Why data governance should be corporate policy

Data is like water, and water is a fundamental resource for life, so data an essential resource for the business. Data governance ensures this resource is protected and managed correctly enabling us to meet our customer's expectations.

data security encryption
Blogtrepreneur (CC BY 2.0)

Over the last eighteen months, we have been inundated by reports of businesses who have suffered from devastating data breaches. A majority of these incidents involved customer data that was entrusted to them. These incidences impacted the affected organizations in many ways from executive leadership stepping down to impending class-action lawsuits, or decreased revenue from the loss of customer trust.

It’s this picture of dismal customer privacy and the business world’s lack of security controls for this data that leads me to recall a question I have heard many of my peers ask after hearing about the latest breach: Why didn’t they have a data governance program?

Data governance is a methodical process an organization implements to manage their data and ensure it meets specific standards and business rules before entering it into a data management system. Data governance encompasses people, processes, and technology; each connected together as an essential program for different types of industries, especially those that must meet regulatory compliance guidelines such as finance, healthcare, or insurance. For companies in these industries to achieve compliance, they must demonstrate that they have a formal data management processes in place (using the above components) to govern their data throughout its lifecycle.

Implementing data governance from a process perspective involves four steps: data stewardship, data classification, data quality, and data management. These steps include information on how a company defines what the data types it owns; what data is considered critical to operations; how this data should be audited; and if the data should be monitored, stored, moved, changed, accessed and secured. It’s important to recognize that data governance is an ongoing process that needs to be aligned with business operations and evolve with the organization as it matures.  

Here are the four main components of a successful data governance program:

1. Data stewardship

The process of identifying and assigning roles and responsibilities. This step is where the business needs to identify who is creating its data, who has overall responsibility for the data, who uses the data, who routes it, and who oversees its use. The titles you typically see assigned under this process are Data User, Data Owner, and Data Administrator.

2. Data classification

This step is one of the most important for the organization. During data classification, the business will look at all of the data types it has identified and categorize them into groups. These data groupings will have labels such as “Public,” “Restricted,” or “Confidential.” With each label, there should be a description of the types of data that fall into that category and the security processes that should be followed in order to manage and protect that specific data type. I have seen data matrixes used as an aid to train employees on how they should protect the company’s information. During this step, I recommend including stakeholders from the various business units of the company because their insight will be needed.

3. Data quality

The next process of an enterprise data governance program will involve employees who are using company data for specific operations. Data quality is the process of measuring the reliability of current datasets to provide information that can be used to make organizational decisions. If users input data into business intelligence software that is not accurate, then the resultant datasets used for strategic planning can be skewed. As you can imagine, not getting this process right can significantly impact an organization’s ability to conduct business. Data quality is the one component of the data governance program that must be fully mapped, managed, and audited to verify the resultant datasets are clean and accurate.

4. Data management

The final process where all the organization's data governance efforts come together. Here is where the company actively manages its data governance efforts and involves the creation of the architectures and business processes required to properly maintain the organization’s data through its full lifecycle, from inception to retirement. During data management, organizations will have data owners as members of long-term projects for the implementation of data portals or cloud technologies. This process will make business data usable in multiple formats and available to teams no matter their location. It is in this process that workflows for how data access will be mapped, implemented and audited in order to verify data is protected with the right level of security.

In previous articles, I discussed how data privacy should be a strategic initiative for businesses. I stated that companies should train their employees and make sure they understand that data privacy is an “every employee” initiative. For firms to do this efficiently and continuously, they need to enforce data governance processes. Data is like water, and water is a fundamental resource for life, so data an essential resource for the business. Data governance ensures this resource is protected and managed correctly enabling us to meet our customer's expectations.

This article is published as part of the IDG Contributor Network. Want to Join?

Related:
NEW! Download the Winter 2018 issue of Security Smart