It is likely that sometime in your career you have heard - or said! - some variation of the phrase “The __________ is only as good as the data.”
Increasingly, our workplaces are data-driven or data-informed. We rely on data to support or refute the decisions we want to make. In the process, we collect, use and store massive amounts of data in file cabinets, hard drives and the cloud.
How do we deal with it? We need data governance to figure that out.
At its core, data governance is a set of rules and guidelines for how we deal with all the data, and how those rules are enforced.
Probably the most well-known form of data governance is the rules surrounding HIPPA compliance. The health care industry is required by government regulation to share health records with patients, to provide those records upon request, and also to protect the records from prying eyes.
However, data governance is not reliant on government regulation. The questions surrounding how data is collected, stored and shared should be answered by every organization that has data – and virtually every organization does. From customer, employee and/or donor records to inventory data, from proprietary documents to minutes of staff meetings, every organization creates data. Without it, business as usual would grind to a halt.
Data governance policies should consider the following questions:
Chances are, as you read the list of questions, you realized that some of them have already been discussed in your organization. Data governance is not a “one and done” situation. It is an ongoing series of discussions, policy creation and enforcement that works to keep your organization’s data accurate, accessible to those who need it, and secure from those who don’t.
Each organization needs to create its own set of policies for how to deal with data. Not only that, but different data sets may have different rules.
Consider the following scenario:
A manufacturing company maintains a list of all the different products it creates, including those currently in research and development.
In order to more closely manage those who have access to the premises, the same company uses a visitor management system. All visitors to the organization are required to sign in and, at that time, digitally sign the NDA if necessary. Thus, the visitor management system helps to enforce the data governance surrounding the products in development. However, the data in the visitor management system comes with its own set of questions.
It is up to the company to determine the data governance surrounding this data, but also to make sure any use of the data is in compliance with applicable regulations.
Having a data governance framework in place is essential for all organizations, especially those that deal with sensitive data. Why is it so important?
So what are the benefits of having good data governance in place?
It might seem easy to relegate the responsibility of data governance to your IT department. All this talk about databases, data sets and security seems to be firmly rooted in technology. They can handle it all, right? The truth is a lot more complicated.
While IT may be responsible for building the database, encrypting connections and otherwise securing data from outsiders, they have little to no control over how employees enter, use and/or abuse the data they have access to every day. IT might password protect areas of electronic storage so only authorized personnel can see the data, but are the authorized personnel following the rules?
Written documentation helps, but can only go so far. Every data set has different rules and different people working with it. Complicating matters, the different ways people need and want to use the data changes and evolves over time.
Data governance is as much a matter of company culture as it is black and white rules or regulations. IT can enforce some rules and regulations with security measures and required fields, but there is a lot of leeway even inside those fences to create bad data or share data inappropriately.
The fact is, data governance is an ongoing conversation between employees at all levels of your organization. Sometimes these discussions will be started at the top and work their way down, while in other situations it might actually be a bottom-up conversation. Regardless of where the initiative begins, the discussion needs to permeate every silo at every level.
These are murky waters and sometimes difficult conversations. Consider:
These types of situations occur every day within all kinds of organizations. Every employee needs to recognize and report bad data and inappropriate usage. Rules might be set at the top, but mistakes and misuse can happen at every level.
Data governance might feel like a minefield, and in a way it is. But it is a minefield that is navigable as long as there is open conversation and communication among the stakeholders of your organization. Given the sheer number of data sets present in any organization, it is highly unlikely you or anyone else will know all the rules. But a few basics can go a long way:
These guidelines can be the start of the conversations needed to create internal rules around specific data sets. Putting it all together and keeping the conversation going can help your organization preserve the integrity of the data and the people who use it.