When a client asks us to help them to define what their data governance strategy should be, we like to turn to one of the oldest clichés in our industry – that data is the new oil. If data is the new oil, then consider those in data governance to be the site managers and operations teams who make sure that the oil is extracted efficiently, safely and profitably.
Data governance is not about stopping members of staff from doing things with data. Best practice in data governance is about exercising positive control over every element of the data held by a company through pro-active management which includes planning, monitoring, and enforcement.
Data governance should support a business, by helping that business to achieve its strategy and vision by defining and communicating both data strategies and policies. It is about understanding and promoting the company's data assets, tracking and enforcing legal compliance and managing the data and any problems relating to its use and storage. Data governance needs to work in every area of a company and is not the sole domain of the data operations or data science teams - or the legal or IT departments.
Developing a data policy
Data governance can only work effectively when an established set of rules and policies are explicitly defined. This establishing of rules is similar to how a state runs a country, and for the same reason - to avoid chaos, ensuring everything is orderly with clear guidelines for how to do things and what to do when things go wrong, and ultimately for the betterment of all. Companies need to take full responsibility for all the data in their care and for how they share that data. So there must be policies concerning all personally identifiable information and how, whenever the company holds it, how employes should use and with whom they should share it.
It is vital to have these policies and rules written out and in place. However, written procedures are not sufficient unless the company fully incorporates them into the business culture and values of the company. All staff should be made fully aware of what these policies state, alongside their personal responsibility concerning policy compliance.
Governance policies also demonstrate to customers and potential customers, among others, that there are rigorous standards around the use of data within the business, and that data - particularly customer data - is respected.
Having a policy in place mitigates the impact of any data breach, loss or theft, as well as reducing the risk of this happening in the first place. Let's imagine a TV data breach has occurred at an organization. Compare the following two scenarios. In the first case, no data policy was in place. It takes a while to identify the low-level employee responsible for the breach. While s/he had made a mistake, it turns out s/he was new and hadn't received any training about the consequences of making such a mistake. And s/he could hardly be held responsible for the fact that a lot of PII data, which the company had failed to anonymize, was captured by the hackers. Who was responsible for the PII data? Nobody is sure. In the second scenario, everything is very different as those who wrote the governance policies had spent a lot of time thinking about data breaches. It is much less likely the breach would have occurred at all as the training of new staff in the norms of how the company treats its data would have both made mistakes less likely to happen and would have meant the staff member who made a mistake immediately reported the problem to his or her manager. Knowing a mistake had been made would have allowed the company to close the vulnerability before a breach occurred.
Appointing a data steward
Data governance begins by appointing a data steward. S/he needs to control and manage the data per both company policy and any legal requirements, such as GDPR, and his/her responsibilities need to include all aspects of the data lifecycle, including collection, storage, quality, security, access, usage and licensing. These responsibilities can include, but are not limited to: • Creating a gateway structure for any new requests for data usage. • Devising a standard procedure for dealing with any new requests to ship data to third-parties outside the business • Approving any changes that occur, or requests made to change existing in/out data feeds. • Devising or approving all key policies and processes, as well as any changes made over time to these policies and procedures. • Promoting a data science culture across all areas of the business so that all employees understand the value of the data -although the steward should have the support of senior management for this endeavor.
Benefits of data governance
Data governance is a necessity for even smaller companies that are trying to embark on a TV analytics program – but members of staff should not view it as a chore. Data governance brings multiple benefits for companies: • Increased control of the data and hence of how the company operates, with this control in the hands of high-level executives • Understanding the rules of the road. With good data governance, it becomes much easier to see what is possible and what isn't. • Insulation from, and reduced risk of, data breaches, hacking, etc. • Increased accountability. With good data governance, it becomes much easier to see who is responsible for what, meaning things don’t get dropped or missed. • Across the board, the entire team will get a much better sense of the value of the company's data and why they need to get tasks such as manual data inputs right every time. Members of staff will also trust in the data and the data processes more than before.