UNICEF Australia boosts data governance to maintain supporter trust

UNICEF is a children’s organisation with the determination and care to deliver long-lasting impact for every child, no matter what. UNICEF operates in more than 190 countries in some of the world’s toughest places to reach the most disadvantaged children.

UNICEF Australia identified the growing risks associated with a cyber breach, especially after one such incident impacted many in the not-for-profit space. Although UNICEF Australia was not part of these breaches, with its supporters’ interest at heart, the organisation wanted to ensure that any risk was minimised.

The challenge

UNICEF Australia, like many in the sector, uses third parties for telephone services — and one such third party had recently suffered a significant data breach.

“While UNICEF Australia’s data was not affected, the organisation wanted to conduct a review to ensure our processes were best practice,” said Lou Runyard, UNICEF Australia’s CIO. The organisation began speaking to Decision Inc. Australia, an independent AI, data and analytics consultancy that has experience in improving data governance practices and streamlining data strategies.

“They wanted to first understand whether their data strategy and governance policies were up to the task and, from there, what needed improvement.” said Tony Butler, Managing Director, Decision Inc. Australia.

The solution

Decision Inc. took a diagnostic approach to UNICEF Australia’s data environment and processes, determining quickly that data governance would be an area of focus.

“As this was a strategy and governance engagement, we had to create the right data for analysis and we did so by having UNICEF Australia complete our Analytics Maturity Assessment,” Butler said. “Once that was completed, we understood the baseline we were working with.”

Decision Inc. recommended the implementation of a Data Governance Program which addressed everything from the initiation of data-centric policy documents through to the establishment of a Data Governance Working Group with nominated champions from across the organisation. The program also included the training of key individuals to empower them in the day-to-day management of the program and implementation of the data governance strategy.

“We also completed a detailed review of their core CRM, Salesforce, to ensure best-practice data governance controls were in place,” Butler said. “For example, we ensured that personally identifiable information (PII) data was tagged appropriately, adjusted the data retention periods in production, and backups.”

“Everyone at UNICEF Australia is understandably focused on the vision of the organisation, but didn’t have the expertise to consider the breadth of controls needed to best protect their data,” Butler said. “Now that we’ve helped establish a strong data governance framework and upskilled key stakeholders, the organisation is better enabled to protect and manage their data.”

Runyard said UNICEF Australia is now better positioned if they need to respond to an incident — including that of a breach by third party suppliers, should one occur. Data provided to third parties is chronicled and turned into a visual organisational data map, which can expose vulnerabilities and fuel a discussion at the executive level about mitigating any risk.

“The organisation now has a strong data governance program in place that not only mitigates risk but also enhances its ability to build and maintain trust with supporters nationwide,” Butler said.

“In today’s workplace, a solid data governance framework is essential,” Runyard said. “Our commitment to this data governance program underscores our dedication to protecting our supporters’ data and privacy as an utmost priority.”

Image credit: iStock.com/hapabapa