• menu

Defending to Pioneer Vol. 4, Data Governance

Keiko

03/07/2022

About the Defending to Pioneer Series

The Legal & Risk Management Division protects PayPay not only from cyberattacks and fraud, but also from various risks in internal processes or ones that arise from changes in the business environment.

Although it is true that the division shields PayPay from the threats directed at it, this protective unit is also a group of specialists who work together to enable the company and employees to assertively move forward into uncharted territory. In this series, we will ask the heads of respective departments to explain their thoughts on the all-encompassing protection against risks, to keep PayPay the undisputed no. 1 in the industry. This fourth installment features data governance. Find out what the team newly created as of April 2021 is currently focusing on.

Yosuke Tsunoda

Senior Manager of the CDO Office, Legal & Risk Management Division. Also Manager of the System Risk Management Team, Risk Management Department.
Originally from Yahoo Japan, he joined PayPay in January 2019 as an engineer.
Assuming his current role as of April 2021, he is currently working on upgrading PayPay’s data governance and system risk management. His hobby is to go out on walks with his two dogs.

Protective Measures to Run an Assertive Business

Please tell us about the overall protection framework you handle.
What are your “offense” tactics despite you being a defensive division?

The CDO office(CDO:Chief Data Officer) is somewhat unique compared to the other teams in the Division serving as the second-line of defense. That is, it serves as a team on the “offense” side of things in terms of utilizing data.
Being on the second-line, it goes without saying that the team’s highest priority is “defense” – more specifically, to design structures to protect data and personal information. But that’s not our ultimate goal. Through establishing such structures, we need to create an environment where customers can entrust us with their data safely & securely, and we also need to think about how we can facilitate solutions to customers’ problems through a data-driven approach.
That’s why it’s part of our day-to-day duties to come up with systems to drive the utilization of data = assertive initiatives, while also maintaining focus on our defense. Or vice versa. It’s always a two-way street.

What areas do you want to strengthen in the future?

All areas. The CDO Office was created in April 2021 and is still only a newborn team, so there’s still many things we need to cover to reach the level of satisfaction.
Having said that, we do have to focus on some things first. For now, much of our effort is spent strengthening governance and protection. In fact, we receive many inquiries from various teams on a daily basis about data handling and protecting personal information, which show how serious teams on the frontline of the business are about accounting for these matters in their daily operations. Our job is to protect the data and privacy of our users. From a different perspective, this means that we’re also responsible for designing the rules and processes that allow the teams on the first-line of defense to drive their own plans of attack with confidence. Building a solid defense in this way is the stepping-stone for us to be able to proceed with our own plans of attack with data utilization.

As a leader, what are some things you share with your team to be mindful of?

As a team, we often talk about how our services look like from the user’s perspective. By that I mean discussing whether our service isn’t designed in a way that makes users feel uneasy or uncomfortable.
From a data perspective, I believe we have one of the best environments in Japan what with the huge number of transactions recorded every day as a leading Funds Transfer Operator with over 45 million users. Since we handle such important user data in the millions each day, the service has to be something that users and merchants can trust, right? This requires not only legal compliance, but also, for example, a clear explanation on how data is handled. It’s also very important to offer users with methods by which they can easily control their data. It’s through refining these processes from the user’s perspective, that we shift closer to our goal of being recognized as a leading company in terms of data governance and privacy too.

The People PayPay Seeks for Its Defense and Offense

What sort of person would you like to see join PayPay?

People with a thirst for a challenge. To begin with, I believe that many companies do not yet have a CDO or a CDO team. In addition, our team is still in its start-up phase, and the scope of duties will continue to change and evolve.
My point is, things are still rather chaotic, so someone who’s good at creating rules and business processes at a rapid pace – and its’s fine if they’re a little rough around the edges as long as they’re to the point – they will be met with much welcome.

What skills are required in working with PayPay’s defensive framework?

This may sound abstract, but I want people on my team who never forget the user’s perspective, who always act with the user’s interests in mind. When you’re on the second-line of defense like we are, sometimes, you can get so wrapped up in complying with laws, regulations, and rules, that you start thinking that that’s what the goal is. What’s actually important is, how well we can deliver the best service to our users while making certain we’re abiding by the rules. If you’re thinking – “that’s exactly what a team on the second-line must take responsibility for if they want to drive the business forward together with the teams on the front line” – that’s the attitude we’re looking for.

In terms of specific skills, it’s desirable to have work experience related to privacy legislation such as the Personal Information Protection Law and GDPR or data management concepts such as DMBOK.

A message to those interested in joining PayPay.

Data governance is still not something that’s all too common, so there are not many people who have a perfect track record in the field. So don’t be shy – if you find yourself interested in what I’ve said, or think you’re a good fit, don’t hesitate to reach out to us! In fact, the current CDO Office is comprised of members from many diverse backgrounds, including engineering, legal, and business.
Driving data governance in a business that handles the largest amounts of data in Japan. Creating an environment in which users’ problems are solved through data-driven initiatives. If you think these things are worth your while and you want to take them on together with us – we’re waiting to hear from you.

Author: Yosuke Tsunoda; Supervision: Yosuke Terada; Editor: Keiko (PayPay Inside-Out Editorial Team)
*Employees’ affiliations are as of the time of the interview. ​​​​