046 Getting IAOs engaged with Sheena Fisher Artwork

Journals of the Information Entrepreneur - Jacqueline stockwell

Welcome to "The Journals of the Information Entrepreneur"! Hosted by Jacqueline Stockwell, CEO and Founder of Leadership Through Data, this podcast is dedicated to empowering and inspiring information leaders across the globe. Jacqueline shares her expertise in revolutionizing information management training and delivering it in a way that captures the audience's attention and ensures their time is well spent. In each episode, Jacqueline engages with industry experts and thought leaders to discuss the latest trends, challenges, and best practices in information management.

All Episodes

Journals of the Information Entrepreneur - Jacqueline stockwell

046 Getting IAOs engaged with Sheena Fisher

March 10, 2026 • Leadership Through Data - Jacqueline Stockwell

0:00 | 23:13

Send us Fan Mail

In this engaging interview, Sheena Fisher, a governance manager at East Anglia's Children's Hospices, shares her journey in information governance, focusing on data protection, stakeholder engagement, and building a culture of ownership among information asset owners. Discover practical strategies for fostering collaboration, overcoming objections, and elevating your influence as an information leader.

keywords

Data Governance, Information Asset Owners, Data Protection, Stakeholder Engagement, Healthcare Data, Data Privacy, Data Security, Leadership in Data, Data Culture, Data Management Best Practices

key topics

Data ownership and accountability in healthcare

Engagement strategies for information asset owners

Building a culture of data protection and trust

guest name

Sheena Fisher

Titles

Building Data Ownership: Sheena Fisher's Journey in Healthcare Governance

How to Engage Information Asset Owners Effectively

sound bites

"Ownership driven, not policy driven"

"Getting buy-in through risk and trust"

"From workshop to real change"

Chapters

00:00 Introduction to Sheena Fisher and Data Governance in Healthcare

01:09 Sheena's Role and Core Challenges in Data Protection

02:53 Understanding the Role of Information Asset Owners

04:22 Initial Steps to Engage IAOs and Build Trust

06:33 Targeting Critical Data Areas and Overcoming Skepticism

08:07 Using Risk and Practicality to Land the Message

10:42 Organizing Effective Workshops for IAOs

12:35 Addressing Objections and Embedding Ownership

15:07 Innovative Engagement Techniques in Workshops

16:20 Results and Outcomes of Engagement Efforts

17:10 Sheena's Elevator Pitch and Personal Branding

18:09 Delivering a Powerful Elevator Pitch with Confidence

18:58 Investing in Personal Development and Growth

19:53 Quick Wins and Impact of Empower Program

20:44 How to Engage IAOs in One Month

21:32 Final Advice: Be Bold, Be Brave, Be Beautiful

resources

East Anglia's Children's Hospices - https://www.each.org.uk/

Data Protection Security Toolkit - https://www.privacy.org.uk/

guest links

LinkedIn - https://www.linkedin.com/in/sheena-fisher/

Support the show

SPEAKER_01 0:04

Hello and welcome to today's show. I'm Jacqueline Stockwell, CEO and founder at Leadership Through Data. I inspire and motivate information leaders across the world. Hello and welcome to today's show. I'm joined by Sheena Bishop. She's a governance manager for data contracting at East Anglia's Children's Hospice. She provides supporting services across Cambridge, Norwich, and Suffolk. Sheena works at the intersection of data protection, trust and care in an environment where information governance really matters. Each, which is the abbreviation of her organization, supports children and families at some of the most vulnerable moments of their life. And Sheena's role is about ensuring privacy, dignity, and children's rights are built into everything the hospice does, from care delivery to fundraising and volunteering. What I love about Sheena's pro approach is that she goes beyond compliance. She focuses on making data protection practical, meaningful, and human. So people understand why it matters. It's not just about rules.

SPEAKER_00 1:08

So welcome to the show today. Thank you, Jackie, for those kind words and thank you for inviting me to be with you today. I think it's an honour. So my role at Each is I am fundamentally the data protection officer, and that includes protecting informative information and building trust to our service users, colleagues and volunteers, and anybody that shares any personal and sensitive data with the hospice. The core problems that I've encountered, and this isn't just to each, it's all across any organization that I worked at as a data protection officer, is about own of ownership of data. It's not always policy driven, and it sometimes it shouldn't be policy driven. The policies are there to support, but sometimes you have to it it to me it's the risk appetite across all service areas. The other thing that we are always protecting against is cyber threats, jeopardy of data, vulnerabilities, those all come into data protection. And we're always sort of, you know, trying to keep our head above the curve with all of that. You know, in my experience, sort of risk grows quietly through sometimes, you know, our information asset owners that they have this as an aside in their job roles. So work overloads sometimes, keep an eye on what they're doing as an information asset owner and their data. It can be sometimes unclear. The accountability of it can be unclear. And sometimes, as I said, with their workload, it can fall a bit down the pile.

SPEAKER_01 2:45

And so I'm really glad you uh brought up information asset owners because it's quite a big topic um within our industry. So when you first started, what was the reality of information asset owners within your organization? Were they disengaged? Was it unclear? Did you have an amazing structure? Or they just stretched?

SPEAKER_00 3:05

When I came into each, because you know we're we're split across tri-sites, it's not as if we're all in the one building. And that's my first this is my first experience of working across tri-sites like that. So it is just when I came in, I sort of had to make a um concerted effort to sort of understand how they all worked. And I must admit, this one of the organisations that do take information asset owners seriously as part of GDPR, and they do have this written into their job description, so it is something that they take ownership for. They care deeply about the person-sensitive data that they hold because you know that we all have to be compliant and due to confidentiality without whatever we do within health and care. Um, a lot of it was that before I joined, they were left sort of managed as information asset owners. So I think they were sort of to say running feral is a bit unfair, but they were sort of um, you know, doing what they thought was right. The they just sort of were doing their best job, and I think they were sort of pleased when I came on board. Nice and they sort of you know, they had a lack of support engagement previously as well.

SPEAKER_01 4:17

So you get you gave them a bit of guidance, you kind of saw the lay of the land and then thought, right, okay, well, let's kind of progress this further, give them some guidance, give them support and get them engaged. So I really want to talk about because we've been working together for probably about a year now, I think it is, um, around the engagement of your IAOs. So take me from the beginning, take listeners from the beginning as to what was your first move to get IAOs sort of leaning into you and who did you start with and why.

SPEAKER_00 4:51

Okay, so my first objective from my line manager was because um for those that work in the healthcare industry, you'll know that annually we have to complete a data protection security toolkit. And part of the attainment level on there is that you're doing DPIAs and you know, your house is in order with regards to data protection. So I started s uh setting up across all service areas um face-to-face meetings with the information asset owners so that I could understand what their DPIs again, what data they were sharing, what data they, you know, what third party platforms they were engaging with. And and of course, in a charity sector, you you know, there's a lot of fundraising, so there's a lot of engagement with third parties there. So just get as I say, get to know how all the cogs in the wheel functioned. Um, I could also, from those face-to-face meetings, is ascertain where they were struggling. Their reaction to me, as somebody that's come in with a lot of experience, you know, I I didn't want to start off with, you know, um them sort of think, okay, we've been on our own for a little while, somebody with experience is coming in, new brush sweeps clean. I wanted to build a collaborative working relationship, which I sort of talked to them, asked them what their sort of concerns were about their data risks, you know, how they were sort of mitigating those, their struggles with their role, gaining their trust basically, and exposing my own vulnerabilities around my role, i.e., I don't know always know all the answers.

SPEAKER_01 6:30

And I think that's so important, certainly when you get engagement, it's about building that relationship. And I do feel that the majority of our job as an information leader should be relationship building, because actually you can't get things over the line without building those relationships with people to do things for you. And that's exactly what you've described there, and I think that's such a great methodology. Yeah. So, you know, talk back a little bit about you. So, did you go how did you feel when you were starting to do that outreach stuff with them? Like, were you willing to do did you target the most willing people first, or did you head to the areas where there was sort of more critical, sceptical people?

SPEAKER_00 7:14

I think to me, fundamentally, it was the areas that were shared, you know, you know, had sort of a lot of personal sensitive data that they were holding, i.e. the care teams, because we are predominantly about providing care and um patient care. So I think I reached out to the care teams first and sort of met with them and got their understanding of, you know, the systems that they're using, how they're collecting, how they're saving the day, data retention, all of those sort of conversations. And then I sort of went to the other big area, which was our fundraising area. And then I sort of went round the other sort of the volunteer data, the education data that the education suite used, which are all of those teams just, but I sort of thought my own self I had to start where there was a bigger collection of data, should we say?

SPEAKER_01 7:58

Nice. So uh I just want to probe a bit more in there because what what did you actually do to get them to what message did you use to get to to land, to get them to sort of sit up and listen? Was it around the risk that you talked about earlier? Was it around the value of the information that they hold? Or did you say, I've got a particular mission to deliver this?

SPEAKER_00 8:19

It wasn't about r I mean they identified what the risk is is as having that having all of that. I think it was to get their buy-in that, you know, we were a sort of team on our own, even though I didn't manage them. And I explained to them, you are my ears and eyes on the ground. So, you know, I can't be in all of these locations at once. They understand the importance of the data that they're using. They understand the, you know, they're doing it all. I just think that they felt unsupportive. And I just sort of it's that open door culture that they could come to me with any question and or if they just wanted to talk to somebody about it, that you know, open door policy. And I think from then, slowly but surely over the past year, because it's just over a year since I started it each, you know, I'm I'm just blown away by the engagement I have with the information asset owners and that they do come to me with their questions. If they don't know the answer, they'll say to their team member, they go to their manager with Arsheena. You know, I I said to them that the data protection role is there as an advisory capacity as well as ensuring that the organisation's data is protected. Yeah, agreed.

SPEAKER_01 9:29

So so I just want to delve into that like a little bit more because you know, we'll we'll talk about the story and all the amazing stuff that you've done to get where you are and what you've just described. But what did you actually say to them to make them care about what you needed to achieve, which made them care about, you know, looking after that information which has got you the outcome right now?

SPEAKER_00 9:48

I think it was a case of this isn't sort of me sort of dictating to them what they have to do around data. There are laws and there's a day, you know, and then as they all know, there's the the data protection security and toolkit that we have to adhere to. So it's not really sometimes it can be thought of as a tick-box exercise, but I think it was just sort of saying to them, yes, it is a tick-box exercise, but I just want you to ensure that we are ensure me and our senior management team and our trustees that we are doing or we say we are doing to protect data.

SPEAKER_01 10:25

And I think that's more your approach there in building those relationships with them as well that enable them to actually care about what you're trying to achieve as well and being that visible person, like being more proactive rather than reactive. So I think it's I think it's great. Um, so what did you put in place so it wasn't a one-off conversation that you had with them? How did you make the ownership of IAO stick with them?

SPEAKER_00 10:51

So what I did was um earlier in in this year, February, I um put together a information asset owners workshop. Um and I wanted it to be engaging because you know you can bring a a group of people into room and and thankfully they all know one another because they we all work for the same organisation. But you know, if you send out an invitation to your colleagues to say, you know, data protection information asset workshop owners workshop, they sort of think, what do you know, data? What's exciting about that? So I think fundamentally I wanted it to be an engagement date. I wanted them to go away feeling worthy and valued and empowered to go and do their role. So I sort of took them back to the basics really, and I just got them to engage with me at the workshop about their struggles if they didn't understand something. And I make it lighthearted. And um I also got our IT manager come along and he shared some value, valuable statistics with them about, you know, organisations that have been fined and you know, things that sort of would resonate with, you know, managing data, cyber threats, those sort of things. I think they could understand what they were saying, but they said we want a process. We would like you to give us a process of what you want us to do, particularly with um the annual reviewing of what we call them an information governance risk assessment. So that is your DPIAs, it's your record of processing activities in there. And it was just sort of their biggest objection is we have to do this annually. Can we work together to make it slightly easier?

SPEAKER_01 12:36

One of the biggest things that I find that people object about is that they say the information asset owner isn't their job. You said quite clearly at the start it's in their job description. Yeah. What is the one thing that you could offer a piece of advice if people are struggling with that kind of objection?

SPEAKER_00 12:54

I think if it is in their job description, you know, it's it's we've just been having an internal conversation about some of our information asset owners are really struggling with doing their annual review of their, you know, risk assessments, and they are talking about handing the role down to an information asset administrator. I don't mind an information asset administrator taking on the roles or perhaps working with the information asset owner, but I think it is something that sits within a level of management within an organization where they're accountable and take responsibil responsibility. So I think the biggest thing is if people are struggling with it, have it put in somebody's job description so that I mean I know it's a bit difficult to add it in if they're already in in in post, but if you're looking at um reviewing roles or advertising for roles, put it in so there's no hidden, you know, it's not in that anything that's anything in this job role that's that's expected of you. So they can sort of, you know, when they're applying, know that that is expected of them.

SPEAKER_01 13:59

Nice. And I'm all for magic mistakes. What did you try that didn't work so listeners can avoid and not do it?

SPEAKER_00 14:06

Work? I think it was trying to sort of I've had to pace myself. You know, I was keen when I got in to do my objective to do it sort of do it within a sort of within six months of me being within the role. It's taken me a year. And I think you've got to you've got to because I'm one person doing this role and I've got this responsibility, you think everybody else should be sort of if I go to them and say, um, I want to do this, that they're there, ready, uh willing and able but I have to take into account that they're busy people. And I think it would just sort of slowly but surely um get in the engagement and it was just sort of to starting off with we've got to do this, we've got to fix this up I sort of I guess it's me I was a bit edgy about what was going on and I thought with data and threats going on with cyber and and anything like that, I just needed to be out there and ensure everything was as it should be. So trying to run too quickly, I think. So don't don't Nice.

SPEAKER_01 15:11

And then engagement. So what did you do in your workshop that you've never done before to get the engagement from the IAOs?

SPEAKER_00 15:20

What did I do in my workshop? I did quizzes. I did, you know, when they got the answers right, they went up the ladder, or if they got the answers wrong, they went down the the down the snake. I I made it fun. And I also knew that they were all of the same level in there. So I didn't, you know, there's whoever wins gets a prize. I didn't sort of take one prize in, I took numerous prizes in in the form of chocolates to everybody. So at the end of the day, everybody got chocolate at the end of it. Yeah. So it was just sort of to make it sort of engaging and um you know, working together.

SPEAKER_01 15:55

Yeah, and we worked together on that presentation, didn't you? And you tried out some of the the concepts that I've suggested. And what feedback did you get from it? Very positive.

SPEAKER_00 16:05

Very positive. You know, I I sort of felt uh you know, as if I'd really achieved, um, because the the the IAO has been giving positive feedback. Not not both just to me, but to our IT and manager. They said we worked very well together, we delivered the workshop very well, very informative, very engaging, a two-way street.

SPEAKER_01 16:29

Fantastic. And have you seen any good uh better results as an outcome of that so far? If you've done a review?

SPEAKER_00 16:35

Well, just particip we've just been doing my annual reviews with each of them. And you know, into when I do my reviews with them, they've just said, you know, we took away from what we learnt at the workshop, and we're going to do this. So, you know, that's really heartwarming.

SPEAKER_01 16:49

Amazing. And you should be so proud of yourself that you've done that and you've really got that engagement. So I want to talk a bit more about engagement, and I want to talk about your elevating pitch. So we've been working together on the Empower program uh for a while now, and one of the key things is for me is that I want information leaders just like you, who's demonstrated how awesome you are that when you walk into a room, you get authority and credibility when you're starting to talk. So tell me your elevator pitch, Sheena, that we've been working together on.

SPEAKER_00 17:20

Okay. Hi, I'm Sheena. I'm the governance manager for data, contracting and audit at East Anglia's Children's Hospices. We support children and families at incredibly vulnerable moments. So getting data protection right really matters. I make sure privacy, dignity and children's rights are built into everything we do, from care and family support to fundraising and volunteering. My role is about more than compliance. I help turn data protection into practical, trusted ways of working so the hospice can operate safely, ethically, and with integrity. An elevated pitch is to just explain what we do, how we do it, and what we want to achieve. So hi, I'm Sheena. I help colleagues take clear, not after something goes wrong. I work with service leads so they feel confident. Managing information is part of their service, not as an extra burden.

SPEAKER_01 18:18

Nice. Done? Nice, amazing, well done. And I think that's really powerful for us to include that in the show today. That you know, you're feeling the importance of having that elevator pitch, aren't you? That you can introduce yourself in the business to really kind of make your stand as an information leader. Um, so people can sit up and listen. So now what you need to do is learn it off by heart, Sheena. Yeah. And then say it with some conviction as you go forward. But I think it's sensational that you shared it with us and you've shared your vulnerability in doing that um on the listeners, on today's show with the listeners. Just last thing, I want like kind of question I want to ask you. Um, there's been some real challenges in the UK, certainly around the funding for training and education. One of the questions I want to ask you is when you realise that your organisation wouldn't be able to pay for your professional development, what has made you invest in yourself?

SPEAKER_00 19:08

Well, I guess if I want to influence f influence, I I need to take responsibility for my own personal development, you know, and keeping up to date with data interrogation, ever-evolving world of data management management, I've got I've got to put myself out there to make sure that I'm keeping up to date, taking the opportunity to refresh on delivering change, you know, taking responsibility for my own impact and you know, focusing on what the charity needs with regard to delivering you know data protection across the board. So it's all about me wanting to be the best form of me that I can be. And if that meant me dipping my hand in my pocket and doing it, I was prepared to do that.

SPEAKER_01 19:51

Nice. And what have you invested in?

SPEAKER_00 19:53

Yeah, be bold, be brave and be beautiful.

SPEAKER_01 19:56

Nice, nice. And we've been working together on the Empower Programme, haven't we? The Leadership Through Data Empower Programme.

SPEAKER_00 20:02

Yeah.

SPEAKER_01 20:02

So what's one of the investments that's paid off for you quickly and what's changed in how you show up or influenced others because you've done this self-development yourself?

SPEAKER_00 20:13

I think, you know, I feel as if I've got more confidence. I'm not gonna say, you know, credible, because I know I'm credible credible anyway, and I know that I can influence, but it's just making sure it's that sense checking that you know, what I've um been gaining through doing the empower program that I can deliver immediate practical solutions, you know, feelings of empowering others and having the confidence to do that. Amazing, sensational.

SPEAKER_01 20:43

So, Sheena, how can listeners reach out to you uh if they um wanna know any more about the amazing work that you've been doing, you've been talking about today? Do you do you mean through each or Well, I do through each because you're not on LinkedIn, are you? You know LinkedIn? I I'll just take that question out.

SPEAKER_00 21:01

Let me just go on to the other one. Because you've got some other there's some other questions. How did you decide what was worth spending money on?

SPEAKER_01 21:07

Yeah, what I'm gonna do is I'm gonna ask you one more question because we're just slightly over time, so I'm just gonna shorten it.

unknown 21:13

Okay.

SPEAKER_01 21:13

So if someone's listening um about the information asset owner work that you've done and they need to engage them within the next month, what are your top three suggestions for them to execute straight away?

SPEAKER_00 21:27

I would say show openness and honesty at the same time, lead with purpose, make ownership of being an information asset owner practical.

SPEAKER_01 21:37

Nice. And what's one sentence you can tell anybody who's waiting for permission or funding to grow?

SPEAKER_00 21:43

Invest by paying into your own personal development piggy bank and let the results speak for themselves. I love that, Sheena. I love that.

SPEAKER_01 21:52

I love that. So if the listeners want to reach out to you, they can go uh direct via reach if they want to eat each I can get that edited. Wow, doing really well in each. But thank you so much for your time today. It's been absolutely sensational. I wish you the continued best success going forward. Thank you for coming on the show and sharing all the positive things you've done and opening your vulnerabilities to your new elevator pitch, which I look forward to hearing and seeing you deliver that to me as we go forward together. Thank you very much, Jackie, for inviting me. You're welcome. Thank you. Thank you for listening to the Journals of the Information Entrepreneur with me, Jacqueline Stockwell. I hope you found this episode inspiring and helpful and have some takeaway tips that can be useful to you. If you liked this episode, please like, review, and share it with your friends. Your support helps us reach more information leaders to stay inspired and listen to great content. Want to test out your strengths and weaknesses and measure it against our Empower framework? Please complete the scorecard. It's a great way to improve and evaluate your skills. You can find the scorecard at the end of the description of this podcast. Stay tuned for new podcasts every Thursday and remember to be bold, be brave, and be beautiful.