The word “governance” sounds scary. It evokes excessive formality, slow decisions, and top-down directives. And while bad governance is all those things (and more), good governance is a differentiator. All organizations today collect, generate, and process lots of data. Data governance is the union of people, processes, policies, and technology to oversee data for a company.
Sometimes, you practice data governance because you’re subject to some standard or regulation that mandates certain parts of it. In this case, data governance is a minimum necessity to meet the standard and no more. While staying clear of legal or regulatory trouble is definitely smart business, I’m going to show you the broader benefits of data governance for your company. In this post, we’ll explore the three major benefits for your firm through improved data governance:
- Lower technology and compliance risk
- Smoother technology implementations
- Higher return on investment through standardization
Let’s start by reviewing the fundamentals of data governance.
Fundamentals of Data Governance
The “best” data governance program is tailored to the company and situation in question. That said, let’s review a basic data governance process for the sake of this post so that we’re all on the same page.
The central concept of the program is a data governance team. The IT, legal, and information departments assign representatives to data governance. Every appointed data owner is also a member. Data owners are accountable for some data within the enterprise, and every piece of data has an owner. Most importantly, IT is not the owner of any data.
Requests for new data are first presented to the data governance team for review. Next, the team discusses the need and reaches an agreement. Afterwards, IT implements the necessary system changes and maintains them over time alongside the data owner. Lastly, the business eliminates the process and IT removes the applications and data.
This sample process illustrates several key aspects of any data governance practice. First, there is a clear link between the company’s strategy and its data. Second, there is a clear owner assigned to the data who is accountable for it. Next, data is accepted only when there is agreement on its purpose and use. Lastly, the data is managed through its entire life cycle.
Let’s dive into the benefits of a data governance program.
Benefit #1: Lower Technology and Compliance Risk
Every piece of data you store exposes you to risk. Two of the most common risks are data exposure due to leakage or theft and compliance risk. For that reason, every piece must have business value or else the risk is too high. The first benefit of data governance is lowered risk through linking your company strategy to every piece of data you handle.
More Data = More Risk
Suppose an attacker posts sensitive information about your customers on the public internet. You’re collecting mostly data for your processes but some data “just because.” Do customers care about this distinction? Absolutely not. You put more data at risk of exposure simply because you had it. If you weren’t actually using the data in the first place, it’s even worse. You’ve added risk to your organization, but you’re getting no value from it. Don’t take a risk with no possible reward.
Some data puts you in scope for compliance. For example, credit card data puts you in scope for PCI-DSS, while data about European Union citizens puts you in scope for GDPR. All compliance comes with risk that you as a company must manage. Ideally, a company’s strategy justifies all exposure to compliance risk, and senior leadership ensures it’s managed properly. Otherwise, the company took a risk with no potential reward.
In a world without data governance, a business unit with a new process will go right to IT. IT tries to push back if there isn’t a clear business need but lacks sufficient authority and yields under time pressure. Also, the business unit forgets about legal and compliance entirely so the organization is blind to the risk added to it by the new process.
In our sample data governance process, the data owner has specific responsibilities within data governance. One is to represent their data on the data governance team. The second is to collaborate with IT, information security, legal, and compliance to implement and maintain it. Lastly, the data owner ensures the data is disposed of. The data governance program accounts for all key aspects of the data life cycle as needed to meet the company’s strategy.
Benefit #2: Smoother Technology Implementation
Here’s a situation you’ve probably seen before. A business unit has a great idea for a process and comes to IT to have it implemented. Then, information security gets looped in. Now, what was seen as a quick win gets bogged down in technical minutiae as no one agrees on how much security is needed. Ultimately the project is delivered late after a lot of heroics, and everyone thinks the other groups were unreasonable. Fortunately, there’s a better way. The second benefit to improving your data governance program is that technology implementations are smoother and the resulting system far more secure.
Don’t We All Want Security?
The above situation arises from a lack of shared context among the participants. Everyone wants the data to be secure, but they disagree about how and to what degree:
- The business doesn’t understand the security implications of some of its ideas.
- Development focuses on features more than security.
- Information security dictates policies based on its limited understanding of the data.
The sensitivity of the data dictates the security controls. Sensitive healthcare data requires far more safeguards than one’s summer reading list.
Now bring in data governance. First, the business unit goes to the data governance team to make a case for their process. This case includes all the elements they need in their process and the rationale. Next, IT and information security share their views on securing the data. The business unit may learn that the cost and effort to secure the data renders this process too expensive to be worthwhile. Development and information security make suggestions to minimize both security risk and the total cost of ownership of the solution. No matter what, everyone understands how and why each piece of data is protected.
Benefit #3: Higher Return on Investment Through Standardization
Lower risk and smoother implementations are well and good. But what’s the point if the data is still poor or if it costs too much? As I’m sure you’ve guessed, the return on investment is the third benefit of an improved data governance program. The return can be improved significantly by reducing effort in two areas:
- Spending less time reconciling duplicate data
- Spending less time cleaning poor-quality data
Less Data Duplication
Here’s a situation I’ve seen quite a few times. Two different business units need countries and regions, but the region assignments are different. Also, the desired fields are subtly different. Typically, the result is two mostly identical lists and confusion about which list to use at which time and for what purpose. Even worse, reports faceted by these two lists won’t match up. As a result, senior leaders and executives spend a lot of time reconciling these reports instead of analyzing them.
With data governance, the data owner for country data works with the business unit to understand their need. They could agree to use a single list as is, to augment the single list in certain ways, or that both lists need to exist for specific reasons. No matter what, data governance will cause an explicit discussion and decision to occur. The result will be a more common understanding of this data in the enterprise.
Better Data Quality
Data quality issues arise in two primary ways:
- Users enter free-form text with no constraints on form or structure. This makes the data virtually worthless over time.
- Processes generally constrain metadata, but there are a lot of exceptions. As a result, applications and reporting become more complex.
Data governance ensures that the purpose and use of each field is universally understood. In this way, the data in the system exactly reflects the process needs and is always clean for workflow activities, analysis, and reporting.
Firms that excel at data governance have an advantage over their peers. Through lower risk, smoother technology implementations, and improved return on investment, improving your data governance program will have meaningful impacts on your company’s ability to extract value from its data. Now that you’re sold on the benefits, here are two suggestions to help you take the next step. Data governance will establish your business strategy around data. But you’ll also need the right technical processes. Check out this post on data management to get started. Another important thing to keep in mind is that governance and security must go hand in hand. So check out this guide to learn how to integrate security into your data management program.
This post was written by Daniel Longest. With over a decade in the software field, Daniel has worked in basically every possible role, from tester to project manager to development manager to enterprise architect. He has deep technical experience in .NET and database application development. He’s passionate about how organizational design, engineering fundamentals, and continuous improvement can be united in modern software development.