6 best practices for good data governance

Why is good data governance so important? Consider what might result without it: data that’s poor in quality, difficult to use, lacking integrity, vulnerable to cybersecurity threats, inconsistent, and not always available to business users.

In other words, from a business standpoint there is almost no point in having data without data governance.

As defined by the Data Governance Institute, an organization that provides best practices and guidance in the discipline, “data governance is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.”

The digital transformations under way at so many organizations have rendered strong data governance even more vital for enterprises, because so much of business success depends on data being reliable, secure, and available to the right people at the right time.

Not surprisingly, demand for data governance products and services is on the rise. Research firm Markets and Markets estimates that the global data governance market will grow from $2.1 billion in 2020 to $5.7 billion by 2025, at a compound annual growth rate (CAGR) of 22% during the forecast period.

Factors such as the rapid growth in data volumes, rising regulatory and compliance mandates, and increasing business collaboration are expected to drive growth of the market, the report says. With the advent of a number of data privacy regulations by government entities around the world, it has become more important than ever to ensure that data within an organization is stored, used, and discarded appropriately, it says.

Also affecting the rise in demand for data governance is the increased adoption of DevOps for software development, the firm says. There is a strong correlation between DevOps adoption and the implementation of a data governance program, it notes.

By following some best practices, organizations can create an effective data governance program.

Identify critical data elements and treat data as a strategic resource

Not all data is equal in importance to the organization, and part of good data governance is knowing which aspects of the data infrastructure are most critical to the business.

“As you look across the domain, you’ll see that these critical elements touch dozens to hundreds of systems and applications,” says Jack McCarthy, CIO for the State of New Jersey–Judiciary. “These critical data elements are found throughout the system on multiple reports. By first identifying these key elements you can trace them to their source and identify the policies and procedures” that are applicable.

On a more foundational level, organizations need to grasp how significant information is to the success of the business. This can help create a culture that supports strong data governance, including at the highest levels of the organization.

“My experience is that data governance effectiveness flows from the enterprise being willing and able to embrace data as a critical strategic asset,” says Bill Balint, CIO at the Indiana University of Pennsylvania.

“Transforming raw data into information that can result in positive outcomes cannot be viewed as an afterthought,” Balint says.

Set policies and procedures for the entire data lifecycle

Data doesn’t exist in a single point in time. It’s created by a source, cleansed, updated, stored, analyzed, transmitted, backed up, deleted, and so on. There are potential touch points every step of the lifecycle, and governing the data well through the various stages requires having policies and procedures in place for each stage.

“Identify who is the owner [and] what system or person can change data throughout its lifecycle,” McCarthy says. This way organizations can provide audit trails and other data checkpoints to ensure a complete and thorough understanding of data elements, he adds.

A good example of the need for policies was when the N.J. judiciary was looking at running a risk assessment for criminal justice reform that eliminated bail in the state.

“As we looked to gather data and identify the key elements needed to automate the score of our assessment tool, we continued to move farther back into the lifecycle of an arrest,” McCarthy says. “We found that the necessary data existed not at the moment the warrant was filed with the court. The source of the data happened earlier as law enforcement completed fingerprint checks to identify a defendant. By tracing the data back to its source we were able to issue directives and policies with internal and external partners to ensure that key elements of the system we were building were available for our use, as well as other downstream partners.”

Involve business users in the governance process

Business users are typically among the biggest beneficiaries of good data governance, because it enables them to have high-quality, available data to help them do their jobs better. They should be involved in the governance process, if and when it makes sense.

“I like forming a user’s group with the data owners or their first lieutenants,” says Bryan Phillips, senior vice president of technology and CIO at packaging company Alpha Packaging. “I then like to give them some level of budget control over what is being worked on and prioritized.”

This tends to forge cooperation between various departments, promotes knowledge sharing, and can even create a little friendly competition, Phillips says. “You want this group to share in the sense of accomplishment. Data governance can be viewed as a negative when it’s not done right,” he adds.

Data owners are often the ones best suited to catalog their data, Phillips says. “No one knows the data better than them,” he says. “Use this group to identify where issues exist” and resolve them.

Don’t neglect master data management

Governance should include managing master data, the data about the business that provides context for all business transactions. Effective master data management can lead to greater consistency and accuracy of data.

“There must be [a strong] focus on standardization and/or cross-referencing of master data,” Phillips says. “This is often the area that is the most overlooked. Without it the data can become siloed with no way for cross-domain data to be related. It’s very important to get a master data group to own this” and work closely with business users.

Ideally the group responsible for master data management should be a business function that crosses multiple departments rather than part of IT, Phillips says.

Understand the value of information

​Data governance is almost a misnomer because it doesn’t necessarily reflect the real value of the insights gleaned from information.

“Information is the correlation of data that creates value for an organization,” says Marc Johnson, a senior advisor and virtual CIO at healthcare consulting firm Impact Advisors. This includes financial records, patient records, employee records, etc.

“Governance needs more than data classification,” Johnson says. “It needs information classification. Information classification indicates the value to the organization and subsequent impact if lost, stolen, or destroyed.” He cites an example of an employee emailing information from a corporate account to a private account.

“We had data loss prevention in place to block electronic protected health information from exfiltration,” Johnson says. “Had we not taken the step to classify [the] information, not just data, we would have blocked a chore task list. If we had not performed the additional due diligence, it could have resulted in tens of thousands of false positives within our systems, resulting in alert fatigue, excessive network traffic, and an unwarranted heightened alarm status in the security operations center.”

Data governance requires detailed due diligence to know who has access to what information and how valuable that information is to the organization, its customers, employees, partners, and others.

“If an organization does not go deep enough in the data governance process, they run the risk of overengineering or even under-engineering the protection, availability, and recovery of the foundation of their business — information,” Johnson says.

Don’t over-restrict data use

Given the competitive value of information resources and the significant security and privacy risks, IT executives might be inclined to sharply restrict how data is distributed and used. This can make governance seem like more of a negative than a positive practice in organizations — and ultimately discourage innovation.

Heavy restriction “leads to limiting value creation and inhibits business value,” says Brandon Jones, CIO at insurance provider Worldwide Assurance for Employees of Public Agencies (WAEPA). “This leads to resentment and lack of user adoption of enterprise technologies.”

WAEPA has built an integrated and comprehensive platform that aggregates data from disparate sources into one platform leveraging multiple visualizations based on the needs of business stakeholders, Jones says. Among the goals are improved accessibility, accuracy, and completeness of data to support more confident decision-making.

“Organizational leaders must continually evolve to the needs of the business, and in order to do that each stakeholder needs to be able to contribute” Jones says. They also need easy and secure access to information that’s pertinent to what they’re working on.

“The governance comes in to ensure that the right [problems are] being answered and how data is being used to inform decisions to address those same problems,” Jones says.