shadow play on walls

Forget Shadow IT, Shadow Analytics Can Put You on the Wrong Side of Regulations

3 minute read
Pierre DeBois avatar
Knowing where and how data is being handled within an organization has become all the more critical in light of data privacy regulations.

Analytics practitioners today have a number of solutions to choose from when conducting analysis and visualization. The ease of signing up for many of these services has given rise to shadow analytics — an offshoot of shadow IT — which places organizations in jeopardy in our heightened compliance climate. 

The Low – and High – Cost of SaaS Software

Shadow IT, and by default, shadow analytics describes when individuals bring in and use tools which have not been approved by the business. The ease of use designed into many cloud solutions allows users to try software with little to no commitment up front. The problem with rogue solutions becomes clear when organizations try to coordinate their usage. Managers discover what a huge task it is to blend talent and strategies across an organization where professionals have relied on self-service solutions for niche tasks.

But knowing where and how data is being handled within an organization becomes all the more critical in light of the GDPR, the forthcoming CCPA and other data privacy regulations. While each regulation varies in requirements, they share a fundamental view that a given organization knows its controllers and processors of its data, along with the solutions being used.

These initiatives reflect a crucial evolution of data security measures. Security concerns have historically been focused on device access, and remains so in many instances and industries. But the rising usage of data alters the mechanism for breach prevention. Data is portable. The newest privacy compliance measures not only recognize this reality, but reinforce the rights of citizens to port their data as they wish. With shadow analytics, a central view on data compliance becomes obscured.

Related Article: Data-Privacy Regulations: Marketing Symptom, Setback and Solution

Learning Opportunities

A Game of Jeopardy You Will Not Win

Practitioners must ensure their usage of analytics software not only meets their measurement needs but also aligns with compliance needs. This means any time a solution is introduced, there should be a clear understanding of data lineage — where data originates and how it flows through the organization. Data consumers can create data for themselves. Teams must share their knowledge of data lineage beyond the measured results — who accesses the data, how they assess the data used, what tools were used, and what results were obtained.

Applying data lineage also minimizes false scope, in other words, the identification of a focus only on the conversion activity without a connection to a larger strategy. False scope happens when we lose why were monitoring metrics in the first place. False scope implies a lack of knowing when the importance of a metric has changed. KPIs are monitored proxies for important strategy, but some strategies evolve from marketplace influences.

Removing a shadow usage of tools can minimize ad-hoc projects that are too disconnected from the larger discussion topics such as KPIs and privacy management.  Using analytics in the shadows can lead analysts down a path where the results may be interesting, but they won't help the organization or inform other individuals what actions are best.

Mike Berry of Shutterfly made a great observation about software — if you continue throwing solutions at a problem “with no thought given to the big picture ... you are going to end up with a Frankenstack.” Explaining to your analytics team why introducing new tools without oversight fails to address current regulatory concerns can prevent that Frankenstack from happening. Otherwise managers will be haunted by compliance fines, poorly managed strategies, and even the most damning of all — a loss of consumer trust from their poor handling of data.

About the author

Pierre DeBois

Pierre DeBois is the founder of Zimana, a small business digital analytics consultancy. He reviews data from web analytics and social media dashboard solutions, then provides recommendations and web development action that improves marketing strategy and business profitability.

About CMSWire

For nearly two decades CMSWire, produced by Simpler Media Group, has been the world's leading community of customer experience professionals.


Today the CMSWire community consists of over 5 million influential customer experience, digital experience and customer service leaders, the majority of whom are based in North America and employed by medium to large organizations. Our sister community, Reworked gathers the world's leading employee experience and digital workplace professionals.

Join the Community

Get the CMSWire Mobile App

Download App Store
Download google play