Data governance is a data management concept that addresses the risk versus value of data across an organization from ingestion to analysis. Data governance is policy-driven to manage regulatory compliance, data quality, and data access. Good data governance means getting the right data to the right people at the right time to drive faster time to insights.
Data governance policies and procedure practices are underpinned by intelligent technology. Examples of technology enablers to enforce said policies include metadata-driven data lineage tracking, automated masking of sensitive information, role-based access to information to ensure trusted data is available to trusted data consumers.
These policies stem from the need to satisfy multiple compliance laws that regulate certain markets on how consumer personally identifiable information (PII) must be handled. In particular, GDPR and CCPA are the two most cited regulations, and have become frameworks for data governance regulations across many markets that are not specifically regulated by those acts.
According to GDPR.eu, the GDPR, or General Data Protection Regulation, “is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.”
According to The California Department of Justice, the CCPA, or California Consumer Privacy Act, “gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. This landmark law secures new privacy rights for California consumers, including:
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information; and
- The right to non-discrimination for exercising their CCPA rights.”
The Data Governance Institute (DGI) defines data governance as “a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.”
DGI has identified several Rules of Engagement that organizations can use to help guide their data governance strategies.
- Mission and vision — Present outcome measures currently in use. Initial characterizing outcome measures supports long-term efforts to identify common ground where standards can be developed and established, as well as identifying areas for improvement.
- Goals, governance metrics and success measures — Clearly define all measures of success.
- Data rules and definitions — Data must be defined using clear value sets and algorithms.
- Decision rights — Each data entry must be linked to its data steward, who is responsible for maintenance and collaboration between other data stewards.
- Accountabilities — A data stewards is accountable for their content.
- Controls — Tools must be present that support data entry and harmonization.
- People and organizational bodies — Data users are classified into data stakeholders (anyone with interest in using the data), data governance officers (steering committees), and data stewards.
- Processes: proactive, reactive, and ongoing data governance — Data handling must be mapped and harmonized among data stewards.
While there are many benefits to data governance, when pertaining to personally identifiable information, the main benefit is consumer protection and compliance to the law. The consequences can be devastating for both organizations and consumers if such information were to fall into the hands of malicious actors. However, there are other secondary benefits too, like improved data quality, and profit maximization. The following benefits are typical of quality data governance.
Consumer Protection — The main benefit of data governance is compliance to the law and ultimately proper consumer protection. The types of data that consumers are asked to entrust to organizations have the potential power to ruin both businesses and lives. It is for this societal reason that data governance is essential.
Organization Protection — Secondarily, data governance helps at the national security level. As cyberattacks multiply alongside the growth and evolution of the Internet, the citizenry of nations will also become targets of foreign influence. Proper data governance within organizations can help to defend against those exploitative attacks.
Improves data quality — Data governance aids in improving data quality by establishing proper data management processes that must satisfy regulations. This includes standardization of data, its replication and linkages, and understanding, important for data governance, where that data actually resides.
Maximizing Profit — Proper data governance brings with it the best practices that ensure a holistic understanding of a company's data. Understanding influences leads to profit optimization where system inefficiencies are eliminated through streamlined processes. Less errors, faster decisions, and high accuracy means spending less time and money managing risk, and more time improving and eliminating weak points.
Informed Better Decision Making — Streamlined data management with data governance features ensures a better decision making process and ultimately a better decision outcome. By initially managing underlying data, making it more accurate and refined, decisions are concluded from the most trusted and compliant information.
The main challenge for data organization is that it is increasing at an exceptional rate while much of that data is also personally sensitive. What this means for organizations is that they must devise a data strategy that will be robust enough to scale with those realities. These circumstances raise 5 data governance challenges for organizations.
Limited resources — IT departments are already loaded with responsibilities, and adding data governance priorities to their plate can become a burden. Proper forethought into the demands and needs of data governance efforts is the first step in planning limited resources. Often, software can help automate and relieve staff schedules, freeing up valuable time resources, and making each dollar spent more efficient.
Siloed data — As organizations increase their data management efforts, they typically deploy multiple data management applications. Data management is important, and while installing a full-spectrum management software capable of handling multiple responsibilities, governance, modeling, etc., seems ideal, practically, organizations will ease their ways into tools. Multiple tools mean data becomes increasingly siloed or segmented.
Lack of leadership — Data literacy and data leadership go hand in hand. Data leaders are expected to know what data priorities to go after, and how to get there. But because not everyone is data literate, this often surfaces as resource wastage. Ensuring data leaders are not just data literate, but are able to translate that knowledge into performance.
Poor data quality and context — Data collection has become a challenge to data quality and context. A key aspect of data governance is to collect data to meet requirements and regulations. Investing in analysis tools and people that can interpret collected data, and design future data collection efforts, including metadata, helps to ensure context becomes richer through analysis.
Lack of data control — Data overabundance challenges data governance efforts by complicating data control. Who to give access to what data? What this means is the need to limit data access and manipulations to those who are authorized for certain data.
Data governance is often perceived at being a thankless but necessary responsibility. All the more reason to systematize its practices within the organization. By relying on data governance software, much of the mundane data tasks can be corralled and possibly automated based on the application. Then by following organizational best practices, companies can reduce the amount of time paid to data governance while maximizing its overall impact.
Establish and meet company goals — Beginning by understanding the data goals of companies begins with senior leaderships view of what they want from their data. Typically this means better data but also cheaper. Senior leadership needs to increase data value by developing trusted data sources with relevant data, becoming transparent, streamlining process and reporting, monitoring overall data quality, complying with regulatory and audit needs, and investing in automation technology to remove potential errors and speed data analysis.
Establish and reach team goals — Data teams must focus on value creation using data analysis. This means something deeper than overcoming problems, it means finding root-causes and fixing those, and forecasting likely futures. To ensure this value, companies need to adopt data cultures supported through communicating topics about data governance and its value.
Data governance tactics — Two tactics stand out in data governance best practices, the identification of a data governance champion, a senior leader who can provide the energy to move data governance forward and energize teams, and senior level steering committees that establish data policies, standards, and procedures.
Data governance tools — Five tools are identified in generic form that dramatically aid data governance:
- Glossary of terms that describe standard data definitions and documentation, exceptions explanations, synonyms, or variants, etc.
- Repository of metadata all departments understand what data they are looking at.
- Data lineage ties together where data is from, where it has been, and how it has been used. Lineage is essential in making meaning of data as an asset.
- Data quality rule writers are applications that reconcile data by setting rules for managing data.
- Analytics and reporting tools such as trackers, monitors, reports, and metrics provide different analytical data views for different groups helping them in their day-to-day operations.
Communication specific and constant — Communication is essential for effective data governance. To be effective, however, different role levels require different level metrics. Senior management needs to see high level metrics without being bogged down in details. Mid-level managers need both the high-level that senior managers see, but also more depth of detail. Data scientists may see exceptional detail, months even years of data details. Likewise, data governance analysts will need a similar detailed view within the domain of dataflows and operational processes in order to investigate root-causes.
Data governance team structure — Five key roles will emerge based on data governance within organizations, though, a staff member may be responsible for multiple roles. Data leaders are responsible for vision and data strategy, while project managers, communication specialists, business-facing positions, and technical positions all work together to push data initiatives.
Make governance a trusted partner — Data governance can be seen as a costly, time consuming burden, but it should be designed as a value generator from the beginning. Avoid reinventing the wheel when it comes to processes and procedures. Promote data focused organizations and teams.
An organization's data governance strategy comprises the set of plans, processes, policies, procedures, conventions, standards, roles and responsibilities, and metrics that comprise its unified approach to data. This means that data is aligned with internal needs. Internally, data must be accurate, relevant, and current in order to be usable and useful. This data must also fulfill external requirements. A data strategy will ensure compliance and responsibly protect data against exploitation.
Build processes with embedded standards — Data governance handled early, in the design phase, helps to ensure the success of a larger data governance strategy. By building processes on top of standards, and then by allowing technology to monitor and respond to data, organizations can ensure uniformity throughout their system.
Implement a modern cloud data platform — Technology rapidly evolves providing advantages to adopters, and pushing holdouts further behind. By implementing a modern cloud data platform, with data governance features included, many companies can leapfrog the challenges of implementing and maintaining solutions themselves. In the cloud, vendors offer services that deliver to users value without the active management of updates backend, scaling resources, and protecting and securing data.
People and processes are supported by tools — In the end, all businesses are just groups of people working together. If the tools do not support the people then the fit is wrong. Companies must honestly assess and align the data literacy of their team with the appropriate platform. Find solutions that can deliver the appropriate data analysis and insight for different levels of people, like leadership, data worker, departmental head, and front-line data consumer.
Five tools are identified in generic form that dramatically aid data governance:
- Glossary of terms that describe standard data definitions and documentation; exceptions explanations, synonyms, or variants, etc.
- Repository of metadata all departments understand what data they are looking at.
- Data lineage ties together where data is from, where it has been, and how it has been used. Lineage is essential in making meaning of data as an asset.
- Data quality rule writers are applications that reconcile data by setting rules for managing data.
- Analytics and reporting tools such as trackers, monitors, reports, and metrics provide different analytical data views for different groups helping them in their day-to-day operations.