7 Best Practices for Successful Data Governance Programs
- Read original article here
Data governance isn't about making the right decisions. It's about making decisions the right way.
As a practice, data governance has grown over the years from relatively simple policies for data security and privacy to a broad enterprise-wide initiative covering not only access to data, but also the application of data in business intelligence, analytics and machine learning plus the purposeof data for marketing, sales, research and so on.
While a better process typically leads to better outcomes, there's a risk if the systems of oversight for a data governance policy get tangled up with financial or productivity goals. Shortcuts are tempting, but they can compromise regulatory compliance, business reputation and operational effectiveness.
The rise in governance awareness has coincided with the rapid growth in data privacy and protection legislation and regulations that primarily are being driven by public concerns over the misuse of personal and private information. Good data governance is a useful policy in and of itself. Yet any governance program needs broad organizational support to be effective. If, for example, a data governance program is motivated to be on the right side of regulations, then compliance will likely be a company's first concern. Compliance should then address key issues, including what it will take to meet a regulation's requirements and whether the source of the regulation is a government, a professional body or an internal code of practice. What is data governance and why does it matter? 15 top data governance tools to know about in 2022 Download this entire guide for FREE now! An ineffective data governance policy can lead to broken processes. But even a well-governed organization may not be fully compliant if it overlooks or misunderstands part of the regulation or doesn't keep up with rules changes. Just as governance and compliance are related but separate processes, so too are privacy and security. For example, a home without the window blinds drawn may lack privacy but might be relatively secure if the doors are locked. On the other hand, a home with the blinds drawn and doors unlocked may feel more private but less secure. Therefore, even though data security policies within a governance program can make data privacy efforts easier, data privacy policies must include provisions for security protection. Adhering to governance best practices can help promote greater confidence and trust in data quality, usage, privacy and security.
Many of us work in highly regulated sectors, including public service, healthcare and finance. Even though compliance can't be guaranteed, it's important to achieve consistency and confidence. A virtual team can stay on top of compliance issues with a specific eye on data policy. The team should be comprised of data practitioners such as database architects, software developers and business analysts who work directly with the governance program's data sources but don't report to a more formal compliance department. The team should continuously reevaluate legislation that relates to the governance program, identify where to improve or add new coverage to the program's policies and monitor the program for incidents, issues and progress. Good governance policies clear the pathway to compliance without creating obstacles to business operations. Taking compliance seriously as part of a governance program helps take some of the burden and anxiety off other employees. A hospital's database administrator, for example, would have a heavy responsibility to keep the company's systems running and stay abreast of new healthcare data-handling legislation.
3. Secure your data close to the source Security today is a specialized field. Threats are growing in sophistication. Protecting enterprise systems from external harm is a full-time job. Staying on top of access rules and permissions in a large, constantly changing business presents a real challenge. Collaboration is essential between the security and data governance teams. The governance team should ensure that policies about data access are applied as close to the source data as possible. Customer data, for example, can be created and maintained in a transactional system's database but analyzed and reported on from a data warehouse. The data is regularly extracted from the transactional system and loaded into the warehouse. If security and privacy rules are applied on the source system, unnecessary data is eliminated from the data warehouse and governance of the data in it is greatly simplified. Don't rely on client tools like business intelligence or data visualization platforms to apply security rules. By the time a BI user sees the data, it could have already passed through easily accessible, unsecured channels. Security for BI is a useful feature but should not be regarded as mission-critical.
5. Look for the secondary benefits of good data governance A well-governed system improves access to data and encourages efficient reuse of analytics and reports that have already been created. Policies define in advance what data is relevant and permissible to a role and can be provisioned with confidence. Poorly governed systems tend to create a stream of ad hoc requests for data access that are disruptive for IT and prone to error, including the compliance risk of over-provisioning permissions just to get the job done. Although better decisions aren't the direct goal of data governance, a decision grounded in well-governed data is likely to be more collaborative, better understood and more widely supported. Confidence in the process breeds confidence in the decision, especially if the policies have been crafted as a partnership among teams rather than assembled along departmental lines. A well-governed organization also improves collaboration among groups. Many CIOs complain about data silos in their company or data hoarding by departments and individuals. These problems are often caused by data owners being unsure if users outside their span of control will handle data responsibly. With the right governance policies in place, data owners should feel more comfortable sharing data.
An effective data governance program requires a continuous effort. New roles will emerge. Regulations will change. Determine what's needed to keep pace and adopt the necessary technologies and platforms. Repeatedly evaluate governance policies. An annual assessment makes sense at a minimum because a lot can change in one year. Other reviews will be ad hoc, for example, when a merger or acquisition brings new data, new people and new tools on board. Some sectors, such as financial services, may see frequent changes not only to data legislation, but also to rules concerning money laundering, sanctions, liquidity, credit and so on. A well-conceived and consistent review process can be an eye-opening exercise.
Important questions need to be raised, especially in large enterprises: Where does governance fit into the overall hierarchy? Does the governance team report to the CTO or CIO or perhaps to a CSO or chief compliance officer (CCO)? There can be many different configurations in a reporting hierarchy. Some haven't worked because the individuals didn't fit very well into their roles. Others worked because everyone was committed to the program's success. Since security and compliance are related to governance, a CSO or CCO may well end up managing a governance team. If not, then a data governance program should be managed by a CIO or CTO. Data governance is not a technology problem requiring a technical solution. Rather, it's more about people, processes and technologies working together, perhaps making the CIO the best fit. Data governance isn't an easy process, especially when you first get started. But business units, IT, customers and business partners will all benefit from a well-governed data infrastructure that adheres to these seven best practices.
