Q&A: Scott Margolis Advocates for Value-Driven Information Governance and Privacy Programs

Scott, you’ve had a storied career in the field of information governance and data privacy. Will you discuss the highlights of your background?

I’ve spent many years working with executives and the C-suite to build scalable, global governance programs that address compliance, digital risk, data stewardship and valuation of data. Before I arrived at FTI Technology, I spent more than five years at a Big Four firm as a managing director in data governance, privacy compliance and technology enablement. Prior to that, I oversaw financial services security and data compliance at another Big Four consultancy. I’ve also led data governance and compliance in-house, including as SVP and compliance executive at a large financial institution. My work has included the development of processes and technologies supporting cross-border data transfers, for which I have two U.S. patents, as well software development for which I hold numerous copyrights.

In joining FTI Technology’s team of Digital Insights and Risk Management experts, I’ll be working closely with clients to develop programs that enhance data operations and derive value, reduce risk and support compliance activities.

To that end, what do you think clients need to be most aware of and most proactive about regarding IG issues in 2024?

Executives and leaders at many firms are still struggling to fully understand and catch up to the sprawl and proliferation of data that continues unabated. While some of that data has value beyond a short period of time, much of it represents added risk, with marginal value. In many situations, data owners and the responsibility or stewardship rules for data have not been established. In others, there is not a collective concept of governance across the business.

Especially at a time when artificial intelligence is front of mind from the boardroom to the mailroom, establishing those processes and implementing the enabling data technologies needs to be prioritized.

So, what is the toughest challenge you see clients struggling with in strengthening their governance practices?

Acknowledging that the governance process doesn’t yet exist is an important first step. Is there an IG committee with a charter or mandate? Do the words “stewardship” or “ownership” appear in the oversight obligations with clear definitions as to what those words mean and the expectations for data stewards and owners are? Does the client have a data inventory?

Importantly, when we say data inventory, we don’t mean a configuration management database that knows where the databases are, but rather, table-by-table, element-by-element characterizations of what data the organization owns. That catalog must be classified, categorized, contextualized and where possible, correlated (i.e., addressing the “Five C’s” of data) so the governance committee knows what it is working on.

You’ve mentioned data stewardship is a critical blind spot for many organizations. Can you elaborate? What are the fundamentals they need to get started on establishing stewardship?

For simplicity, let’s use data owners and stewards as interchangeable notions for the moment. At most clients, various business functions own their respective data, however when asked, the business teams will say IT owns the data. There is a critical distinction that needs to be made. The data owners (again, usually the business) need support from IT without a doubt. The stewards need to know and have a clear understanding of what data they have. Owners may have an idea, but IT needs to help by providing the catalog.

The commitment from the data stewards is needed to review the catalog provided by IT. They should be answering questions such as: Do we need that data? Why are we collecting it? Does it have any value beyond some period of time?  When does the data become “ROT” (redundant, obsolete or trivial)?

Input from the compliance organization is also required to help establish retention periods.  Getting that engagement from the business is the first, best step to starting effective data stewardship.

What are your thoughts about how advances in AI will impact data privacy?

AI is a double-edged sword. Cut one way and it has the power to reduce effort and quickly increase the value of the data clients already own, or to reduce workload for many activities that can be routinized. Cut the other way, AI can generate inferences about persons by associating data in ways that may produce portrayals of an individual’s activity patterns that could be overly accurate (thus undermining privacy) or blatantly inaccurate. These may include patterns and behaviors that even the individual may not be aware of. If used in unexpected ways by an organization, and natural persons are made aware intentionally or by accident of some accurate, AI generated inference, we know that will affect privacy and other risk areas.  

Anything else you’d like to share about your new role and the practice you’re building?

I am grateful to be able to serve as a leader for a talented team that is focused on all things that fall under the IG umbrella (data, information security, compliance, stewardship, AI governance, valuation, monetization, quality).

Michael Jordan, Diana Nyad, Mia Hamm, and Wayne Gretzky weren’t overnight successes in their sports. They had to put in the work along the way to bring out the best they could be and keep practicing staying the best. They all had process, and they used different technologies to support their pursuits. The same is true for our clients and how we support them: process and commitment to excellence drives technology use and drives success.

Is there something you’d like to share about your life outside of work?

As a diver, I’ll simply say, nothing is as peaceful to me, as neutral buoyancy under the sea.  

Related topics:

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.