In our last post, we mentioned that we’d be giving a few examples for data valuation. This is the part of the post where I try and say something pithy, but I’m totally distracted by the White House press briefing on MSNBC, so I’ll cut to the chase:
As a basic exercise, let”s take a look at several common data types, discuss how they are used, and qualify their value to the organization. Several of these clearly have a high value to the organization, but others vary. Frequency of use and audience are different for every company. Before you start deriving values, you need to sit down with executives and business unit managers to find out what information you rely on in the first place, then use these valuation scenarios to help rank the information, and then feed the rest of the justification model.
Credit card numbers
Holding credit card data is essential for many organizations – a common requirement for dispute resolution; because most merchants sell products on the Internet, card data is subject to PCI DSS requirements. In addition to serving this primary function, customer support and marketing metrics derive value from the data. This information is used by employees and customers, but not shared with partners.
<
p style=”font: 12.0px Helvetica; min-height: 14.0px”>
Data | Value | Frequency | Audience |
Credit Card Number | 4 | 2 | 3 |
Healthcare information (financial)
Personally Identifiable Information is a common target for attackers, and a key element for fraud since it often contains financial or identifying information. For organizations such as hospitals, this information is necessary and used widely for treatment. While the access frequency may be moderate (or low, when a patient isn”t under active treatment), it is used by patients, hospital staff, and third parties such as clinicians and insurance personnel.
<
p style=”font: 12.0px Helvetica; min-height: 14.0px”>
Data | Value | Frequency | Audience |
Healthcare PII | 5 | 3 | 4 |
Intellectual property Intellectual Property can take many forms, from patents to source code, so the values associated with this type of data vary from company to company. In the case of a publicly traded company, this may be project-related or investment information that could be used for insider trading. The value would be moderate for the employees that use this information, but high near the end of the quarter and other disclosure periods, when it’s also exposed to a wider audience.
<
p style=”font: 12.0px Helvetica; min-height: 14.0px”>
Data | Value | Frequency | Audience |
Financial IP (normal) | 3 | 2 | 1 |
Financial IP (disclosure period) | 5 | 2 | 2 |
Trade secrets Trade secrets are another data type to consider. While the audience may be limited to a select few individuals within the company, with low frequency of use, the business value may be extraordinarily high
<
p style=”font: 12.0px Helvetica; min-height: 14.0px”>
Data | Value | Frequency | Audience |
Trade Secrets | 5 | 1 | 1 |
<
p>
Sales data
The value of sales data for completed transactions varies widely by company. Pricing, customer lists, and contact information, are used widely throughout and between companies. In the hands of a competitor, this information could pose a serious threat to sales and revenue.
<
p style=”font: 12.0px Helvetica; min-height: 14.0px”>
Data | Value | Frequency | Audience |
Sales Data | 2 | 5 | 4 |
<
p>
Customer Metrics
The value of customer metrics varies radically from company to company. Credit card issuers, for example, may rate this data as having moderate value as it is used for fraud detection as well as sold to merchants and marketers. The information is used by employees and third party purchasers, and provided to customers to review spending.
<
p style=”font: 12.0px Helvetica; min-height: 14.0px”>
Data | Value | Frequency | Audience |
Customer Metrics | 4 | 2 | 3 |
You can create more more categories, and even bracket dollar value ranges if you find them helpful in assigning relative value to each data type in your organization. But we want to emphasize that these are qualitative and not quantitative assessments, and they are relative within your organization rather than absolute. The point is to show that your business uses many forms of information. Each type is used for different business functions and has its own value to the organization, even if it is not in dollars.
Comments