Data risk & privacy

Unlock the value of data in a secure and ethical way

Companies are transforming how they navigate everything from customer experience to third-party relationships, to regulations, to an expanding threat landscape borne of the sheer volume of data. And they must do it all while being innovative, finding new opportunities, delivering value and remaining competitive. Converting data into value, securely and ethically, is the business imperative for the next decade.

The companies that most effectively take charge of their data — generating, protecting, governing and disposing of it in a data “lifecycle” — will have the greatest opportunities for success. PwC’s data lifecycle approach ensures data is handled securely while mining it for insights. We help our clients set up a formal data governance program: leveraging digital platforms and analytics to discover the most valuable data, protecting it from cyber threats and other risks, and optimizing unsecured or unreliable data. 

With a secure process in place, companies can gain the confidence to embark on first-party data collection and responsible data use — all of which can help you extract value from data while avoiding security breaches that could trigger fines and brand damage.

information governance and privacy image

How we can help

Our team of experienced data engineers and cybersecurity/privacy strategists brings decades of experience to help clients responsibly manage their data lifecycle and tackle privacy compliance. We use leading data protection capabilities such as encryption and data loss prevention, as well as technology-enabled privacy capabilities.

Data governance

Set up a governance program to meet compliance requirements, address business risks and help the business better monetize more trusted data. Accelerating privacy regulation is the top emerging risk for organizations globally, cited by 64% of respondents in an April 2019 Gartner survey. With suitable, supple governance, you can meet regulations, please consumers and turbocharge the business.

Many companies are still trying to govern data function by function, business line by business line. But data’s monetization potential — and possible related risks — don’t stop at the boundaries of an organization’s flow chart. Centralized data governance can help reduce the risk of wrongful access, compliance errors and missed opportunities.

Data discovery

Many companies have a glaring weakness: they do not know what data they have, how it should be used or how well decision-makers can trust it. Sixty percent are not even sure that they have identified their most valuable and sensitive digital assets.

Discovering all your data will take time -- and requires a suite of tools and skills: consistent taxonomies, standards and controls, supported by experts in risk, privacy and compliance. With the help of digital command and control centers, over time you can develop a single source of truth for your data inventory. You will be able to separate the high-value data you need from the low-value data that clutters up your systems. You will be able to map data flow and lineage, and classify and tag data for easier, more trusted use with artificial intelligence and other emerging technologies.

Data protection

How do you protect data while simultaneously enhancing its value? Put business experts together with risk, security, privacy and compliance experts. Then let them look at the same data, with the same standards and taxonomies.

As cyberthreats accelerate, companies will need to continually assess gaps, train employees (especially those working remotely) on cybersafety, monitor third parties and implement security and privacy by design in new products and services. That requires data-driven cyber risk management: key performance indicators and key risk indicators for technology solutions. Both the business and top leadership can then quickly assess their security capabilities and proceed with trust in their data and technology.

Data minimization

If your company has any unsecured or unreliable data — and unless it’s brand-new, it almost certainly does — that data is a source of risk: both the risk of bad decisions and the risk of malicious actors accessing sensitive information.

Companies must minimize that risk by minimizing the target. They must govern, discover and protect the data they need, and only the data they need — and eliminate the rest. Drafts, duplicates, superseded data, legacy data and employee personal data are common candidates for elimination. Low-value data not only creates unnecessary risk — its presence makes it harder to locate and use the high-value data that you need.


Privacy has evolved into a front-page consideration for organizations, as companies grapple with questions ranging from individual employee health status to consumers’ perception of customer data and how it is used. And as privacy regulations like the California Privacy Rights Act and the General Data Protection Regulation expand in scope and number, privacy compliance is only becoming a bigger concern and potential risk. 

Your privacy team should work hand in hand with your information governance team to ensure that both employee and customer data is handled ethically and in accord with regulations. Strategically, your privacy program can be folded into your overall Information Governance program to enhance customer and stakeholder trust.

Contact us

Mir Kashifuddin

Data Risk & Privacy Leader, PwC US

Brian Fox

Principal, PwC US

Jay Cline

US Privacy Leader, Principal, PwC US

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.