In 2025, CX Network asked its members if they had an organization-wide approach to generative AI best practice and governance. 48 percent said no, with 37 percent saying yes and 15 percent unsure. In 2026 we asked the same question and saw a significant improvement, with 43 percent now reporting they have a strategy in place.
We sat down with Greg Hanson, VP and Head of EMEA North at Informatica from Salesforce, to discuss how data governance is becoming a competitive advantage, and practical steps organizations can take to build a strong data foundation.
CX Network: Why is well-governed compliant data not only a regulatory necessity, but becoming a competitive advantage for business?
Greg Hanson: I think well-governed data is becoming a competitive advantage because it's what makes AI-driven CX actually work in practice; organizations must have data foundations in place before they can effectively exploit artificial intelligence (AI). There have already been several examples of organizations taking the leap to soon without effective preparation, with AI making decisions and commentary that is not in line with the organization's ethics. In this context, companies are becoming increasingly aware that they need to focus on data governance, availability, and quality as a precursor and requirement before deploying AI.
In our latest CDO research we found that 29 percent of data leaders rank "enhancing CX and loyalty" among their top three AI use cases for the next four months. Almost one quarter also prioritize optimizing post-sales customer support. Many are struggling with the data foundations to make that work, though.
Historically, when organizations look at governance and compliance, they think of it as risk avoidance, which is what I describe as "defensive deployment".
Really, organizations should think of governance as "offensive investment" because in reality this is what is going to allow them to exploit AI, which will give them a competitive advantage. Of course there are productivity benefits that impact things like staffing levels. But it will also allow businesses to have a deeper, higher-fidelity relationship with their customers, and to explore new products and services with consumers that were not as available in the pre-AI world.
CX Network: What are some of the risks involved when AI doesn't have the correct contextual data?
Greg Hanson: The risks are high! As I mentioned, businesses need to look at governance as an offensive investment rather than simply a cost-saving or productivity driver. At the same time, they need to realize that AI itself is not a silver bullet.
It's not just about accessibility of data. Accessibility of data is important for training. When organizations use AI they expose themselves to risk by essentially outsourcing decisions.
Traditionally, companies will train staff and expect staff to tow the company line when it comes to ethics and morality. We're not in a world now where we can outsource our ethics to AI without the right training and questioning processes.
A lot of companies have deployed AI in what I would call "simple use cases" right now, where you've got generative use cases that organizations have deployed – things like their product libraries and manuals, and simple, secure data that isn't going to be high-risk. They've not leveraged higher-risk customer data. Many companies are now shifting in that direction but that's a whole different risk profile when you're starting to talk about customer data where there's Personally Identifiable Information (PII) and ethical responsibilities.
This is where people come into play as well, because it's not all about technology.
Governance needs to be supported by people who are trained to question, and help shape the AI, to ensure it can reflect the morality, ethics, and decision-making capacity that you would expect from the business, and that the business would expect from itself.
Businesses need to upskill people, which is an implicit risk in the business as well. There is what we call a trust paradox in which people within organizations understand that AI is going to be a huge gain to the organization but they also understand that there is a lack of confidence and awareness to be able to test and understand whether AI is generating the desired business outcomes.
We need to train our people to question and validate AI, which involves looking at the sources of data and how an AI was trained. We then invest in capabilities that visualize how AI has exploited data because ultimately, that's the angle regulators will be looking at.
Many organizations can't answer the question of how accurate their data is. Specifically within CX, a lot of companies have issues understanding who their customer is. This is one of the problems with duplicate information: a customer existing in multiple systems but not recognized by the organization as the same person. Introducing AI into a system like this can accelerate the problem because it will be recommending products and services that are irrelevant because it doesn't have a complete view of the individual.
CX Network: Customers providing false data can be a challenge for organizations. How can practitioners convince customers to provide accurate data?
Greg Hanson: There's been a renaissance of data quality within organizations because they're understanding that it is a huge prerequisite. The old adage of "garbage in, garbage out" still applies.
These days there is a lot of capability to look at data and to understand what data quality rules should be applied to specific data sets. When you're looking at a stream of, say, product data, we can apply data validation rules – is this a valid email address and is this phone number still in use? That kind of thing.
There's also the concept of the "golden record", where you match all the duplicates across different records that exist within your organization, creating a master record. That can help significantly with the challenge around inaccurate data. With the golden record, you can look at several touchpoints for the same individual, which gives better context and allows for more effective recommendations.
You develop what we call survivorship rules, where you can make sure that you get to that pristine record, even when customers might be entering incorrect information.
You can deploy standard things like name and address validation to make sure you have genuine, active e-mail and phone numbers. If you don't, then you should rely on your survivorship rules to get that information from somewhere else. That way you can follow up even though they've put the wrong information in.
CX Network: What are some practical steps organizations can take for stronger data governance?
Greg Hanson: Governance all starts with awareness. You need to draw people into the equation. You can use what we call data stewards to help build a more complete and company-specific data quality rule. Data stewards, who have a wealth of experience in data within an organization, can start to build the rules to validate, test, reject and correct data quality.
It is important to identify these people and embed them in the process. It can cause delays to AI deployment if you haven't thought about these things up front.
You also need clear ownership. What I have found is that those organizations making progress quickly are those that provide ownership at the C-level for domains of data that you might need to invest in to deploy AI.
For example, you might decide that the CMO is going to be responsible for customer data that will drive the AI application around cross- and up-sell. Assigning these to the C-level ensures that it gets talked about at board meetings and becomes an organizational priority. They can then clear roadblocks earlier in cycles so that deployment projects can move more quickly.
People need to be embedded in the investment of the right technology as well. You need a technology that can give you visibility of data assets and help correct accuracy issues on the aforementioned master record, then make it available to people in a well-governed way.
Moving forward in CX, AI agents will be talking to AI agents so data must be available and well-governed, so that agents can request it on an ad-hoc basis at scale.
CX Network: On that note, who should bear responsibility for AI and data in CX? Should it be solely on CX, IT, the CDO?
Greg Hanson: I see different companies taking different approaches. I do see the emergence of this as a new role for the chief data officer (CDO) as well, because a CDO often covers the data foundation capability that a company requires and is often responsible for the building and application of many of the governance roles.
In many companies, this is wrested upon them in order to manage the whole deployment of AI, but the reality of it is they can't do it alone.
As I mentioned before, when you look at the deployment of AI, you're going to need business users from different departments helping you to manage data and tune the AI. They're going to come from different roles, such as from the marketing office and the sales office. But as for ownership – I can see an emerging trend where CDOs are owning the deployment of AI. The one thing I'd say is that responsibility needs to have some clout because you need to pull people together. It needs to be C-level attention.
CX Network: What do you think of the emerging role of chief AI officer (CAIO)?
Greg Hanson: The CAIO is a reflection of what I mentioned before: you need someone with an overarching responsibility to make sure that they can drive forward the needs of the board and can work across different departments, ensuring that AI is bringing benefits to multiple departments and use cases.
There are also new regulatory requirements that need consideration. There are challenges for multinational companies in terms of "how do we use AI across different geographical and geopolitical boundaries?" For example, you might have a customer that sits across different regions that have different regulations. You need someone that's got the expertise to help make sure you can approach this appropriately when deploying AI.
CX Network: How should AI be assessed and measured, and how frequently?
Greg Hanson: Measurement in the AI world needs to be always-on. You need to look at whether AI is doing what you want it to do and representing the same ethics and outcomes you originally specified. This involves the people we mentioned earlier, people who are trained to question AI.
I think many organizations are too rigid in terms of bringing their way of thinking about total cost of ownership (TCO) and investments where there needs to be an almost 100 percent success rate in the TCO plan before investment in AI will occur.
In those types of scenarios, that means that some organizations aren't being inventive and creative enough with their use cases for AI because there are potentially many use cases, which they haven't even thought about yet. And if they're not giving time, space, and investment to be more creative, maybe they're missing the actual real diamond in the rough, so to speak, that could create some significant upside for the organization.
CX Network: How can businesses keep pace with evolving and geographically diverse data regulations?
Greg Hanson: You need the technology footprint and the architectural consideration. If you make the wrong decisions initially, you won't be able to scale it.
One classic example is looking at where data physically resides and the visibility associated with that. When the regulatory body comes knocking, you can show them and prove what we call the lineage in the life cycle of data, and make sure that you've got proof of how you deploy physically the governance rules that you've built.
It's not just enough to show, yes, we have governance rules, you need to show the application of those business rules within the flow of data that then gets acquired and consumed by LLMs.
Within that, you need your technology foundation to be able to tell you that this or that data shouldn't move to this or that lab, and the AI shouldn't be able to access this data because it's sitting outside the region.