By @. Great interview with Daragh O Brien Information Quality, Info Gov & Data Protection Consultant, managing director of Castlebridge. Recently named #24 on list of global Top Data Security people to follow on twitter.
What is your background briefly?
I’m the managing director of Castlebridge, a consulting and training company specialising in Information Governance, Data Privacy, and Information Quality. We work with organisations of all sizes across public and private sectors in Ireland and elsewhere to help change how people think about information and its value. In addition to my role in Castlebridge, I serve on the Board of Directors of DAMA International (dama.org), am a Fellow of the Irish Computer Society, and work closely with research groups in DCU and TCD , like the Insight Centre and the Adapt Centre, looking at privacy and data governance issues and applications in analytics, wearable technologies, and other “interesting” areas.
How did you end up doing what you do now?
Partly by accident, partly by design. I have an interfaculty degree in business and law from UCD and have always been a data and technology geek After I graduated, I spent a decade and a half in a leading telco leading Single View of Customer and Regulatory Operations functions, including information risk management functions. During that time, I developed a keen interest and expertise in Information Quality management and Information Governance, and was always a Data Protection obsessive from the perspective of it being another quality characteristic of how organisation manage information. In 2009, I decided to set up Castlebridge with the goal of being an effective and discrete consultancy helping organisations do good things with data– the quiet people in the background helping people in our client organisations to do things right. Since 2009 we’ve been involved in a number of high profile projects that have worked well (and been asked to help fix others that were not working as well), however we would rather let our clients take the credit for their success (we just chipped in).
Ultimately – how well organisations serve and meet the expectations of people in how they manage, govern, and protect information is a key determinant of quality and trust for brands. It’s important organisations get it right!
1 min pitch for what you do / what’s a typical day like?
There is no such thing as a typical day, because we work with a range of organisations. Our tag line is that we change how people in organisations think about information. That means we assist organisations develop compelling strategies for how to use data better, implement frameworks to govern and control information better, and help people to understand what “quality” is in the context of the information they have and how their customers and stakeholders experience that. So, on a given day I might be telling a large company that they have no coherent data strategy and have significant data protection compliance risks and then jumping on a call with a small charity to help them develop smarter ways to manage their donor data in a way that builds trust with their supporters, and then working on research projects either internally or with our university colleagues, and then working on initiatives with DAMA, or the Law Society or other partners.
Congrats on being ranked on the Onalytica list as a Top Data Security thought leader – where did it all go right?
Yeah. That came as a pleasant surprise. A few factors combined to make “it all go right”. It helps that my niche interest areas have become “mainstream”. I’m an overnight success after nearly 20 years talking about and working on these things. Secondly, Twitter is a brilliant platform for connecting with and linking with “geeks of a similar mindset”. That helps me test ideas, debate issues, and learn new things. It’s like having a cool corner in the pub where all my data friends hangout. What is great is when I get to meet with or work with some of my twitter connections – really smart people that I’m honoured to ”hang out with”
What trends are you excited / concerned about in relation to data and the work you do at the moment?
We are at a real tipping point in the data world at the moment as organisations are starting to mature in their information management practices. For example, Proctor and Gamble recently announced they were abandoning targeted marketing (e.g. facebook targeted ads) because their data showed that they weren’t getting the return on investment they were expecting – they are moving back to a more “broadcast” approach. Also, we’re beginning to see a more considered approach being taken to the ethical issues in information management. To put it in terms of Charlie and the Chocolate Factory: we’re moving away from an “Augustus Gloop” and “Mike TV” approach (guzzling data and lusting after the tech) towards a “Charlie” way of thinking. And it’s important to remember – Charlie gets EVERYTHING from Wonka in the end.
What worries me is that while we’re seeing some maturing in thinking, we’re not seeing that hit mainstream yet, and there is still a mind set of “we’ve paid for the battlefield, so we’re going to use it” in many organisations where they resist or ignore criticism about their approaches to processing information. Also, we’re seeing some of the “born on the internet” businesses struggling to solve their monetisation problems using increasingly ethically questionable and potentially illegal approaches. For example – facebook bypassing ad blockers by inserting ads into content in a manner that is indistinguishable from content is probably in breach of long standing advertising standards laws.
— Castlebridge (@cbridgeinfo) June 30, 2016
What advice would you give to companies and individuals in terms of managing their data securely?
Stop, Look, Listen. While I don’t describe what I or Castlebridge does as InfoSec (I doff my had to @brianhonan and other more knowledgeable souls on that front), these three behaviours (stopping, looking, and listening) are really important to making sure data is managed securely, or in line with privacy laws or expectations, or ethically, or to the right level of quality, or with the appropriate governance. “Stop” means that you take a pause and assess if the processing you are doing is the right thing, not just the hype thing. For example, if an organisation is pushing to implement granular CRM capabilities but doesn’t have methods for basic core metrics or is spending upwards of 25% of its time fixing problems with internal or external data, perhaps the real priority should be sorting that out. “Look” means you need to look long and hard at what you are doing with data, identify issues and risks objectively, and look at whether you are actually improving your operations or just adding more crud and more potential vulnerabilities. Also it means that you need to LOOK regularly at how well controls etc. are operating. “Listen” means you need to listen to what your customers, staff, or wider stakeholders are saying about the quality of the process and information outcomes they are experiencing. For example, I’ve recently had an issue with a large tech vendor who advised me to get software to fix an issue from their site. But the software isn’t available for the model of laptop we had the problem with (even though it should be). That’s purely a data issue linking elements of the information value chain together, but it resulted in a crap experience and wasted time. And if the dots aren’t connected in something as simple as that kind of customer service process, it is often indicative of other assumptions or disconnected processes behind the scenes that can affect other areas of quality, governance, or security.
So, I’d add “walk in the shoes of the people whose data you are processing” to that as well. Whether it’s security, privacy, or information quality, all too often organisations forget about the individual and how they experience things or perceive issues.
— Daragh O Brien (@daraghobrien) August 2, 2016
Who do you follow for your inspiration and insights?
There are people I follow and then there are people I know and talk to regularly who are friends and mentors. I’m pretty selective with follows on Twitter, so most of my inspirations and insights are from people or organisations on twitter who I actually know: @tupp_ed , @dermotcasey @brianhonan, @paulbernaluk, @timturner2040, @brianhonan, @lmbrownlee1, @elaineedwardsIT, @privacymatters and @klillington would be among my “Top 10”, and pretty much all of them I’ve at least had a coffee with over the years. I follow a few organisations as well: DAMA International (@dama_I and @damaIreland), @drialerts, @iconews (the Irish DPC should look at that outreach model), @edps_eu, and @adaptcentre
In terms of “meat space” people, John Ladley (@jladley) is a good friend, as well as being one of the pioneers of Enterprise Information Management and Data Governance, Tom Redman (@thedatadoc1) has been making me think hard about things for almost 20 years, @alecsharp is always a hoot to meet up with and talk data and process stuff with (and guitars), @alan_d_duncan in Gartner is also an old friend and is doing some very interesting research with @mariofaria and @FrankBuytendijk
Finally, my second in command in Castlebridge @okeefekat is doing some great stuff on information ethics and tweets occasionally about it.
We can be online 24/7, how do you manage your work life balance?
Honest answer: not as well as I should, and it’s harder as I tend to work out of a home office when not on the road. But I’m getting better. Simple things: When flying I eschew onboard wifi and read a book or watch a movie. I try to have “detox” days when there is no tech. I block out time to read things on dead tree media. The plus side of working out my office at home when I’m not on the road is that my family can (and do) pull the plug on things when I’ve spent too long at the desk. But working for yourself, with the 24/7 hosepipe of updates, it can be a struggle to step away from the tech. But it’s something we all have to do. After all, when you’ve seen 300 cat pictures you’ve basically seen them all.
Anything else we should have asked you / you’d like to add?
We’re busy at the moment with a few things in Castlebridge, including finalising our training schedule for Q4. If people want to learn about data privacy, the GDPR, privacy impact assessments, Information Quality Management basics, or Data Governance basics, they should follow @cbridgeInfo or visit Castlebridge.ie (site is due to have a facelift shortly…) and get in touch for updates on that training.
— Castlebridge (@cbridgeinfo) July 7, 2016