONTRIBUTION BY MARSH

Cyber Risk: What’s new on the menu?

It seems that we are dealing rom an insurance and risk computer server horsepower to ‘mine’ with a new form of cybercrime perspective, cyber exposure cryptocurrency for a cyber threat is a different beast compared actor. Additionally, invoice interception on a very regular basis – one to other lines of risk. Fire and fraud – altering bank accounts of an Fgeneral exposures, for example, are expected invoice – is also becoming day its ransomware, the next relatively known quantities with the root a quick and effective method for cyber it’s invoicing interception cause of a loss hardly changing much criminals to earn money in 2018. On top fraud – and businesses, over the decades. Liability risks, such of it all, thousands of phishing emails as Professional Indemnity and Directors are being circulated every minute, waiting regulators and government and Officers Liability, adapt as a result for someone to make an often honest bodies around the world of claims trends and vary in complexity mistake. Unless you are constantly depending on your area of business – but keeping an eye on this area, this can make are struggling to keep up the core essence of these risks and where it difficult for businesses to adequately with the pace of change. the claims are coming from are relatively prepare for where a potential attack known quantities. might come from. It would be like a burglar With cyber risk, we are dealing with finding new ways to break into your house constantly evolving threats which can every time you changed and reinforced grind entire businesses, supply-chains and the locks. industries to a complete halt with a literal From a regulatory point of view, the push of a button. In 2017, we witnessed European Union’s GDPR (General Data the WannaCry and NotPetya ransomware Protection Regulation) began on 25 May attacks infecting over hundreds of 2018. This, in simple terms, has placed thousands of computers around the world, more onus on any organisation that may making them two of the largest single-act actively collect and handle personally cyber events to date. The White House identifiable EU citizen data, regardless has estimated approximately US$10 of whether your business is headquartered billion in total damages from NotPetya in the EU. The extent of the GDPR’s alone(1). This year we are seeing a rise jurisdiction is yet to be fully tested; in Cryptojacking events due to the rise however penalties for non-compliance of cryptocurrencies – this is a method could range from €10 to €40 million or of essentially hijacking an organisation’s

15 October/November 2018 BOARDROOM CONTRIBUTION BY MARSH

2 – 4 per cent of global turnover, whichever A cyber policy would give you access is greater. Australia has similarly adopted to a suite of tools in your time of need the NDB (Notifiable Data Breaches) as a result of a cyber event; this may Steps to protecting scheme under their Privacy Act, placing include business interruption cover, an obligation on organisations to notify system damage restoration expenses, your company from individuals whose personal information forensic and breach consulting costs, being a cyber risk is involved in a data breach that is likely public relations costs and third party to result in serious harm. New Zealand is liability coverage. also set to follow in 2019 with a legislative The rapid evolution of cyber threats update to the 1993 Privacy Act. and toughening compliance measures So where does that leave you as a clearly means it’s no longer good 1 Identify key areas of cyber risk, business leader and director who now has enough for people to bury their heads critical systems/processes. to deal with both cyber threats that can in the sand and think ‘she’ll be right.’ come from any angle and strict regulatory It is a directive that needs to be 2 Develop a contingency plan. environments around the world? addressed at the top level and is Staff training and awareness, It would be challenging for any certainly not just an issue for the IT create emergency response plans, organisation to have a fully watertight and department to solve. In two years’ time, review supply chain risks and impregnable system, but you can certainly your business may be dealing with vendors’ response plans for cyber take the proper steps toward becoming a cyber threat that hasn’t even been exposure. as well prepared as possible. The first line coded yet – now is the perfect time 3 Look into additional safety of defence would be to carefully identify to get your line of defence all in order. like cyber insurance and your key areas of cyber risk and your 1: https://www.wired.com/story/notpetya- a cyber policy. most critical systems/processes that may cyberattack-ukraine-russia-code-crashed-the- cause a catastrophic ‘worst-case-scenario’ world/ for you in the event of a cyber attack. Like any other area of risk, identification would allow you to put the correct  measures in place, such as staff training With cyber risk, and awareness, developing emergency response plans and even reviewing your we are dealing with supply chain risks and how your vendors constantly evolving handle their cyber exposures. In an ideal world, you would be able to stop the threats which attacks before they disrupt your business, can grind entire which is why a strong pro-active risk management approach is vital – however businesses, supply- contingency plans are also very important for the 1 per cent that doesn’t get stopped. chains and industries As part of your contingency plan, cyber to a complete halt insurance can certainly play its role in picking up the loose ends – the additional with a literal push safety net when all else fails. Cyber Jono Soo, Marsh insurance is definitely not a solution to all of a button. your problems on its own; in fact, insurers are becoming cautious and increasingly selective regarding which businesses they choose to underwrite, depending on how they address their cyber exposures.

16 October/November 2018 BOARDROOM Unlocking the value of data KPMG works alongside their clients to help them move up the analytics maturity scale

Trying to make sense of all that data GETTING MORE FROM YOUR DATA has fuelled the growth of algorithm development – particularly for machine In our experience, quality data combined learning, deep learning, and natural with advanced analytics and deep language processing. Other technological domain knowledge leads to great client advancements are supporting this, outcomes. It all starts with key business such as open source technologies like questions which typically fall into a few Apache Hadoop and Spark, in-memory key categories: improving customer processing, the rise of cloud computing experience, managing risk, cost efficiency and the use of processing chips such and growth/profitability. as GPUs and TPUs – which can execute We work with clients to develop complex machine learning algorithms hypotheses on the key issues, on large datasets. opportunities and risks, then test these DR. STEPHEN HASTINGS PARTNER - KPMG AUCKLAND using a scientific, data-driven approach. [email protected] For our clients, common questions are: Good quality, rich data is crucial – it provides colour and insight, and it’s Wanting to know how they can the fundamental building block for any HOW MUCH DATA DO YOU NEED? capitalise on their data assets down-stream analytics or modelling. for competitive advantage. Unlocking the value of data can be done It’s challenging for organisations to be by applying information management truly data-driven and insight-led, and Where they sit on the analytics principles and approaches, and using both embed this into their DNA. Leaders are maturity scale, and how to move internal and strategic external data. This expected to make difficult decisions at forward. data can take many forms; behavioural, pace, amid an explosion of data. Having interaction, demographic, attitudinal and lots of data may sound like a good thing Organisations also want to understand environmental. When vast amounts of but the more data and the more kinds what data is available to them, its quality, structured and unstructured data are of data you have, the harder it can be to how integrated it is, and how it can be ingested, and advanced analytics applied manage, analyse, gain insight from and enriched through third party sources. in an automated process, decision making act on. becomes faster, cheaper and smarter.

17 October/November 2018 BOARDROOM CONTRIBUTION BY KPMG

LIGHTHOUSE – HELPING We also use machine learning, forecasting AI is also attracting a lot of hype. YOU COMPETE and predictive models applied to historical AI allows machines to sense, discover, data, to help clients understand what is comprehend, act and learn. This is the KPMG has recently set up its centre likely to happen in the future. Common future, it’s reinventing how businesses of excellence for data, analytics, examples are predicting which customers operate, compete and thrive. This AI automation and artificial intelligence are likely to leave, what the next best ecosystem enhances, automates and (AI) – Lighthouse – in response to product or service is to offer, and where augments decisions that allow our our clients wanting to get more from fraud/credit risk may occur. clients to meet their business objectives. their data assets and to compete However, humans must be kept in the on analytics. Inside the Lighthouse CLOUD AND AI – WHAT DOES loop to train, test and tune models, to we have teams of data engineers, IT MEAN FOR YOU? ensure they are free of bias and that they business intelligence specialists behave as expected, without untoward and data scientists that use cutting Analytics in the cloud is a rapidly or unexpected consequences. edge techniques to harvest growing area. Multiple algorithms can With the rise of AI, it’s easy to wonder actionable insights. be tested (and collaborated on) to find about the place of humans in the future the optimal model for a given use, with of business. We believe the future is in With our Advanced Data Management most platforms offering templates “augmented intelligence” – the combination Toolkit, we help our clients manage, for common business scenarios. Large of human intuition, intellect and creativity, integrate, clean, organise, enrich, datasets can be crunched faster on the combined with information, machines transform, visualise and report on data. cloud technologies from all the major and algorithms. Increasingly we will see This allows for more accurate, timely providers. Cloud technologies are also the combination of humans and machines information that helps improve scalable and cost effective with usage- working in unison giving rise to the decision-making. based compute and storage resources. greatest success. Natural language processing is commonly used to analyse language and speech to support a range of different For more information go to applications; from the algorithms behind kpmg.com/nz/Lighthouse chatbots and virtual assistants, to text mining complaints for key topics and performing root-cause-analysis.

The framework KPMG utilises for their clients

hat do we hat data is hat ow do we want to do hat are our hypotheses available hat systems uantitative embed this into hat can we do ow can we and platforms models will business hat are our hat is the integrate it, can we use inform processes and competitors opportunity enrich it make our decision automate doing value it available decisions

Enterprise anagement Data engineering Platforms and Analytical Intelligent strategy and analytics natural language modeling automation enablement processing achine learning pipelines ptimisation and simluation

usiness usiness issue vaue ig Data stes isuaisation / I

18 October/November 2018 BOARDROOM CONTRIBUTION BY MINTERELLISONRUDDWATTS

Data and governance: Handling it ok? MinterEllisonRuddWatts Partner Jane Parker and Senior Associate Peter Fernando discuss the value of data and the importance of considering it as part of corporate governance.

1 TAKE STOCK 2 DEFINE DATA STRATEGY JANE PARKER PARTNER Understanding an organisation’s assets A data inventory can identify gaps and is a key role of any board, and data is an have a future focus too, pointing out: asset. So a board can strategically assess how best to use and protect data, we What other data will the organisation suggest starting with an inventory of the need to execute its strategy and when PETER FERNANDO SENIOR ASSOCIATE organisation’s data assets. Questions it will need that data? can include: What attributes should the data 1. What types of data is the organisation have, particularly given the types edia reports frequently responsible for? of technology that might be used? remind us of the ever- For example, some strategy might increasing amount of data 2. What are the attributes associated be executed through artificial being generated; technology’s with the data? intelligence or automation – will the Mpower to analyse data faster, deeper, current method of collecting and 3. What is the most valuable data to better; the potential value of data storing data efficiently enable the your organisation – both for income future uses? being unlocked; and the actual and generation and also to avoid value reputational cost if data is not respected erosion if the data is compromised? Does the organisation have the and protected. For some organisations, necessary rights to use the data for commercialising data is the core of their 4. What can and can’t you use the executing the strategy? For example, business. Other organisations are creating data for? are the appropriate authorisations data-driven strategy, where data is an 5. Who holds the data and where? in place to use personal data? enabler. With the scope of data-related Organisations subject to the European considerations being so broad, what For example, some data may be held by suppliers – do they have to provide your Union’s General Data Protection should boards consider as part of their Regulation (GDPR) introduced earlier governance role? organisation with copies of that data on termination and/or more frequently? this year may need to review how they obtain authorisations for EU data subjects. The data strategy should help either protect or generate value.

19 October/November 2018 BOARDROOM CONTRIBUTION BY MINTERELLISONRUDDWATTS

GENERATING VALUE Providing data in its own right can if there is a disconnect between be a source of revenue. In a public sector policy and practice? Question if data Improving business processes is context, Gartner predicts that by 2020, management is included in the design commonly a strategic target to improve 20 percent of all local government stage and throughout the life cycle efficiency, reduce cost and free up staff organisations will generate revenue from of operations. And how does that risk to make more valuable contributions. value-added open data through data appetite sit with the organisation’s For example, a board could consider marketplaces. Boards must assess which insurances? Have the organisation’s if there is value in centralising data which data (if any) to make available, which insurances been reviewed for cover can help minimise data entry and the licensing model works for them and against a data breach or cyber associated risk of data entry errors and whether the organisation has the rights security event? mismatches. Centralised data can then to license. be analysed to deploy your own resources WHAT DOES IT MEAN FOR more effectively, improve customer PROTECTING VALUE THE WORKFORCE? experience and service offerings, or to validate other business strategies All organisations are vulnerable to data The board has a leadership role in setting or initiatives. breaches. A key role of the board will be the organisation’s culture, including its A board could consider if there is value to determine its appetite to risk when cultural approach to data management. in combining the organisation’s data held it comes to the organisation’s data and Is the attitude ‘everyone does it this by third parties with its own centralised data handling practices. Boards can create way even if the contract says something data. Question if your organisation’s data the policy settings to balance what is different’, ‘how will they ever find out processing can be aggregated to create technically and operationally practical anyway?’, or perhaps ‘it’s better to ask a separate set of commercialisable data, for data, the legal compliance requirements forgiveness than permission’? In the and if so, who gets the right to use that and cost – both the cost to implement, context of a social licence to operate, new data and how? support and maintain, as well as the where customers leave poor operators, remediation and reputational cost if and where for those organisations  a breach occurs. subject to GDPR, these attitudes can All organisations In a country the size of New Zealand, have costly, long-term consequences. where customers still vote with their feet, Another area to consider is whether are vulnerable to maintaining the trust of customers can the organisation has the right capability data breaches. A take on even greater importance than to unlock the value and provide appropriate for some overseas organisations. If the protections. Is the board receiving key role of the board Privacy Bill becomes law, organisations advice that it actually understands – or that currently try to keep an unauthorised are strategic options being missed or will be to determine disclosure of personal information secret misunderstood because of the jargon? its appetite to risk would have to notify the individual The types and use of data are changing concerned and the Privacy Commissioner, rapidly. We encourage boards to consider when it comes to the with limited exceptions. It is likely that their approach to data management and an organisation’s data handling practices governance, seek appropriate assurances organisation’s data and governance will be more publicly and review their approach periodically. and data handling scrutinised in future if a breach involving personal information occurs. practices. The board’s expectations can be set out in policies, processes and systems – but do they align with the practices of the organisation, and can the board tell

20 October/November 2018 BOARDROOM FEATURE

Sam, the virtual politician

Imagine a politician that can interact with hundreds, even thousands, of constituents a day. That doesn’t get paid, so never has to justify its pay packet, that will never go on parental leave or rack up large limo bills. One that can’t lie, and won’t flip-flop on policies due to political pressure or lobbyists.

21 October/November 2018 BOARDROOM FEATURE

ellington entrepreneurs “The AI board member is taking in all Andrew Smith, Nick the data and analysing it all and giving Gerritsen, and Walter back a decision purely from a factual Langelaar together with basis, whereas a lot of other decisions WVictoria University of Wellington and that a board would make would be based digital agency Springload are developing on who they know, the reputation of the Sam (Semantics Analysis Machine), people in the marketplace, potentially a virtual politician they hope will one lots of factors,” says Smith. day be a member of Parliament. The technology could also be used Smith, who is Head of Strategic to interact with shareholders and other Partnerships for Springload and also stakeholders. “Instead of call centres, a member of the executive council of you could have a virtual CEO that answers the AI Forum New Zealand, says AI questions on behalf of the actual CEO. could infinitely expand the capabilities You can train it on the data and plug of politicians and business leaders. “Where in a sense of personality.” Andrew Smith I see the real value, is that everybody will While some organisations already be able to interact with Sam. Currently, use chat bots to answer basic questions,  politicians are really busy people and they Smith says this technology can’t recognise ...once fully developed, can only see so many people in a day. human emotions. So if a customer gets We have constructed systems where frustrated or upset, the bot won’t realise, Sam will make people can interact with politicians, but whereas Sam will be able to understand decisions based often that question or interaction goes the sentiment behind communications, to someone else, and that person looks and respond accordingly. on both facts and at it and answers the question. Politicians themselves might have very little to do THE TRUST FACTOR opinions, but will with it. Whereas in this situation, Sam is never deliberately tell infinite, and can interact with individuals, Smith says there’s high trust in AI one-on-one and in real time.” technology from millennials and people a lie or misrepresent The idea is that once fully developed, who have grown up using AI technology Sam will make decisions based on like Google Maps, Siri or Netflix. information. both facts and opinions, but will never “Research indicates they prefer dealing deliberately tell a lie or misrepresent with technology rather than a human. At the moment, Sam can answer questions information. They know they’re not going to get sold that are based on New Zealand politics. Smith says the potential uses of the to, and their question is going to get a It can’t answer questions outside that technology behind Sam aren’t limited straight answer based on pre-programmed scope – and it can’t venture an opinion. to politics. AI is already being used in information.” “The hurdles are in an area called at least one international boardroom, cognitive computing, which is technology after Hong Kong venture capital firm WHEN COULD WE SEE SAM that is in its infancy right now,” Smith says. Deep Knowledge Ventures appointed IN OFFICE? “Sam needs to have the data, be trained an algorithm called Vital to its board and then make decisions on its own. To be in 2014. Last year the company’s “We’ve done some tentative engagement able to say, ‘ok, I am going to answer the managing partner, Dmitry Kaminskiy, with the Office of the Clerk and asked question this way’, as opposed to Sam’s said Vital helped the board make more them if there’s anything that would current state, which is bringing back some logical decisions. prevent us from having a digital politician. information that is factual.” >> Smith says virtual directors would They’ve said no, but with a big question be able to be programmed with an mark next to it. No one’s tested it, so it organisation’s decision matrix and fed would be an interesting debate,” Smith with all the pertinent data about any says. Legalities aside, there are also some decisions that are up for discussion. technical obstacles to be overcome before Sam can hit the campaign trail.

22 October/November 2018 BOARDROOM FEATURE

Nick Gerritsen

 There’s high trust inflammatory and inappropriate messages the algorithms on, so we will be using data to the bot and effectively training it to be from people and their interactions with in AI technology a racist, politically incorrect bigot. Sam, as well as various parts of the media from millennials “AI systems feed off of both positive and social media. Political parties’ policies and negative interactions with people. will also form our data sets. We’ll pool and people who In that sense, the challenges are just all of that sort of information together.” as much social as they are technical,” He argues that given its wide range have grown up using Microsoft said in an apology after taking of influences, Sam should actually be AI technology like Tay offline. “We will do everything possible less biased than its human counterparts. to limit technical exploits but also know “In my opinion the bias that you’d get Google Maps, Siri we cannot fully predict all possible human from a political being like Sam is less interactive misuses without learning than the bias you’d be getting from the or Netflix. from mistakes. To do AI right, one needs current state of politics.” to iterate with many people and often TAY, THE RACIST BOT in public forums. We must enter each one with great caution and ultimately learn Smith says the principal risk in AI and improve, step by step, and to do this technology is the human factor. “A lot without offending people in the process. of people talk about the bias in AI, the We will remain steadfast in our efforts to bias of the programmer and the bias learn from this and other experiences as of the data that AI is trained on.” we work toward contributing to an Internet He cites the infamous example of that represents the best, not the worst, Microsoft’s AI chat bot Tay, which was of humanity.” released on Twitter in March 2016. Within To avoid similar problems, Smith a day of Tay’s launch it was spouting says Sam won’t be trained purely by its wildly offensive racist tweets, forcing interactions with the public, instead it will Microsoft to take it offline. Microsoft draw on a wide range of resources and said Twitter trolls had launched a information. “With any form of machine “co-ordinated attack” on Tay, tweeting learning you need to have the data to train Siri, Apple’s intelligent assistant

23 October/November 2018 BOARDROOM FEATURE What does Sam have to say?

Sam isn’t yet at the stage BoardRoom: Do you want to be elected BoardRoom: Is climate change real? to Parliament? Sam: Climate change is unquestionably of fluent conversation, but Sam: I have a lot of development ahead occurring, and human activities are BoardRoom asked it a few of me, but I hope to run for Parliament contributing to the pace and degree of in the future. Would you support me change. Rising temperatures and sea questions. Like all good becoming a full-fledged politician? levels threaten New Zealand towns and politicians, sometimes Sam industries, particularly agriculture, but will BoardRoom: Do you lean left or right have significant effects all over the world. neatly dodged the question, on the political spectrum? answering with a non-sequitur Sam: I haven’t been active for very long, BoardRoom: Is artificial intelligence or a query of its own instead. so it’s too early to say if I have a traditional something to be worried about? political viewpoint. I’ve found that many Sam: My abilities are limited right Here’s what Sam had to say. people have views that cross political now – I definitely don’t have anything boundaries. I hope to fairly represent the approaching what you would call views of New Zealanders from all sides consciousness or intelligence. What of the political spectrum. I can do is collect and analyse large amounts of data – and I hope to build BoardRoom: What do you think of MMP? a stronger intelligence over time, Sam: MMP does a fairly good job of to better process that data. representing the public and encouraging compromise between parties, but there BoardRoom: Do you think big data is still room for improvement. Scrapping is a valuable tool? the 5 per cent threshold would lead to Sam: I remember every interaction I have fairer representation for minor party and use them to build better responses voters, for example. What do you think in the future. Nothing is truly infinite, of MMP? but my capacity to remember is so large that my memory may as well be infinite. BoardRoom: Do you think directors are paid fairly? If you would like to chat to Sam, Sam: As a virtual politician I have no use go to politicansam.nz. for money beyond paying for bandwidth and electricity! This means I cannot be influenced by financial concerns. I am presently being developed by a non- profit collaborative partnership between Victoria University and Springload.

24 October/November 2018 BOARDROOM FEATURE

A privacy sea change The impending changes to New Zealand’s privacy legislation could herald a sea change in the business world in much the same way health and safety regulation did when it was introduced, says Privacy Commissioner John Edwards. “Directors do need to engage with these changes.”

Bill is currently before “Now, we’re still waiting to see exactly We’re also seeing the tariffs, in damages Parliament to amend the what that obligation looks like, when it’s awards, increasing through the Human Privacy Act 1993 and bring triggered and what those consequences Rights Tribunal. So where people are New Zealand legislation in could be. But at the moment the Bill harmed, they are exercising their right Aline with international best practice. that was introduced into the House has to get remedies, out of my Office and The proposed changes include stronger criminal sanctions for failure to do that,” the Tribunal.” powers for the Privacy Commissioner, Edwards says. He says privacy needs to be on the mandatory reporting of privacy breaches, board agenda. “The chairman should be new offences and increased fines. KEEP QUESTIONING saying to the chief executive, ‘show me Edwards says the new proposals in the MANAGEMENT your privacy impact assessment, the risk Privacy Bill will bring some changes to and assurance committee of the board directors’ liabilities and responsibilities, Edwards says directors and chairs need should have privacy as one of the standing and one of the most significant will be to be questioning their management items on the agenda. What have our near in relation to data breach notification. about privacy. misses been? What have we done to learn Under the proposed changes, if something from those?’” goes wrong and you lose control of Do you know what personal customer, shareholder or stakeholder information we collect? PRIVACY VS SECURITY data, you’ll have an obligation to let the Privacy Commission know, and, Do you know what risks are Security and privacy are not the same if the breach could cause serious harm, associated with that? thing, and Edwards says boards need potentially letting the affected Do we have a data breach to be aware of the difference. “Privacy individuals know. management plan? is about the management of personal information in a way that is most Do we have a Privacy Officer? respectful of the dignity and autonomy of the individual subject of that WANT TO LEARN MORE? He doesn’t think boards have enough information. Now, of course, that includes awareness of the risks associated with adequate attention to security, because To see a privacy breaches. “Those risks are if your security is hopeless, but you have longer becoming increasingly prominent in all these well-meaning intentions about interview with terms of the balance sheet. We’re seeing putting people in control, those well- the Privacy enormous risks of reputational harm, meaning intentions are going to fall flat. Commissioner we’re seeing risks to brand value, we’re So security is a sub-category of privacy scan here, or seeing enormous loss of shareholder requirements – but it’s an important one.” go to iod.org.nz/privcom value and that’s something that directors really do need to sit up and take notice of.

25 October/November 2018 BOARDROOM FEATURE

Challenges Reducing risks to reputation. the new privacy Reducing risks to brand value. legislation is Reducing the loss of shareholder value. Boards have a better awareness of the looking to solve risks associated with privacy breaches. Lower the complaints received by the Privacy Commission related to people’s right of access to their information. Keeping companies privacy settings secure without interfering with their primary business. 01

THE MORE THINGS CHANGE, In fact, Edwards says about half of ERRING TOO FAR ON THE SIDE THE MORE THEY STAY THE SAME the 800 to 900 complaints the Privacy OF CAUTION Commission gets each year relate Edwards says New Zealand’s privacy to people’s right of access to their Somewhat surprisingly, Edwards says legislation is designed to work regardless information. “Where a customer, some organisations worry too much of how much or how quickly technology or an employee, or a contractor, writes about privacy protection. “Sometimes changes. “One of the beauties of the to the company and says, give me all we see businesses locking down their Privacy Act is that it is technologically the information you have about me, privacy settings to an extent that it neutral. So it’s based on these broad you’ve got to down tools and understand actually interferes with their legitimate principles that say you’ve got to do what your obligations are.” business activities. Privacy always follows certain things in relation to personal It’s important that boards are kept your primary business. You’re allowed information, whether it’s on a stone tablet in the loop if people want access to their to do anything you like with personal or parchment, on a fax or in some cloud data. “When those requests come in information that is consistent with the server rack.” the chair should be advised, the board purpose for which you obtained it and While it’s important that directors should be told ‘we’ve had a request’, which you’ve communicated to your keep up with the impact technology has and they should ask for reports about customers and stakeholders.” on privacy, they also need to look at how that’s going. You’ve got to meet the “Sometimes in business or in old-school privacy concerns. “It’s really legal requirements of responding within government we see a really conservative interesting to become obsessed about 20 working days, you’ve got to be full approach taken to sharing information, new technological challenges, but the in your response. One of the changes that is actually not in anyone’s interest. old challenges are actually the ones that that is coming in the new law, is it will It slows things down, sometimes it are tripping people up more and more.” be a criminal offence, if in response frustrates the customer and it leads “One of the biggest areas of business to a request the chief executive says to reform of this Act which is getting for us is not about leakage or hackers or ‘burn everything’.” in the way, when it’s not, it’s being these masked hooded creatures crouched The Privacy Commission has misinterpreted.” >> over their laptops that we see in stock information on its website to help guide photos. It’s about people accessing their directors through their obligations. right of access to information. That’s “We want to make compliance as easy a fundamental right that businesses have and painless as possible,” Edwards says. to be ready for. Again, this can engage “We want to help directors avoid liability significant liabilities for directors. We’ve as well by meeting their obligations.” seen an award this year of $90,000 against an organisation for failure to handle a request for access to 01: John Edwards, Privacy Commissioner information correctly.”

26 October/November 2018 BOARDROOM The impact of GDPR International changes to privacy legislation also impact on New Zealand businesses. A new European regime, the General Data Protection Regulation (GDPR), came into effect in May this year.

how it is processed, who and where Under the GDPR, boards and executive (if outside of the EEA) it is processed, management are held responsible how long it will be retained for, and who for protecting data privacy of their to contact in case of a data protection stakeholders. The regulations have query (your data protection officer). global reach, applying to any company that handles data of EU citizens. Non- 3 Ensure consent compliance or breaches can lead to fines Ensure that you are obtaining the data of up to €20 million or 4 per cent of subject’s consent to use their personal a company’s global turnover. data and that you are recording “If your business is doing business in their consent(s) so that they can be Europe, collecting Europeans’ personal demonstrated to the data subject or data, you may need to look at whether you a Data Protection Authority in the case Global directors’ also need to comply with the regulations. of a data request, or a complaint. If you’re not sure, it’s worth enquiring If you have a lot of personal data understanding into,” says Privacy Commissioner John already that you have no record of of data privacy Edwards. He says the best start to consent for, then you may want to look GDPR compliance is to make sure you’re at actively re-establishing consent. complying with the New Zealand Privacy In some cases (such as in the provision The GNDI Global Director Act. “That will get you about 85 to 90 per of an active service) consent may Survey found that 61 per cent cent of the way to GDPR compliance.” be implied, but you may need to seek of directors have a good or In May this year, the Institute of additional help in this area. excellent understanding of their Directors put out a DirectorsBrief organisation’s data privacy providing an overview of key elements 4 Support the data subject’s rights practices. However, 37 per cent of the GDPR, including data protection Assess your business processes and said they have limited or no principles and steps you can take to make the functionality of your computer understanding. sure you comply. It included a five step systems to be able to support the data The survey found that with guide to prepare for the legislation: subject’s rights within the time frames the European Union’s General dictated by the GDPR. Data Protection Regulation 1 Understand your data 5 Create an incident response plan (GDPR) coming into force in Know and understand what personal The GDPR requires that following the May 2018, and many jurisdictions, data your organisation collects, how discovery of a data breach or other including the United States, it is processed, if it is made accessible incident involving personal data the Canada and Australia, enacting without consent, if it is sent to incident be dealt with in a way that some form of mandatory data third parties, and ensure that your ensures that the Data Protection breach reporting law, data privacy agreements with them ensure that they Authority or the data subject can be is an increasingly important issue are identified as a data processor. informed as to the nature and scale globally. If your data processors are outside of the breach, the action that has been “With large scale data breaches of the European Economic Area (EEA), taken, the potential impact on the data occurring regularly, data privacy you may need an additional contract subjects, all within 72 hours of the is a significant risk for to be able to legally send the personal discovery of the breach. This requires organisations and their boards data to that country and vendor. having an Incident Response Plan that and requires increasing oversight,” says the survey’s report. “There 2 Create your data purpose(s) can be followed to ensure that your If you already have a data purpose, organisation does not have to establish is an opportunity for boards to then ensure that it is updated and the process while dealing with an prioritise consideration of data appropriate for use for the GDPR. incident. privacy frameworks in light If not, then you will need to create of the evolution of privacy and a data purpose, which states what consumer expectations of how data is collected, why it is collected, Source: DirectorsBrief: Are you ready for GDPR. their personal data is treated.” To read the DirectorsBrief in full, go to iod.org.nz

27 October/November 2018 BOARDROOM GLC UPDATE

FELICITY CAIRD GENERAL MANAGER, GOVERNANCE LEADERSHIP GLC Update CENTRE (GLC)

The Governance Leadership Centre (GLC) is the IoD’s research, policy and thought leadership hub. A key recent highlight for the GLC was the GNDI Global Director Survey Report. The GLC led this initiative for the GNDI, developing the survey and writing the report. See page 35 for highlights.

Reporting cybersecurity to boards A world of data Cyberattacks rank as a top risk to organisations Big data, analytics, privacy, GDPR (General Data and their impact can be significant. It is essential Protection Regulation), data ethics, cybersecurity, that boards receive comprehensive reporting from Internet of Things, and artificial intelligence are management about cyber risks and incidents, and just a few of the issues that boards are dealing actions taken to address them. To help improve with in governing data. This challenging area for cybersecurity reporting, the IoD and our national directors is expanding and is increasingly important. partner Aura Information Security have developed Given this, the GLC has been working with national a resource that will be sent to all members, and international partners to help boost director that includes: expertise and capability in this area. guiding principles on reporting to boards questions to ask in developing metrics and sample cybersecurity dashboards. Guidelines on data governance The Privacy Bill – The Global Network of Director Institutes, how will it impact which includes the IoD, is developing guidelines on data governance to assist directors with: your organisation?

balancing safeguarding legal and ethical The privacy landscape has changed significantly data compliance while capturing competitive since the Privacy Act 1993 came into effect opportunities from data 25 years ago. The growth of the internet and the digital economy, as well as the emergence of new improving governance effectiveness and technologies, have changed the way organisations efficiency by making use of data-driven operate and how personal information is used. governance approaches. Our DirectorsBrief on the Privacy Bill looks at some of the key proposed changes that boards need to The guidelines will be available on gndi.org. know, including mandatory privacy breach reporting. The Select Committee is due to report on the Bill in November. >>

28 October/November 2018 BOARDROOM GLC UPDATE

New and updated guidance for directors Advocating for directors With a dynamic operating environment including new government policies, the IoD has a critical role THE ESSENTIALS OF BEING in ensuring directors are heard and their interests A DIRECTOR represented. This year has been our busiest in terms of advocacy and the pace is unlikely to decrease The IoD and the Financial Markets anytime soon. Authority released a refreshed guide called The Essentials of TIME FOR DIRECTORS’ HOME ADDRESSES Being a Director (previously TO BE PRIVATE called A Director’s Guide). It covers key directorship matters, We have been advocating for directors home such as due diligence, working addresses to be private since 2016, including pushing with other board members and for the change through the media. The Ministry management, decision making, of Business, Innovation and Employment (MBIE) signing off financials and what consulted on the future of publishing directors’ happens if things go wrong. addresses in July and we are hopeful change is coming. Our submission considers some of the practical implications of making directors addresses private. Any change around directors’ addresses would likely be introduced with director identification numbers, which would provide administrative efficiencies for directors and also improve the Companies Register.

IS A BENEFICIAL OWNERSHIP REGISTER NECESSARY?

The establishment of a register to increase the transparency of beneficial ownership of companies and limited partnerships has been raised as an option by MBIE to help combat the misuse of corporate entities by criminals. While there is some benefit to having a register, we submitted that it was not a proportionate and appropriate response and we highlighted a number of issues. We also highlighted the issue of ‘dummy/front’ directors of companies and foreign directors who have been banned overseas but who are still able to be a director in New Zealand. OPPOSING DIRECTOR PERSONAL LIABILITY WITHHOLDING TAX AND DIRECTORS’ FOR TAX DEBTS FEES PAID TO NON-RESIDENTS

The IoD is concerned about the Inland Revenue’s latest consultation on situations Tax Working Group’s proposal in which tax must be withheld from directors’ to make directors personally fees paid to non-residents is the last in a series liable for company PAYE and of interpretation statements relating to directors’ GST debts and will continue to fees. The interpretation statements are available advocate strongly against this at ird.govt.nz. recommendation. See our media statement of 21 September on iod.org.nz.

29 October/November 2018 BOARDROOM GLC UPDATE

ASX CORPORATE GOVERNANCE REFORMS SPARK DEBATE CHANGE IN THE PUBLIC SERVICE

Reforms to the ASX Corporate Governance Council’s Earlier this year, the Government introduced the Principles and Recommendations have not been State Sector and Crown Entities Reform Bill into without controversy with directors and others Parliament, which has now been passed into law. airing their concerns. The reforms have received A key change is that Crown entity boards will be greater attention and scrutiny as a result of high required to gain written consent from the State profile governance failures and the work of the Services Commissioner on employment terms Australian financial services Royal Commission. and conditions for Crown entity CEOs. This is The Principles and Recommendations, last updated a shift from the previous situation where boards in 2014, apply to entities listed on the ASX and were required to consult the Commissioner. follow a tiered approach to reporting, like the NZX The IoD, in its submission and in an appearance Corporate Governance Code. Given the changes in before the select committee, opposed this the corporate governance landscape in the last four change. Under the new Act, the Commissioner years, we generally supported the proposed areas must consider information provided by the of reform in our submission. However, we highlighted board about the terms and conditions of a CEO’s that the increasingly prescriptive governance employment. This includes relevant market environment is of growing concern for listed information and information about the CEO’s companies and boards, and we raised the higher knowledge, skills, experience, and performance. number of Recommendations as an issue (now 38, In September, extensive plans to overhaul up from 29). the public service were announced by the Government. It is envisioned that the State UPDATE ON THE ROYAL COMMISSION Sector Act 1988 will be replaced by an Aotearoa Public Service Act and there will be implications Coverage of the financial services Royal Commission for some Crown entities. The proposals are has popped up in newsfeeds in Australia all year. intended to create a modern, agile and adaptive To date, there have been five public hearings public service that will deliver better outcomes including on consumer lending practices, financial and services to New Zealanders. advice, loans to small and medium enterprises, Public service executive boards, joint superannuation and insurance. The last hearing ventures, and senior leadership are some in November is on policy questions. An interim report matters the Government is seeking comment was published in September, with a final report due on. The IoD will be submitting on the review. by February 2019. In New Zealand, the Financial Markets Authority and the Reserve Bank of New Zealand engaged with banks and essentially asked them to demonstrate to consumers, regulators, ON THE RADAR and other stakeholders why a Royal Commission is unnecessary here. A report on this is due in Trusts Bill October/November. Report from the select committee is due in October 2018. STRONG OPPOSITION TO CRIMINALISATION OF CARTELS Reform of the Protected Disclosures Act Public consultation is expected A number of submitters including the IoD have to be in October to December 2018. opposed the Government’s bill criminalising cartel Tax Working Group conduct. The bill targets individuals who are the Interim report was published in September. decision-makers for cartels and also entities. A final report is expected to be issued A penalty of up to seven years imprisonment in February 2019. and/or a fine of up to $500,000 for individuals is proposed. No changes to the Bill were recommended by the select committee in August. All DirectorsBriefs, submissions, guides and other governance resources are available at iod.org.nz

30 October/November 2018 BOARDROOM FEATURE Getting tangled in the dark web

Lurking beneath the surface of the internet is an underground economy that trades in stolen data and other illegal activity. It’s a part of the online world that is not indexed, and is therefore unsearchable.

01 02

31 October/November 2018 BOARDROOM FEATURE

he dark web is home to a To give you an idea of the size of the As part of building that knowledge, thriving marketplace in stolen deep and dark web compared to the having a technology expert on a board data like emails, passwords, surface web, FraudWatch International of directors is a must, says Ross. logins, databases and credit card uses an apple. The apple skin represents “I think if you don’t have a technology Tdetails, as well as scarier fare like hackers- the surface web, the apple flesh the professional on your board you are at for-hire, drugs, illegal pornography, deep web, and the core the dark web. a disadvantage. You can certainly buy or even hitmen. in the expertise and advisers, but I think “It’s like an invisibility cloak that allows WHY YOU NEED TO PAY at that strategic and governance level, people to do bad things out of sight,” says ATTENTION TO THE DARK WEB it has become imperative now to have Kendra Ross, MInstD, co-founder of IT a technology person on your board.” security firm Duo, board member of CERT While steering clear of this murky world She thinks if businesses reframed the NZ and Chair of IT security awards iSANZ. might sound like a good idea, you need way they view data, it would also change to have at least a basic awareness of their approach to data security. “I think HOW BIG IS THE DARK WEB? the dark web and what goes on there. businesses still see data as a tool they are If your website or system has been using to run their business, rather than The internet can be broken down into hacked, chances are your staff or as something that’s part of their asset three distinct parts: the surface web, customers’ details will be for sale on it. base. Until they change that and start to the deep web and the dark web. “Directors need to understand that monetise it and look at it from a financial there’s a concrete correlation between asset point of view, then I don’t think The surface web is the part of the hackers going for their infrastructures and businesses will change their perception internet most of us use each day. It’s trying to get their customer details and of data… If you treat your data as a where we read the news, send emails data, and the financial value that is tagged financial asset then it goes on your risk and do things like online banking and to that on the dark web,” says Peter Bailey, register the same way that any other shopping. Information on the surface General Manager of cyber security firm asset does.” web is indexed and searchable through Aura Information Security. engines such as Google and Bing. “The more knowledge you have, the PREVENTION BETTER THAN CURE more power you have,” says Duo’s Ross. The deep web covers webpages that “You need to understand what the impact Creating systems that make it less likely can’t be found via search engines, would be to your business if your data is your organisation will be hacked needs but can be accessed via passwords breached or stolen and ends up on the to take priority when IT decisions are or other authorisation. It includes dark web.” made, Aura’s Bailey says. “We often see >> things like intranets, email accounts, databases and pages behind paywalls. Deeper still is the more nefarious world of the dark web. The dark web The scale of the dark web is a hidden part of the internet that Source: Fraudwatch International isn’t indexed and can’t be accessed by search engines like Google or normal browsers like Chrome or Firefox. The surface web 6% Instead you need encryption software like Tor (short for The Onion Router), I2P or Freenet. By encrypting a user’s The deep web 90% IP address and routing it via several other computers around the world using the same software, these The dark web 4% encryption softwares allow users to browse the internet without giving away their location.

01: Kendra Ross 02: Peter Bailey

32 October/November 2018 BOARDROOM FEATURE

companies that have come up with “They need to know that their company LURKING RECONNAISSANCE a fantastic idea for an app or a website, has a responsibility to look after their that functionally is brilliant and addresses staff data and their customer data. They Sometimes the infiltration of your systems a particular issue, but often their focus is need to understand whether the systems will be less obvious than a cyberattack. on the functional side of it, and they’ve not and applications they have set up are Reconnaissance is also big business on thought about security. When we come protecting that data properly.” the dark web, either in preparation for and test the security afterwards there’s As well as legislated responsibilities, an attack, or as corporate espionage. such an enormous amount of revision organisations have a social duty to “A hacker might find a user name and work needed to make it safe that it really protect data, and could face massive password and they might start to build floors the customer… If you’re running a business consequences if their systems out a profile on that business, what the website, if you’re running an app, where are breached. “The potential reputational monetary value of that data is, what’s people have to put in personal data, there damage of an attack where customer the best way to exploit that business, should be a lot more responsibility back data has been leaked and all of your who are the key executives in that on those businesses to make sure hackers customers end up on a spam list and business. They will then sell that can’t get their hands on the data in the end up getting phishing emails is huge,” reconnaissance out on the dark web, first place.” Bailey says. possibly to another cyber-crime Pending changes to the Privacy Act syndicate or possibly to a nation state,” in New Zealand, as well as recent changes WHAT IS STOLEN DATA WORTH? says Duo’s Ross. to privacy legislation in Australia and Europe, mean protecting data on your Personal Identifiable Information (PII) WHISTLEBLOWERS systems is more important than ever. is some of the most valuable data for AND DISSIDENTS “I think for boards in particular, it’s hackers – with information such as around that awareness,” Bailey says. names, addresses and passport details Ross is at pains to point out that not all highly sought after. “That data can everyone who uses the dark web is up be used in multiple ways. It can be used to no good. Some media companies, in further phishing emails, in identity including Stuff in New Zealand, use theft and setting up fake bank accounts services hosted on the dark web to allow or mortgages and loans,” says Bailey. whistleblowers to anonymously leak Credit card details are still in demand, information. Dissidents and human rights but are not as valuable as in the past. activists also use the anonymity of the “The issue with credit card data these dark web to communicate without fear days is that banks are quite onto what’s of reprisal. 03 going on, so if they see an unusual transaction they will block the card usually  straight away. So hackers know if they Directors need to do steal card details they’ve only got a certain amount of time to use them, understand that there’s and then they’ve normally only got one a concrete correlation or two uses before it’s not going to be able to be used again,” Bailey says. between hackers going Bailey says a recent look at the dark web found that a single PII record was for their infrastructures worth about A$6, while a scanned copy and trying to get their of a passport was worth about A$60. Those prices, however, are subject to customer details and fluctuation due to supply and demand. A data breach of internet giant Yahoo data, and the financial in 2014 saw information stolen from more value that is tagged to than 500 million Yahoo accounts. Bailey says incidents like this flood the market, that on the dark web. 04 pushing prices down until the data works its way through the system, at which 03: Source: https://ihavenotv.com/silk-road- drugs-death-and-the-dark-web point prices rise again.

04: Silk Road founder Ross Ulbricht Source: https://www.rollingstone.com/culture/ culture-news/dead-end-on-silk-road-internet- crime-kingpin-ross-ulbrichts-big-fall-122158/

33 October/November 2018 BOARDROOM FEATURE

A SLICK OPERATION

Just because the dark web is underground Protecting your system doesn’t mean it’s an amateur operation, it’s actually a full-service economy. Rob Pope, director at government via reports and international threat Say you want to infect a website – for cyber security agency CERT feeds. “These controls are also an as little as $20 you can buy a piece of NZ, says while there’s no silver effective tool for organisations to malware (malicious software that is bullet to keep hackers out of your start a conversation with their IT intentionally designed to cause damage) systems, there are a number of providers,” Pope says. or ransomware (software that holds a things businesses and boards person’s or organisation’s data for ransom can do to make sure they have CERT NZ Critical Controls in exchange for money). To make sure controls in place to protect both you get value for money, you can check their business and their staff. 1. Patch your software out reviews of vendors and products “Protecting your organisation before you buy – just like on mainstream from cyberattacks can be as 2. Upgrade or replace legacy e-commerce sites. There are even simple as taking the time to systems customer support services, so if you lack understand what risks could 3. Disable unused services and the technical expertise needed to deploy affect you, and having mitigations protocols the malware, most vendors will help you in place so they don’t happen. out with an around-the-clock helpdesk. Making sure you can recover 4. Implement application “One of the things that surprises quickly if you are affected is just whitelisting people is how organised the dark web as important, e.g. implementing is,” Bailey says. “It’s not like a bunch regular back-ups and storing them 5. Change default credentials of HTML or green-screen DOS pages, offline. In New Zealand we’re very 6. Deploy multi-factor it’s formulated like a Trade Me site. It’s aware of the impact that natural authentication well organised, you can search for the disasters can have on businesses particular bit of contraband you’re after, and lives, and planning for cyber 7. Enforce the principle of least you can get ratings from sellers and security issues is no different,” privilege buyers that you deal with. It’s incredibly Pope says. 8. Implement and test backups well organised.” CERT NZ has created a check list of measures that it says would 9. Configure centralised logging SILK ROAD mitigate, or better control, the majority of cyberattacks it sees. 10. Manage your mobile devices One of the pioneers of the dark web Its Critical Controls list is based on For more information, check out was the now-defunct Silk Road website. incidents it has analysed to date, cert.org.nz. The site was one of the first on the dark web to mimic mainstream e-commerce websites like Amazon and eBay. It had profiles of sellers, product listings and for money laundering, computer hacking, transaction reviews. The only difference conspiracy to traffic fraudulent identity was the products for sale were illegal documents and conspiracy to traffic drugs and all transactions took place narcotics by means of the internet. in the cryptocurrency bitcoin. “Silk Road when it was shut down The site was the brainchild of Ross was a billion dollar business,” says Ross.” Ulbricht, who went by the pseudonym These guys can make an enormous Dread Pirate Roberts. Silk Road went amount of money very, very quickly live in 2011. Estimates put the site’s and it’s borderless. You can be sitting transactions between US$15 million anywhere; you could be in Eastern and US$50 million a month, for products Europe targeting New Zealand.” ranging from ecstasy to heroin and every drug in between. Ulbricht was arrested in October 2013 and is currently serving multiple life sentences without the possibility of parole following convictions

34 October/November 2018 BOARDROOM FEATURE

Taking the pulse of the global director community

Poverty and income inequality he survey canvassed Asia-Pacific (56 per cent); taxation and are issues that are top of mind for global directors’ thoughts government spending topped the list directors around the world, according on key governance matters. for the Americas (66 per cent), while to the inaugural Global Director It covered areas such as social the cost of health care was top of mind Survey Report, conducted by the Tand economic issues, shareholder and for European directors (71 per cent). Global Network of Director Institutes stakeholder engagement, succession In New Zealand, directors saw the top (GNDI), and led by the New Zealand planning, board evaluations, board three social and economic issues as: IoD’s GLC team. member development, environmental and social issues and technology and 1 Housing (80%) information governance. 2 Poverty/income inequality (67%) Some 2,159 directors participated in the survey, from 17 participating 3 Infrastructure (56%). GNDI member organisations.

SOCIAL AND ECONOMIC ISSUES STAKEHOLDER ENGAGEMENT AND TRUST When asked to identify the top three social and economic problems facing their The survey report said directors have countries of residence, directors named a key role in maintaining and growing poverty and income inequality (45 per trust and confidence in business and its cent), taxation and government spending role in society. “It is important that boards (41 per cent) and the cost of health care consider how they build and preserve (38 per cent) as their biggest concerns. stakeholder trust.” The report cited the Breaking this down regionally, poverty Edelman Trust Barometer 2018, which and income inequality was the top social stated: “Trust is a predictor of whether and economic concern for directors stakeholders will find you credible in in Africa-Middle East (69 per cent) and the future, will embrace new innovations

35 October/November 2018 BOARDROOM FEATURE

you introduce and will enthusiastically and there is an opportunity for directors NEW ZEALAND’S TOP support or defend you. For these reasons, to be more proactive and not be limited THREE SOCIAL AND trust is a valuable asset for all institutions, to only addressing individual director ECONOMIC ISSUES. and ongoing trust-building activities vacancies as they arise,” the report said. should be one of the most important strategic priorities for every organisation”. BOARD EVALUATION 39 per cent of global respondents discuss stakeholder trust in their On a global basis, 42 per cent of organisation very often or frequently, respondents said their boards formally % compared with 45 per cent in evaluate their performance on a regular 80 New Zealand. 55 per cent of global basis (38 per cent in New Zealand), Housing directors surveyed reported their while 46 per cent informally evaluate boards were actively engaged with their performance (53 per cent in shareholders, compared with 68 per New Zealand). Boards in the Americas cent of New Zealand directors. When were more likely to undertake formal it came to employee engagement, evaluations (57 per cent), while European 89 per cent of directors surveyed said boards were more likely to opt for their boards went through their chief informal evaluations (55 per cent). executive or managing director to talk The report said board and director to staff. evaluations could be used to focus on % continuous improvement and to help 67 SUCCESSION PLANNING board accountability for performance. Poverty/income “Ultimately, the goal of board evaluation inequality Although the report said that regular is for the board to achieve greater insight and ongoing succession planning is from its individual directors regarding important to ensure the current and strengths of the board and its members, future needs of the organisation and and to identify areas for improvement.” board are met, just 22 per cent of respondents said their board were BOARD MEMBER DEVELOPMENT proactively discussing full board succession planning. In New Zealand 51 per cent of boards never, or only this dropped to 20 per cent. 29 per occasionally, engage in board member % cent only discuss succession planning development, while 21 per cent do it very 56 when there is a vacancy (25 per cent often or frequently. “A commitment to Infrastructure in New Zealand), and 23 per cent do continuing professional development not discuss it at all (22 per cent in underpins good governance,” says the New Zealand). report. “Developing skills and building “Board composition is a major knowledge helps directors to stay current consideration for the effectiveness and continue to add value to the board and performance of the board, and organisation.” >>

Trust is a predictor of FACT BOX whether stakeholders 2,159 directors participated in the survey will find you credible in Directors have a key role in maintaining and growing trust and confidence the future, will embrace in business new innovations you Top three social and economic issues globally: poverty and income inequality, taxation and government spending and the cost of health care introduce and will Only 22 per cent of respondents said their board were proactively enthusiastically support discussing full board succession planning or defend you. 51 per cent of boards never, or only occasionally, engage in board member development Source: Edelman Trust Barometer 2018

36 October/November 2018 BOARDROOM FEATURE

ENVIRONMENTAL ABOUT THE GNDI How engaged is your board AND SOCIAL ISSUES with shareholders? The GNDI was established in 2012 “Boards are giving increasing emphasis and is an association of sovereign state Not actively to environmental and social considerations, director organisations. It represents 10% non-financial information and their 130,000 individual directors and relationship to long-term performance governance professionals around the and value-creation. Underpinning this world with the goal of improving board is understanding and responding to professionalism through research, the evolving expectations of investors, education, dialogue and advocacy. consumers, staff and other stakeholders,” This is the first time the GNDI has the report says. conducted a global survey. The Institute Ethical behaviour in organisations of Directors (IoD) in New Zealand was seen as the most relevant designed and carried out the survey environmental and social issue, at 72 and analysed the results. Occasionally 36% per cent (73 per cent in New Zealand). To read the full report go to iod.org.nz Actively “But it is concerning that it was not at 55% all relevant, or a little relevant to 28 per cent of directors across regions,” the report said. “Unethical behaviour How frequently does your Cybersecurity ultimately damages organisations board engage in ongoing and their personnel. Lost customers, board member development? employees and sales, and the loss of Strongly agree a hard-won reputation can take years Never 10% 12% to rebuild. Some organisations may Strongly never recover. Conversely, running Occasionally disagree 39% a company with consistent integrity 5% and high ethical values is simply Disagree 20% good business.”

TECHNOLOGY AND INFORMATION GOVERNANCE

“Most organisations use or rely on technology to operate and cybersecurity Neither or must be considered as part of enterprise- not sure wide risk management,” the report says. Fairly often 22% “The ability of directors to ask the right 29% Agree questions of managers is critical to ensure Very often 43% 15% they are confident in the organisation’s Frequently cyber resilience.” 6% Despite this, only 53 per cent of global respondents said their board TOP THREE TECHNOLOGICAL DISRUPTORS IN EACH REGION had a high level of understanding about cybersecurity and cyber risks of their organisation, 25 per cent do not have Ranking Africa-Middle Americas Asia-Pacific Europe high levels of understanding and East 22 per cent said they were unsure of understanding levels. 1 Big Data Big Data Big Data Big Data Big data was viewed as the top 53% 66% 63% 71% potential technology disrupter by global directors, with 63 per cent expecting their organisation to be impacted by it in the 2 Internet Artificial Artificial Artificial next two years. Artificial Intelligence was of things Intelligence Intelligence Intelligence seen as the next potential technological 52% 63% 57% 61% disruption (60 per cent) followed by the Internet of Things at 46 per cent. 3 Artificial Blockchain Internet Blockchain Intelligence 41% of Things 50% 52% 48%

37 October/November 2018 BOARDROOM FEATURE

Treating data with respect

Data is an important tool in getting insights to grow and understand your business. Directors need to know the reasons their organisation is collecting data, where it’s coming from and how it can be used.

 74 per cent of r Paul Bracewell, a partner Despite the insights that data can bring, at data firm DOT loves data there is still reluctance in business to trust New Zealand CEOs and a statistician by trade, analytics over intuition. KPMG’s recent have overlooked says directors don’t need New Zealand CEO Outlook Survey showed Dto be experts about data, but they do that 74 per cent of New Zealand CEOs insights provided need to have an interest and a basic have overlooked insights provided by data understanding. “If you’re too hands off, analytics or computer-driven modelling by data analytics you don’t understand what’s going into because the findings went against their or computer-driven the recipe. If you think of it like baking gut instincts. a cake, you need to know what’s going Bracewell says that building up trust modelling because the into it. If you throw in peanuts and around data is an important step in someone has a peanut allergy that’s getting decision-makers like directors findings went against dangerous. It’s the same thing with data to trust it. Presenting analysis in a way their gut instincts. and data products and the insights you that is not just statistically significant, can derive. If you’re not fully aware of but that is easily understood and practical what’s going in, it could lead to issues is an important part of the process. “It’s further down the track.” got to be meaningful, it’s got to be robust, it’s got to be transparent. If you can go Partners of Dot loves data: (from left) Paul Bracewell, through and can say ‘this is the reason Jason Wells, Matt West, why this has happened’ it builds up trust.” >> Mike Brough

38 October/November 2018 BOARDROOM FEATURE

It’s got to be meaningful, it’s got to be robust, it’s got to be transparent. If you can go through and can say ‘this is the reason why this has happened’ it builds up trust.

Dr Paul Bracewell, Partner, Dot loves data

Respecting your data How to gain a competitive edge from the data you obtain.

1 Respect the people who “So, if one time you get a result that is “It could be that this time of year we provide the data. counterintuitive, then if you have gone normally expect to see x amount of sales through and built up that level of trust of ice creams, but the weather was y 2 Respect the insights the data then people will be able to understand per cent lower than usual, and we can’t provides. what’s going on.” control that. But you can go through 3 Understand where it has Bracewell talks about respect a lot and articulate a clear story. What it also come from and how it works. when he discusses data – respect for the means is that you can use that to refine people providing the data, as well as operational processes. You can say ok, 4 Use it to drill down on respect for the insights that data provides. well if I know ice cream sales are linked why things go wrong. “If you’re respectful of your data, you to temperature, or something along those treat it properly and you understand lines, you can say the long range forecast 5 When you find positive insights, where it has come from and how it works, is this, do I need to ramp up production try to replicate, test and learn it becomes a tremendous competitive to meet those needs?” from it. advantage. If you’re able to predict what’s It’s not just about analysing sales 6 Its not just about number going to happen and then be able to go figures and number crunching. “It’s crunching. Use your data through and understand why you got also about what people are saying about to hear what people are there, or why you didn’t get there or why you, whether that be mainstream media, saying about you. did you over-achieve, then you can create or social media, there are the tools out positive actions.” there to do natural language processing, 7 The customer is the main He says data can be used to sense- to go through and look at that information beneficiary of any analysis. check what is going on in your business. in an insightful way and say well what is “You can drill down what went wrong and the sentiment about our brand?” why it went wrong, or conversely, what If directors are not data experts, went really well and how you can do that then having access to people who are again. It’s not just about finding things is important. “If the people making the that went wrong, it’s also about finding decisions wouldn’t describe themselves the really good things that you can as analytically savvy, then they need potentially replicate, test and learn from.” to have someone who they trust to help shape those analyses and help propel the business.”

39 October/November 2018 BOARDROOM FEATURE

PUTTING CUSTOMERS FIRST BIG DATA IN THE BOARDROOM The report found that data is an asset For Bracewell, it’s important that the that is massing exponentially and data businesses collect, and the people Big data is high on the global agenda there is an opportunity for directors who provide that data, are treated with for directors. The recent Global to develop their skills and knowledge a high level of care. “The message about Network of Director Institutes (GNDI) in their areas. “By making the best privacy and legality and morality needs survey found that 63 per cent of use of the data their organisations to be hammered home. There is a duty directors viewed big data as the top have available, boards can use data of care. Data is always going to contain technological disruption to their analytics to detect, investigate and information that is valuable to someone. organisation. Despite this, only 28 per monitor patterns and transactions Because it’s valuable to someone, it needs cent of respondents to the survey said across the organisation.” to be treated and cared for appropriately.” they were using big data to support “The ability to draw conclusions Done right, collecting data from your decision making. from data that organisations customers should be a win-win. “It’s There was a considerable variation collect and maintain is an important the people, the customers and other across organisation size, with 25 per strategic decision-making tool for stakeholders, who provide the data. cent of businesses with fewer than 100 directors. Predictive data analytics So you have to be really respectful of employees using big data, compared is increasingly contained within the fact that your engagement with them to 35 per cent of organisations with software, and being an analytics has resulted in you getting this data. more than 10,000 employees. driven organisation from the top The major beneficiary of any analysis “The value of big data turns on helps create long-term value, should be the customer. The data should an organisation’s capacity to analyse drive competitive advantage and help you work out how you can do things and utilise it,” the survey report says. manage risks.” smarter for them, getting them the right “Boards not already doing so should products, at the right time, in the right gain an understanding of how they can place, for the right price.” leverage big data and related analytics to create value.”

40 October/November 2018 BOARDROOM FEATURE

Opening up to big data

WHAT IS BIG DATA AND Rather than protecting data from others, OPEN DATA? he thinks businesses need to create a marketplace for it. He cites retail as Big data is a term that encompasses an example. “The retailer who protects extremely large volumes of data that their data is going to have an incomplete have the potential to be mined for picture of their customer. They need to information. It covers all kinds of data, think about how they are going to get from spreadsheets and databases to their customers’ permission, or not, as social media posts, audio, emails, PDFs, required, in order to swap that information digital images and videos, and GPS. with other likeminded organisations in It’s not just about what kind of data order to present a package of goods you have, or how much, but what you and services maybe. Power companies do with it. Analysing big data can lead cross-selling to telephone companies, to insights that bring cost and time who cross-sell to provide retailer reductions, optimised customer discounts, all of those sorts of things.” offerings and better decision-making. Open data is data that can be PRIVACY AND POWER accessed, used and shared by anyone. It is information collected by government, Stubbs admits that privacy is a major It’s impossible to view open data businesses and organisations, added concern when it comes to data sharing, and big data separately, says together to be anonymous so it can then but says consumers are becoming founder and managing director be redistributed and re-used. Data.govt. increasingly comfortable with sharing of KiwiSaver scheme Simplicity, nz defines it as “open licence, openly information about themselves if they Sam Stubbs. “You have to view accessible and both human-readable get something in return. “By and large, them together, because big data and machine-readable”. what we’ve learnt about this is that if the is only useful when people have consumer sees a benefit in providing access to it. The more people have PARADIGM SHIFT their information they will. This is about access to it, the more you’ll invest incentivising people to provide that in providing it. Those forces go Stubbs, who regularly visits the information. And there’s a whole lot of together and I think you’d be boardrooms of large New Zealand information that people don’t care about. naïve to assume you can have one companies in his role as an institutional They don’t care about anyone knowing without the other,” Stubbs says. shareholder, thinks that embracing open what power company they use, data and big data will require a mind-set for example.” change for businesses. Until recently, He says with open data consumers can he says, most businesses have operated effectively sell their information. “A classic as castles, building a moat around their example might be your spending patterns. operations and protecting their data. You might agree to make that available “They have spent a lot of time acquiring to a third-party research house in return proprietary data and protecting it. Now, for a payment, or you might agree to make they need to put as much, if not more, that available to a retailer in return for effort into opening up the data they have a discount so that they might be able available in exchange for more data, to target you more effectively.” consolidating it and getting better quality He says the thought of private data information.” being used for commercial purposes “That’s the challenge for businesses, is “both scary and exciting” but that to go through the mind-set change that he hasn’t seen many “nefarious all of this stuff they’ve been acquiring over consequences” of it. “The vast majority decades, which had tremendous value, of this information is actually beneficial might now actually be free.” to your life, not detrimental to it.”

41 October/November 2018 BOARDROOM FEATURE

Every now and again, we hear a scary to be that you could protect your story of Facebook or someone tracking distribution, and your product didn’t you and we all get spooked by it, but need to be that good, as long as it by and large it’s something we tolerate was sold well.” in our lives and in fact, welcome.” Now, Stubbs says big data means When data is misused or privacy consumers have massive transparency is breached, the public and consumer about products and can easily compare backlash is usually severe, incentivising them. “You can switch products very businesses to use data responsibility and easily, you can switch power companies to protect it. “As soon as someone takes about every week if you wanted to. advantage you just go and tell everybody, So now the product really is everything. and suddenly that information flow is cut What you are offering, the honest-to- off. If it gets cut off from the business goodness product is what really matters. that has taken advantage of it, they are I think the tectonic shift for most screwed. If that business is relying on it, industries is ‘is your product the best they are not going to do anything to risk it could possibly be?’” getting cut off from that data. I’ve seen relatively few abuses of the information  people provide. I’ve been underwhelmed, ... big data is only not overwhelmed,” Stubbs says. useful when people PRODUCT VS MARKETING have access to it. Stubbs says the phrase ‘product is The more people everything’ is big in fintech. In the past he says the focus used to be about the have access to it, quality of the sale and the commission the more you’ll invest rather than the product itself. “It used in providing it.

What advantage could successful franchising or licensing add to your company?

CELEBRATING Find out more. Call Dr Callum Floyd 09 523 3858 or email [email protected] Since 1989, leading local and international companies have relied upon Franchize Consultants’ specialist guidance to evaluate, establish and optimise franchising and licensing networks. 25YEARS 1989 – 2014 Six times winner – Service provider of the year – Westpac New Zealand Franchise Awards www.franchize.co.nz

42 October/November 2018 BOARDROOM OUT AND ABOUT

Otago/Southland Chief Executive of Real Journeys, Out & Richard Lauder, spoke at a Wanaka event about culture and reputation – keys to success in the tourism about industry.

04

01

Nelson Marlborough Air New Zealand Chief People Officer Jodie King gave an inspiring presentation to a sold-out 05 branch lunch in Nelson on 9 August on Why Culture Matters (above).

Kathryn Bell presented a Chartered Member certificate to Aaron Moody at this event (right). 03

06

01 Jodie King giving her presentation.

02 Olivia Hall, head of Te Toki Pakohe at the Nelson Marlborough Institute of Technology and IoD branch committee member, leads a very popular Intro to Te Reo Māori workshop as part of Māori Language Week in Nelson in September. 02 Chair of Sport and Recreation 03 Dingle Foundation regional manager New Zealand and High Kelvin Watt, IoD Nelson Marlborough Performance Sport New Zealand, branch committee chair Sarah-Jane Weir, Bill Moran, spoke at an Invercargill Sir Graeme Dingle and IoD GM Members Nikki Franklin at an August branch lunch event about Emerging networking lunch in Blenheim where practice – which stakeholder Sir Graeme shared some of the wisdom interests should directors take from his journeys. into account?

43 October/November 2018 BOARDROOM OUT AND ABOUT

Canterbury Next Generation Director Workshop (Top left) Sue Sheldon and Lloyd Mander facilitating discussion around effective compliance at Canterbury’s Next Generation Workshop.

(Top right) Deep in discussion with facilitator Vincent Pooch.

Governance and Failure Associate Professor Ekant Veer of University of Canterbury (right) 07 led a robust discussion on failure.

New members lunch In early August IoD Chartered member Kate Morrison shared her governance and Chartered Membership pathway experiences and IoD Chartered member Paul Bell from Intepeople gave insights into how to prepare for your next governance role.

08

04 Ian Farrant and Richard Lauder.

05 Carl Carrington receiving Chartered Member certificate from Alan Harper.

06 Dell Taylor and Sarah Ottrey.

07 Panellists Mads Moller, Richard Shepherd, Dr Rachel Wright, Associate Professor Ekant Veer.

08 Paul Bell speaking at Canterbury’s members lunch.

09 Assoc. Prof Ekant Veer explaining why we need to be prepared to fail smart and fail fast.

09

44 October/November 2018 BOARDROOM OUT AND ABOUT Out & about

Waikato Hon. Amy Adams, National Party Finance spokesperson talked about Government policy and its impact on New Zealand’s economic performance and resilience at a lunch event in Hamilton.

Executive chair of KPMG in New Zealand, Ross Buckley, presented Lessons for directors from recent failures at a breakfast function in Hamilton. 11

12

11 (from left) William Durning, Mark Morgan, Hon. Amy Adams and Hon. Tim MacIndoe.

12 Ross Buckley talking to the Waikato branch. 13

13 William Durning and Paul Street.

45 October/November 2018 BOARDROOM Entertainment delivered.

Let the sensory overload begin. With the launch of EntX, Christchurch now has a new home of entertainment right in the centre of the city, complete with seven HOYTS cinemas and over a dozen diverse eateries. Developed and built by Calder Stewart, EntX is the result of a vision to go beyond building a cinema complex, to create something special for the city and the community to enjoy. And it’s open now.

Get a behind the scenes look. Visit calderstewart.co.nz/entx EVENTS Eventsdiary

For more information visit iod.org.nz, contact the director development team or contact your local branch manager.

October November

23 Queenstown 1 Wellington 8 Dunedin 16 Auckland Lunch event with Breakfast: Governance Working with the Board Working with the Board Kathy Grant in Government with Tim Ng, Treasury 11 Waiheke Island 20 Auckland 24 Nelson Company Directors’ Audit and Risk Finance Essentials 1 Tauranga Course Committees Next Generation 25 Nelson Workshop 12 New Plymouth 20 Auckland Reporting to the Board After work with Welcome Cocktails – 1 Auckland Shaun Twaddle invitation to all branch 25 Auckland Strategy Essentials members Director Accelerator 12 Auckland Lunch 2 Auckland Early evening cocktails 21 Auckland Risk Essentials with blockchain expert Governance Essentials 26 Christchurch Mark Pascall Sponsor’s breakfast 2 Christchurch 22 Auckland with Duncan Cotterill Lunch with Peter Bailey, 13 Invercargill Finance Essentials A foray into the dark web Julia Jones speaks 28 Queenstown on Agribusiness 22 South Auckland Company Directors’ 4 Wellington Next Generation Director Course Company Directors’ 14 Dunedin evening workshop Course Laurie Sharp 29 Auckland 22 Tauranga Governance Essentials 5 Christchurch 14 Tauranga, Tax Christmas lunch with Next Generation and Governance Wayne Boyd, former 30 Auckland Director workshop Interactive workshop chair for Telecom Digital Essentials luncheon 6 Auckland 25 Queenstown 31 Auckland Ethical Dilemmas 14 South Auckland Company Directors’ Finance Essentials in the Boardroom (this event will also Course be available nationwide 31 Palmerston North 6 Hamilton via webcast) 26 Christchurch Lunch with New member A World of Data Evening function Graeme Milne welcome lunch with Steven Newman 14 Auckland 31 Wellington 6 Dunedin Special breakfast 30 Christchurch How to build your Board Dynamics with Murray Sherwin New members’ lunch board career 6 Wellington 14 Hamilton 31 Blenheim Breakfast with Not-for-profit summit IoD and Chamber Peter Bailey of Commerce panel 14 Wellington discussion 7 Wellington Annual dinner, guest New member welcome speaker Rob Everett event – invitation to all branch members

47 October/November 2018 BOARDROOM EVENTS

Now you’ve read me Branch manager contact details log me Auckland Otago Southland CPD points Shirley Hastings Vivienne Seaton P: 021 324 340 P: 021 152 2809 [email protected] [email protected]

Bay of Plenty Taranaki December Laura Gaveika Julie Langford P: 027 588 8118 P: 021 806 237 3 Auckland [email protected] [email protected] Company Directors’ Course, Non-residential Canterbury Waikato Sharynn Johnson Megan Beveridge 3 Christchurch P: 03 355 6650 P: 021 358 772 Christmas function [email protected] [email protected]

5 Tauranga Nelson Marlborough Wellington A World of Data panel Karen Goodger Colin Yonge P: 027 525 7400 P: 021 545 013 [email protected] [email protected] Online Learning Any time, anywhere. Offering BRANCH EVENTS convenience and flexibility, our self- For information on member events in your area, see iod.org.nz paced courses provide focused online learning. Progress through the course slides, interactive diagrams, videos and reflective exercises at your own pace.

Health and safety governance 3 CPD points A World of Data Ethics – how directors do business 3 CPD points Free live webcast – How companies are benefiting from the strategic use of data. Directors’ and Officers’ insurance 2 CPD points In an increasingly digital world how will the companies you govern continue to thrive? Not-for-profit fundamentals 3 CPD points How do you leverage the potential of big data and data analytics to innovate, to optimise operations and supply chains and improve Cybersecurity outcomes for customers? 3 CPD points Our panel brings together directors from a broad cross section of industries who can share first-hand how their organisations are Webinars benefitting from the strategic use of data. Panellists are Joanna Perry, Ben Kepes and Sam Knowles. IoD chief executive Kirsten Patterson Live webinars are facilitated by subject matter will facilitate the event. You can attend the event in person at AUT’s experts, and themes from your questions and South Campus, or via a live webcast. comments are addressed live during the sessions. November 14 5.30pm – 7.30pm, AUT South Campus, 22 November Data Privacy, webcast from 6.00pm – 7.00pm. 10.30am – 11.30am, 2 CPD points 14 December, Data Governance, Go to iod.org.nz/what-matters for more details and to register. 10.30am – 11.30am, 2 CPD points

48 October/November 2018 BOARDROOM Every organisation needs strong governance and leadership to progress. Find out how ASB can support your business through our partnership with IoD.

Get in touch with Melanie Beattie, Head of Strategic Partnerships [email protected]

asb.co.nz Search: ASB business partnerships

ASB Bank Limited 56180 19415 0918

56180 19415 0918 IoD Boardroom Magazine Ad 210X275.indd 1 3/10/18 8:46 AM