Experts explain why new trust-focused C-suite role could create more problems than it solves
Canadian organizations are facing a new era of risk and complexity, putting trust at the top of the agenda.
As a result, a survey of 1,000 UK business leaders found that 97 per cent believe a chief trust officer (CTrO) is “urgently needed” to address uncertainty and improve trust in data, technology, and governance.
The rise of AI (37 per cent), cross-border data regulations (34 per cent), and persistent cybersecurity threats (34 per cent) are the main external factors increasing this need, found Commvault.
But is appointing a CTrO the answer?
Not necessarily. According to two Canadian academics and new research from Commvault, the real solution is much closer to home: HR must step up and lead trust-building efforts across the enterprise.
Christian Cook, professor of human resources at Mount Royal University, cautions against isolating trust in a single executive role. She argues that trust cannot be delegated or siloed to a single department or person – instead, it should be woven into every policy, behaviour, and leadership decision.
“I get worried about it getting isolated and perhaps even undervalued, which I think is the opposite of what they're intending to do here,” Cook says, adding that trust, if assigned to a single officer, could be seen as someone else’s problem, causing other leaders to disengage.
“When I think about trust and ethics and integrity, I feel like that's really something that should be embedded in every C-suite and every employee.”
CTrO in Canada: necessary or impractical?
However beneficial such a role might be in a large organization, it wouldn’t make sense for Canada, according to Leda Stawnychko, associate professor of strategy and organizational theory at Mount Royal University.
The reality is for most Canadian employers, creating a new C-suite role is neither practical nor necessary.
“Most [Canadian] organizations are small sized, under 50 employees,” she says, adding that HR should be stepping up and going beyond the role of rule-enforcer to one of policy-maker.
“They employ a majority in the private sector. These organizations are not going to be able to have a designated person at that level, just dealing with trust … what we want to be doing is strengthening the role of HR.”
Trust and technology: the HR connection
The Commvault report found that the most in-demand skills for a CTrO include:
- a deep understanding of data privacy and regulatory frameworks (28 per cent)
- knowledge of AI governance (27 per cent)
- the ability to build and sustain stakeholder trust (27 per cent).
Cook, however, cautions against separating “organizational trust” from “data trust”, instead stressing that trust must be holistic and integrated across all aspects of the business.
“I really feel strongly that that trust needs to be threaded through absolutely everything we do in an organization,” she says, sharing that in the classroom she uses the term “relentlessly trustworthy” as a non-negotiable organizational value.
“So you are never in a position where you are failing to build trust, and if something happens in an organization, trust can be built by addressing whatever it is that needs to be addressed … organizations and leaders need to be incredibly trustworthy, and they just can't tolerate behaviour that isn't trustworthy.”
This means trustworthiness should be employed consistently across the organization, Cook explains. Organizations cannot claim to be trustworthy in one area, such as data privacy, while neglecting fairness or transparency in others, like pay equity or workplace culture.
Board-level trust governance and HR's role
Stawnychko adds to this point by emphasizing HR’s role in bridging technology and people, rather than further fragmenting accountability.
“We don't need more titles,” she says – in practical terms, this means HR must work closely with IT, legal, and executive teams to ensure that trust is considered in every decision, from technology adoption to policy development and employee communications.
“What we need is more trust, and we want to invest in the leaders that we already have, and within the HR portfolio,” says Stawnychko.
“HR leaders can support this by promoting leadership development, bringing in the skills that we need to have so that trust is something that is embedded throughout the organization, at all levels of the organization, but particularly leaders and managers.”
Cook points to board level governance as another priority for trust building throughout an organization -- rather than assigning data trust to C-level officers, it should be directed and monitored by the board to ensure it is infused throughout.
"Especially now with AI and the amount of employee, customer, competitor data that is being held, I think that it's super important," she says.
"What are we doing to keep the integrity of data privacy, and what are we doing to create conditions where employees understand responsible and acceptable use of artificial intelligence? ... I think that those things are of such importance that they should actually be part of the board oversight of an organization."
Crisis management and communication
Commvault’s survey reveals that rapid crisis response is a top priority for business leaders, with 30 percent identifying it as a key responsibility for trust-focused leadership.
The report also highlights the importance of transparent communication and stakeholder engagement in maintaining trust during high-stakes events; as Stawnychko explains, when a crisis hits, such as a data breach or ransomware attack, how leaders communicate can make or break trust.
Trying to protect employees or control narratives to minimize impacts can seriously backfire, potentially damaging trust in the long-term; employees are capable of understanding complexity, she says, and treating them with respect and openness is far more effective than withholding information.
“What happens is, employees are treated as if they didn't have the ability to comprehend complexity,” Stawnychko says.
“’We can't give you all of the information because you can't handle it, so we're just going to lie to you, because it's easier for you to understand’ … From that point on, any trust that had been built for decades is completely lost. Nothing that comes out of the mouth of leadership ever again will be just taken at face value; they'll think that there's an agenda.”
Building trust without a CTrO: practical steps for employers
Commvault’s research suggests that the most effective trust-building strategies involve a combination of leadership, communication, and ongoing training.
Cook stresses that organizations should be proactive through crisis simulations and training, rather than reacting after the fact.
“I think that a lot of organizations are doing this,” she says.
“It's really important that they do dry runs of this, that they actually do simulations, so that they're not caught off guard in the case that something happens. … That this isn't just something we're going to sort of dump on the marketing and communications group.”
She stresses that simulations are not just a box-ticking exercise, but a vital learning opportunity. By bringing together cross-functional teams including HR, IT, communications and leadership, organizations can identify gaps in their crisis response, clarify roles, and develop clear protocols pre-emptively.
The exercises also work to foster a culture of transparency and accountability, reinforcing the very trust that organizations seek to protect, says Cook, adding that ongoing updated training is also essential for general trust in organizational trust in data security.
“I think some people just maybe assume that employees know that, and what I'm hearing out there is that they don't. So I think that there's an obligation to provide employees with what they need to know to also help keep the organization safe.”
