Michael Queenan at Nephos Technologies describes a three-step process for implementing an effective data governance plan
Many modern businesses have a difficult relationship with their data. There’s too much of it, it’s unclear where it is stored, who has access to it, who owns it and often, data security and data privacy are compromised, usually unknowingly.
The definition of Data Governance, as penned by the Data Governance Institute, is “a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.”
While that seems simple enough, many businesses struggle to put together a coherent data governance plan and as a result, miss out on future potential business value. Here are three key considerations:
Step 1: Get to know your data
One of the most common mistakes businesses make when it comes to data governance is to focus on the outcomes. By jumping straight to the governance piece, the essential phases of data discovery and classification get passed by. And that’s where the problem starts.
Without good data classification, any data strategy will miss the mark. For example, teams that look after data governance often make the assumption that there are solutions that will identify governance violations automatically. But if it hasn’t been specified at the onset exactly which discrepancies and violations need to be identified, that process becomes impossible.
Arguably then, the first crucial step for any business should be to define what data classification looks like for each unique situation. For example, customer data is likely to be held in different locations and various databases across the organisation. This disparate data, whether public, private, or restricted, can only be properly governed if appropriately identified and classified.
Businesses need to conduct gap analysis to identify violations and check for breach situations such as restricted data sitting on public sources. Without classification, data governance attempts will just provide huge amounts of output that are unmanageable and unusable to identify problems.
Step 2: Consider corporate risk vs data governance risk
Another mistake many businesses make is not distinguishing between corporate risk and governance risk. Many act on the mistaken belief that they are adhering to governance, when in fact, they are only addressing corporate risk.
Knowing where your data is held, who has access to it and how it might be vulnerable is a vital consideration, but these are often addressed as a concern of corporate risk rather than governance or compliance.
For example, if your business falls foul of cyber-criminals hacking into your central server, that is a corporate risk. And while organisations must safeguard third party data in their processes, it’s important not to mistake this for good governance.
For the C-suite, the risk of data governance is more relevant to the leadership mindset as a challenge they encounter regularly. What keeps most executives awake at night, more often than not, is the level of corporate risk-taking, rather than how they adhere to GDPR compliance, for example.
But when a data breach occurs, how many victims would know what data has been lost? Without good data governance, this is a very difficult question to answer.
Step 3: Adopt a data governance mindset
Achieving good data governance requires inputs from multiple levels within a business. Policies and procedures are as important as toolsets. Consolidated over decades of being viewed in the context of corporate risk, the attitudes and perception of data governance will likely need a refresh.
Businesses need to change the way they consider data governance which is often overlooked in favour of more compelling value propositions – until there’s a data-related crisis.
Education and training is a key way of highlighting how good data governance can underpin and address corporate risk. For example, if your business keeps restricted data on public sources, an effective data governance strategy will identify this, eliminating potential data violations, and addressing corporate risk.
The amount of data organisations have is only going one way, and that’s up. An effective data governance strategy helps organisations not only manage that data, but drive value from it. This in turn helps companies digitally transform and continue to adapt, scale and grow – and mitigate against corporate risk at the same time. It’s a win:win situation.
Michael Queenan is Co-Founder and CEO of Nephos Technologies
Main image courtesy of iStockPhoto.com
