What is a CDR?

....continued from the previous blog – What is a CDR?

Functions of Corporate Digital Responsibility

SAVAS Function of CDR

The FunFunctions of CDRction of CDR is for corporations to hold themselves accountable for owning, securing and handling of Digital Data of all those associated with the corporation in a responsible and ethical fashion. They should also exhibit maturity and responsibility by contributing legit and logical data to the digital ecosystem in a way that demonstrates ethics as an uncompromised business element no matter what the odds.

The functions of the CDR can be generalized as mentioned below;

  • Data Owning
  • Data Security
  • Data Handling
  • Employee Ethics
  • Data Contribution

The functions of CDR as mentioned above will hold good for almost all types of corporations using Digital Media in their day to day functioning. The activities under each function to a major extent are again generic but some might vary depending on the nature of business and their Digital Media dependency. Let’s go through each of the functions one by one so that we understand them in greater detail.

CDR and Data Owning

It is generally understood that if you are a corporation, you will have multiple clients, dealers, vendors, suppliers and employees associated with it. An association comes with sharing data bilaterally, be it an individual or an enterprise. This means that a corporation owns a lot of data related to a lot of individuals and enterprises associated with it.

As a standard practice in business relations, it is mutually understood that neither of the two parties involved would misuse the other’s data wrongfully. There are bilateral agreements such as the NDAs and Confidentiality Clauses signed between the two but misses do happen. Misses though not intentional or wilful might happen due to lapses on either sides. The damages may be catastrophic or even none caused at-all for that moment. Let’s not forget that digital data always leaves a footprint, some traceable and some untraceable. The ground reality is that, once the digital data is lost, it cannot be retrieved completely (at-least in most instances). There might be many copies of the data that might have been made once it was in wrong hands and there is almost no chance of tracking all of it. It is therefore possible that damage due to the data loss might not necessarily happen immediately after losing data but can happen at any time in the future post the event.

This until now has been the corporation’s side of the story, let’s now understand from an individual’s point of view. I as an individual have associations with a lot of corporations with varied business interests and sizes in my daily life. There are a lot of companies who have my personal information such as my DOB, Contact details, Financial details, Aadhar and PAN Number which according to me are details that can be used to impersonate me at any point, but yet we reveal most of these information quite willingly. The reason being the element of trust or helplessness as we have no other go but to reveal the information if we need a product or service at that point in time, take for example opening a bank account or buying a Mobile connection . This has been more or less the practice so far and in all fairness to an individual’s privacy, has to change!

Corporations irrespective of their size and nature of business have to stand up to the ownership of the other parties data. Digital Media has outgrown its stature and therefore has to be given due recognition by drafting CDR policies separately and should not be made a part of the generic conditions mentioned. The message has to be loud and clear and not be a part of the ‘terms and conditions’ or ‘privacy policy’, which generally becomes a fine print in the footnote saying that they respect our privacy and will do everything to safe guard it. It is true that nobody would want to misuse the data of customers intentionally (until unless you are a data phishing company yourself) but making it a published statement is a must. Every corporation should publish their CDR Policies in an electronic format on all their digital assets that includes everything, right from their websites to their social media pages. They should even print it and attach it with printed application forms that gets signed by the customers, their own employees or any other party with access to data with their confidential information on it.

Recommended activities under ‘Data Owning’

  • Demonstrate the maturity and mindfulness on owning the responsibility to safeguard the identity of all the people who are associated with the corporation in the form of drafting a companywide policy under the ‘Corporate Digital Responsibility’ tag.
  • Be clear on what it means to own the other party’s data for you.
  • Exhibit the CDR policy adopted by the corporation on all the Digital assets owned by the corporation and also on places within the physical infrastructure so that all the employees are in sync with the organisation’s policies towards data owning.

Most of the expressions regarding standing up and owning the responsibility to safeguard the data might sound redundant and obvious to readers, but is important to mention. It is very critical to make every associate of the corporation to feel comfortable in most ways possible than to be legally right. This according to the customers is the exhibiting of being ethically conscious by the corporation and will take the relationship a long way ahead.

to be continued....

CDR and Data Security

Prrashanth SAVAS author

About the Author

Prrashanth H Nagaraj is the Founder and Managing Director of SAVASInc. He comes with around 16 years of professional experience across multiple industries such as Engineering, Banking, Insurance, IT, ITES and Digital Media. He is graduated in B. Eng. from University of Mysore and has a MBA degree, specialized in International Business from the University of the West of England, UK.