Let’s start the conversation on Corporate Digital Responsibility

It was fantastic to be part of the CIPR – Chartered Institute of Public Relations national conference today where we hosted a session on ‘Corporate Digital Responsibility (CDR) – What You Need To Know Right Now’. Chaired by Allegory’s Associate Director Iain Aitch, our panel included: Allegory CEO Charlotte McLeod; Anne Gregory, Professor Emeritus in Corporate Communication at The University of Huddersfield; and Rob Price, Director at Alchemmy and founder of corporatedigitalresponsibility.co.uk

Allegory is a strategic communication agency that helps organisations lead the conversation on technology. That includes us, too. For the past ten years, we’ve been working with one of our clients, the Open Data Institute (ODI) co-founded by Sir Tim Berners-Lee, inventor of the World Wide Web. Just last week, Tim and I were chatting about how much the world has changed in the last decade, and now Allegory wants to help fellow communicators be a driving force for good in the emerging CDR field. 

Communicators should be proactively helping organisations to identify, address and prepare for the challenges, risks and opportunities – both existing and emerging – in the digital world. We know that when a data-related crisis reaches the public’s awareness, or that of any external stakeholder, it will fall to us to deal with. This means that communicators being ‘front-footed’ on CDR is in everyone’s best interests.

The panel first worked together on the subject of CDR back in April, when Allegory convened a roundtable discussion that led to the publication of our report on the subject – available to download here

Allegory saw a gap in available resources for communications professionals, which is why we created a six-stage practical framework (below) that helps communicators get CEOs and boards talking about CDR, and taking steps to address both the opportunities and risks inherent in CDR.

It is quite likely that your CEO or board may never have heard of the term Corporate Digital Responsibility, though once put to them, it has a ‘Ronseal’ appeal. We’ve reached a tipping point in history, where every business – regardless of size, service, or sector – is a data organisation, so they simply can’t ignore it. CEOs may naturally want to confine CDR to being an issue for the IT department to manage (perhaps because of their own low level of interest in data and digital), but data is always about people, and the CEO is ultimately accountable for responsible business practice.

If your organisation gets CDR right, it can help you to generate funding and retain investment. It can help attract and retain the best people, as well as maintaining and building your own reputation. That’s money, people, and reputation all at stake. 

One of the best ways to start a conversation with your CEO is to use the existing language that boards know. The CEO might say to you: “Where does CDR fit in, it feels like it is the G bit of ESG*?”. Actually, CDR sits across all three areas of ESG. It is like the nervous system of the body of an organisation and affects every person and team within it. In that way, it is a bit like the EDI** agenda. If you can get the CEO’s buy-in, it will trickle down and permeate the organisation. If it’s just stuck within the IT department, then it won’t get the level of board understanding needed. When things go wrong, it will ultimately land back on the communicators’ laps to sort out the mess.

* ESG (Environmental, Social and Governance) represents a more stakeholder-centric approach to doing business. ** EDI (Equality, Diversity and Inclusion) ensures fair treatment and opportunity for all, by eradicating prejudice and discrimination on the basis of an individual or group of individual’s protected characteristics.

The good news is that the only way to get CDR wrong, is to do nothing. It’s an emerging issue and everyone is in the ‘Discovery phase’ for now. The next bit of good news for boards is that they shouldn’t be expected to have all the skills needed to address this, quite the opposite. Successful CDR requires a multi-stakeholder approach, a strong CDR culture and community of practice – all of which communicators can help convene and create.

Six steps to protect your business from digital risks

Practical steps you can take right now to identify challenges, mitigate risk, build a CDR culture and prepare an effective communications function to deal with challenges in advance.

1. Conduct a landscape analysis audit

By the time a problem gains the attention of the public, it’s too late to stop the media fallout. A full landscape analysis will help you identify the potential threats to your business in advance and prepare you to fix them quickly.

Key activities:

  • Identify and interview key stakeholders (CEO, CTO, Head of Marketing etc.)
  • Run a workshop to map risk factors, opportunities and audiences (SWOT/PESTLE analysis)
  • Write up workshop results and publish them internally

2. Plan communications strategies

With your key threats identified, it’s prudent to have communications plans in place to deal with them if and when they arise. Make sure you plan carefully for every foreseeable eventuality and include a listening strategy, as well as an outbound comms strategy, to ensure you’re one step ahead of the conversation.

Key activities:

  • Analyse existing policies and practices, channels and stakeholders
  • Hold a workshop to map strategies to threats and opportunities, noting any gaps
  • Develop CDR-specific reactive ‘Lines to Take’ and brief relevant stakeholders

3. Build a strong community of practice

No single team member has all the skills to address Corporate Digital Responsibility. You’ll need a multi-functional approach that engages with all key stakeholders if you want to succeed. Start by identifying essential personnel to form your CDR team. C-level executives will be the foundation – they’re ultimately responsible for digital security – but technology and communications experts are an essential piece of the puzzle, too. You might also consider including those most at risk from data breaches to ensure a participatory approach to CDR. Remember, diverse voices give you a better chance to identify threats and opportunities.

Key activities:

  • Hold a workshop to identify and prioritise stakeholders
  • Convene a working group of stakeholders and agree on an operational memorandum
  • Launch the working group publicly to key audiences

4. Ensure effective horizon scanning

The playing field of digital technology is constantly changing, so you’ll need to create a function dedicated to monitoring your organisation’s environment. This is key to understanding challenges at the earliest point in their lifecycle. With a close eye on the changing landscape, your team can ensure you have the correct procedures in place to combat emerging threats. 

Key activities:

  • Review identified stakeholders, policies and procedures
  • Hold a workshop to map key stakeholders’ sensitivities and identify potential critics
  • Map prominent individuals and groups, identify their position in advance and develop engagement strategies

5. Plan your internal communications architecture

CDR may be a leadership-level responsibility but it’s a team effort. Employees are a critical audience you’ll need to engage with to ensure compliance across your organisation. To mobilise their resources, you’ll need to communicate effectively with them. 

Key activities:

  • Review existing communications processes and procedures, as well as past successes and failures
  • Conduct a deep dive into engagement channels and map the most effective strategies
  • Plan communications monitoring and analysis across a set timeframe (6 to 12 months)

6. Plan to manage stakeholder engagement

Customers, partners and other external stakeholders have their own parts to play in managing data security. You’ll need to make sure they’re aware of their responsibilities, as well as the consequences of their actions. Governance is most effective when it’s run on a participatory model, so include stakeholders from the ground up. Remember, open and transparent communication is the foundation of trust. Never hesitate to bring your audience into the conversation.

Key activities:

  • Create a deep-dive stakeholder engagement report as a framework for your messaging strategy
  • Develop messaging and materials
  • Build reactive ‘Lines to Take’ and brief key stakeholders

Of course, each of these key activities represents a great deal of work on behalf of your team. However, these six steps offer a framework for organising your CDR activities to ensure great outcomes. To learn more about the process in action, reach out to us by emailing rachel@allegoryagency.co.uk. We’re experts in delivering quality Corporate Digital Responsibility strategies for leaders in the technology space. You can also download our latest report on CDR here.

Communications directors need to act on Corporate Digital Responsibility (CDR)

Corporate Digital Responsibility (CDR) is an emerging area of interest for organisations. It blends ethics and governance issues with consideration for how they apply within the digital domain. CDR has moved up the corporate agenda in the past two years because of the growth of digital technology. High-profile security and technology failures by organisations have put CDR in the spotlight.

In the past, marketing departments were the sole operators of data and digital technologies. Today, whole businesses are built on data and digital content.  It’s used for hyper-targeting, behaviour change and many more business-critical functions. This action creates a fundamental tension between organisations and society. Customers feel overwhelmed by terms and conditions and manipulated by companies that use their data. Meanwhile, social responsibility is a growing concern for customers.

Risk Issues in Corporate Digital Responsibility

High-profile CDR failures have put digital ethics on the corporate agenda. A 2016 cyber attack at the UK Post Office left personal data vulnerable to exploitation. In 2019, managers removed facial recognition systems from King’s Cross Station after protests. In 2021, the Organisation for the Review of Care and Health Apps (Orcha) found that only one in five apps meets clinical standards of data integrity. Innovation in data and digital technologies often leads to conflict with regulation.

When individuals share their personal data with an organisation, they expect it to be handled securely. However, data breaches or leaks have become commonplace. Facebook is under investigation for a possible breach of EU privacy laws after the sharing of 533 million users’ data.

Defining Corporate Digital Responsibility

The rapid digital transformation of modern organisations requires responsible action on technology. That means upgrades to corporate governance and organisational practices. CDR describes the duties businesses need to embrace to manage data and digital technologies ethically. It’s corporate social responsibility for the digital world.

Data and digital can address the world’s most pressing issues like climate change, diversity, and sustainability. But misuse of data can cause serious harm, from financial damage to breaches of personal privacy. These effects have consequences for organisations’ reputations as well as their bottom-lines. The responsible use of technology is today a strategic issue.

Responsibility for CDR within an organisation

In most organisations, CDR falls into gaps between the responsibilities of the executive team. Whilst this is the case, the risks and opportunities presented by digital will remain misunderstood. Much like financial forecasting and organisational design, CDR is a strategic rather than a tactical matter.

Ultimate responsibility for CDR must lie with the CEO or managing director. But they also need the backing of the board and support from experts both within and outside their organisations. From the CTO to the CDO, CFO and HR Director, data and digital is everyone’s responsibility. Everyone within an organisation should consider it to be part of their role and work to build a culture of CDR.

Developing a CDR governance framework

The relationship between data, digital and trust is explicit. For example, there is a growing understanding of the value of data and its application. The public understands the need to share data so that organisations can understand their needs. It’s part of the process of accessing goods and services that are relevant to them. In return, they expect that data will be managed carefully and used honourably. It’s a value exchange underpinned by trust.

Prudent data management is critical to maintaining trust between organisations and stakeholders. Yet the appreciation of this area as an emerging area of corporate governance is latent. Organisations need a framework underpinned by ethics to describe the impact of their technology.

Governance frameworks must take a comprehensive approach to manage their impact on society. From search data to cookies, privacy policy and access to personal data, businesses have a range of vulnerabilities. Businesses need a broad range of ethical and technological solutions.

The role of the communication function

Communications professionals are often left to clean up the mess when an organisation faces a data breach. Most often, they’re also left out of the loop when key decisions are made around data management and processing. Comms experts have a responsibility to develop an understanding of ethical digital issues. Moreover, they must be considered key stakeholders in the decision-making process. Otherwise, they won’t be able to offer the best possible support.

Further information: CDR briefing paper and webinar

For those struggling to navigate this new area of professional practice, Allegory has published a briefing paper on CDR. You can download it via this link. And don’t forget, you can always contact us if you have questions about the responsible use of technology.

Contact: Iain Aitch, Associate Director

iain@allegoryagency.co.uk