Getting a handle on data governance

Data governance is probably not the topic you enthusiastically bring up at dinner parties. Even alone, ‘data’ and ‘governance’ seem like pretty bland subjects to care a great deal about (unless you’re a data guru), let alone when smushed together. Nevertheless, the term is one you probably know you’re meant to care about. 

Depending on your organisation’s data maturity, the term might be one that leadership and execs have on a risk register to take a look at each quarter, or one that the board might periodically ask a question or two about. At the top end of the scale, you might even have, or be thinking about employing, a Chief Data Officer.

Regardless of where you’re at when it comes to data, one thing is for sure – its importance, and its governance, will only become more and more critical to your company’s future. The time to pay attention is now. 

How we got here

Ever since there have been computers,there has been computing data. In the early days of personal computers, the amount of data admittedly wasn’t very great. As office needs grew so did server rooms, but as the internet and cloud computing have taken hold, and the COVID-19 pandemic has pushed businesses towards digital transformation, the amount and spread of data being generated and used by the average organisation has skyrocketed. With organisational data residing on cloud infrastructure, it is also no longer within a business’ direct sphere of control, meaning trust in third party providers to keep data safe and secure is paramount.

Many businesses are now critically dependent on the timely exchange of data. From the day to day running of an increasingly dispersed organisation, to the emergence of technology such as artificial intelligence or digital twins that rely on immense amounts of it to fuel insights for strategic decision-making, data has become the lifeblood of digital organisations.

Data used to be a technology challenge (Do we have enough room for it? Can everyone access it?) but it is no longer one for the IT department alone. Thanks to big-picture events where data mismanagement has gone wrong (often with worldwide ramifications), such as the Global Financial Crisis (GFC), data – the ability to trust it and the risks associated with it – has become a board-level priority and executive concern.¹

Why data governance matters

It’s easy to point to something like the GFC and say ‘this is why data governance matters,’ but at such a scale, it’s an example that can make it difficult to conceptualise how governance issues might impact your business. On a practical level, here are some of the more common areas of data risk: 

• Poor quality – Data that is incomplete, obsolete, hidden or irrelevant can cause impared and reactive decision making. With conflicting information, and no one source of truth, it can be impossible to meet business objectives, and will likely mean that your business isn’t flexible or confident enough to run with opportunities or react appropriately to unexpected events. Bad data, when customer-facing or critical to business operations, can cause serious reputational issues. This is data debt.

• Emerging technology – Being a digital company, or going through a digital transformation, is no longer enough to pull ahead of your competitors. To make use of cutting-edge technologies – such as AI, machine learning, automation, digital twins and the like – data will be needed to feed in. But what data? Without the right data (which includes ethical and responsibly used data) then no matter what technology you invest in, you won’t get the most out of it.

• Cyber attack – Cyber attacks are on the rise and they nearly always intersect with data. On the one hand, an attack, be it of your core systems or through an unsecure third party link, can expose your data to the outside world, causing issues such as privacy breaches, commercial damage from confidential data exposure and, in the case of ransomware, severe reputational or financial damage. Cyber criminals are well aware of the value of your data.

• Regulations – Due to a series of large-scale data misappropriation, regulators have cracked down on ensuring that businesses are taking their data governance seriously. At state, federal and international levels there are an increasing number of privacy (for example, GDPR), financial, accessibility (eg. Consumer Data Rights) and industry-specific regulations that businesses need to be aware of – or pay increasing large penalties for falling foul of. 

• Data safety – Increasingly, data safety is at the forefront of customer’s minds when it comes to the brands they do business with. In general, consumers are willing to share their data if they are getting something commensurate in return, be that a fantastic experience, a good deal, assistance, convenience and so on. However, that trust is not always easy to gain and can be lost in an instant. Data use when it comes to customers needs to be transparent, efficient, anonymised when necessary and, crucially, understandable to the consumer. With more applications and ecosystems becoming available predicated on data sharing – such as through open banking or the Customer Data Right – your data must be thought of as their data and actioned as appropriate.

Four questions to get started

There are frameworks that can help you to implement data governance procedures and protocols in your organisation, such as the ‘five safes’ (people, initiatives, data, settings, outputs) and being proactive when it comes to data risk.² To start with, however, it can be as easy as asking yourself four questions:

1. What are the most critical outcomes for your organisation (digital transformation, customer satisfaction, brand/consumer trust etc)?

2. What data does/will your organisation depend on to achieve those outcomes?

3. Do you know where that data comes from? Is it correct? Is it trusted, appropriately permissioned and maintained?

4. If not, what proactive measures will you take to ensure that the data is fit for purpose (and not the cause of future strategic failure)?  

These questions are deceptively simple, but you’ll find that they will help to connect the dots on how its management is a critical risk function – particularly for executives and boards. These conversations will help not only to safeguard your data, but also to turn its risk from impediment to enablement.