Blog Post
Q&A: Jon Asprey Discusses Data Privacy Challenges and Opportunities
Jon Asprey brings more than 20 years of experience in information governance, regulatory compliance, analytics and data science to his new role as a Managing Director at FTI Technology. As part of the EMEA Information Governance, Privacy & Security (IGP&S) practice, he advises clients in data strategy, privacy regulation, compliance and controls automation, regulatory reporting and submissions. In this Q&A, Jon offers a glance at what he sees as clients’ most significant challenges and regulatory considerations on the horizon.
Jon, let’s start with an overview of your background. What led you to a career in data privacy and information governance?
My career has really been a journey through many different aspects of the use and application of data. Early on, I worked in customer data analytics, predictive modelling and marketing automation. That became a great segue to data quality and governance to leverage data insights to gain a more complete (or 360-degree) view of an organisation’s customers. Eventually, my focus evolved to compliance linked to the capture, manipulation and reporting of data. I spent a lot of time working with financial services institutions in the wake of the 2008 financial crisis, mainly to establish more rigour around their data governance and data quality processes to enable more confident engagement with regulators. Over the last six years, I worked at IBM and Promontory Financial Group helping clients leverage AI, analytics and data to develop solutions across the domains of customer engagement, regulatory compliance and financial crime prevention. As GDPR was enacted, my client engagements extended to include data privacy advice, culminating in me leading the EMEA data privacy practice for Promontory.
What will be the focus of your new role at FTI Technology?
Data privacy obligations continue to present numerous challenges for corporations across EMEA and globally. Organisations need support in establishing robust governance programmes that enable operational, regulatory, financial and reputational resiliency, often involving cultural and organisational change. FTI Technology’s EMEA IGP&S practice is growing to meet these expanding needs. I’ll be helping to lead our team through this growth, working with clients to strengthen customer trust and implement good data management practices without slowing down the pace of innovation and digital transformation.
Why FTI Technology?
What attracted me to FTI is that we’re an advisory firm that isn’t afraid to get our hands dirty with technology and data. It’s the prime combination of expert consulting and practical, technical execution. I was also drawn to the fact that FTI Technology, as part of the broader FTI Consulting organisation, can work across segments to deliver highly complementary solutions to clients. For example, our team can work closely with FTI’s Cybersecurity and Strategic Communications segments to support clients with all aspects of responding to a data breach—from incident response to investigation, remediation, strategic communications and more.
In your view, what are some emerging issues clients should be aware of in the year ahead?
The pressure on organisations to innovate and transform digitally will not subside. It has only been accelerated by the increased demand for online services and the move to hybrid working, fueled by the pandemic. Organisations need to improve their ability to leverage their data and take advantage of the efficiencies AI and automation can offer. However, they must do this whilst maintaining trust in their data handling practices from customers, employees and business partners.
I think one of the rapidly emerging considerations for firms today is that of AI governance and data ethics. Privacy legislation is developing and maturing around the world, and there is an increased focus on the ethical use of data and the protection of individual rights when using AI systems. In other words, organisations are likely to be faced with obligations to ensure people are being treated fairly and provide increased transparency when automated decisioning is being used.
Another area that will bring both challenges and opportunities is emerging regulations relating to keeping people (particularly children) safe online, such as in the U.K. Online Harms Bill that has been introduced. These laws will extend beyond the scope of data privacy to include protections against fraud, misinformation, political manipulation, propaganda and child exploitation.
I think the key takeaway for organisations is that privacy and information governance programmes need to be strengthened, both to protect corporate reputations and enable “safe” innovation. To do this effectively, privacy, information security, legal, compliance and data innovation teams will all have to work in unison, supporting governance and compliance requirements.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.