Organizations that have implemented Data Governance programs, or Information Governance, Data/Information Management or Records Management programs will be the first to tell you that these data disciplines are not easy to operationalize.
Data Management requires that the organization care for data as an asset. Managing data as an asset sounds pretty complicated.
Data Governance involves a change in organizational culture. Changing the way people across an organization behave requires a lot of work.
Records & Information Managers have a difficult time even getting people to understand how “records” differ from data. For the most part, getting the organization to focus more on the data than the shiny objects of analytical platforms, artificial intelligence, data lakes, systems and data resources that pump out the data is a complete change of focus.
Changes of focus are not easy. To top that off, your existing data messes may feel like an impossible obstacle to overcome. Anybody that tells you that these things are easy to address may have hit the ‘nog a little strong or are still buried under the snow that they experienced over the holidays.
Until now … Let me be the first person to tell you that governing data can be easy. At least the people aspects of it does not have to be difficult.
I define data governance as the “execution and enforcement of authority over the management of data.” This definition is worded strongly because governance, like government, is meant to imply control, supervision and leadership.
People react two ways to my definition. They love it (and adopt the definition as-is) or they leave it (worded too strongly). I use the word “authority” because, when it comes down to it, governing data is a “people following the rules thing”. Data Governance is all about affecting people’s data-related behavior. And to be honest, changing people’s behavior may not be as hard as it sounds.
Changing people’s behavior associated with governing data involves knowing and recording information about who-does-what with the data across the organization. That task, in itself, does not have to be as difficult.
And in fact, you don’t have to record this information for all data in the organization at once. The task of recording who-does-what with data can be time-consuming. Many organizations are beginning to govern their data by focusing on strategic data or data elements that are considered critical to the operations of the business or even a small part of the business. You don’t have to govern all of your data at once or at exactly the same time. That would not be easy.
Consider three popular reasons why organizations put Data Governance programs in place and the role that the change of people’s behavior plays in addressing their requirements.
Protection of Sensitive Information
The protection of sensitive information requires a lot of work. A sample list of the types of work includes:
- Knowing the various and specific rules associated with protecting data
- Classifying and recording the classification of your data
- Defining handling rules for data at rest and data in motion
- Making people aware of the rules and enforcing the rules
- Enabling technology to help people follow the rules
- Teaching people how to use the technology to follow the rules
This list, in itself, is a lot of work. But that does not mean that the governance work associated with the protection of sensitive information has to be difficult. Items 1-4 and 6 above are all people activities.
Leveraging someone, like your legal or risk management departments, to research and document the regulations, the classification, and the handling rules for the protection of data may be time-consuming, but these activities are not difficult. The interpretation of the rules and how to apply the rules across your organization may require some work, but there are resources that are available, and organizations that have crossed that bridge before you, to benefit from their experience.
Making people aware of the standards and rules for protecting sensitive data, and how to use technology to follow the rules, is also not difficult. Yes, these activities require planning, participation of your communications department, and the effort to inform everybody of how the rules must be followed is time consuming and requires resources dedicated to the craft of governance awareness. But the task is not difficult.
The enablement and deployment of the technology associated with data protection is likely the most difficult aspect of protecting sensitive data. Leveraging the tech knowledge, experience, existing technology, leading edge technology and managing the projects associated with the implementation of technology is difficult, specifically in the eyes of people that are not skilled in this discipline.
The dependence on Information Technology to deliver successful data protection solutions is critical to success. A good part of this dependence falls outside Data Governance’s control and, to be honest, is the responsibility of the CIO more than the CDO. The governance component, focusing on the people aspect of protecting sensitive data, can be rather easy. It just takes time and effort.
Improvement in the Quality and Value of Strategic Data
Improvement in the quality and value of strategic data through improved definition and understanding of that data, leading to improved outcomes from the use of that data, require a lot of work. A sample list of the types of work includes:
- Convening groups of the stakeholders and SMEs to focus on quality and value of strategic data.
- Identification of strategic and critical data that present opportunity for improvement.
- Inventory and location of where critical data exists across the enterprise.
- Documentation of data definition, usage and business rules associated with the strategic data.
- Agreement on standard data definition, production and usage rules for the critical data.
- Planning to adjust the application and decision support landscape to leverage new standard.
- Technology changes required to deploy the new standard.
- Education and training of people on the impact of the changes for strategic data.
Again, this list is a significant amount of work. However, the governance work associated with the improvement of data understanding does not have to be difficult. Items 1-6 and 8 above are all people activities. And as long as there is someone that has the formal accountability for guiding the people aspect of the effort, improved outcomes can be expected. It is not hard.
The above mentioned steps require resources and commitment. The first step toward improving the quality and value of data is to bring together a group or team of people that are formally focused on solving a problem. Formally focused means that the group has leadership support, is strategically selected, allowed the time to participate in the effort, and are provided guidance and follow a specific plan.
This team, a working team, bears the brunt of the responsibility for most of the steps leading to the improvements in data quality. These steps include the identification, inventory, documentation, agreement, planning, and education and training listed above. The only step provided where the working team is typically not responsible is the seventh step, which is focused on changes and adjustments to technology to address the opportunity.
This is not to discount the significance of that seventh step. This step is critical, and it can be said that the results of the previous six steps will be ineffective without the application and enablement of technology. Since steps 1-6 and 8 are all within governance management and control and require the participation of the “right” people at the “right” time, these steps become dependent on the effectiveness of the governance leaders and the team. Anything that we have control over becomes easier than something we don’t have control over.
Consistent Recognition and Mindfulness of Data
Consistent recognition and mindfulness of data including data leadership, data ownership, data stewardship and subject area expertise and authority can also take a lot of work. Some people describe this work as changing the culture of the organization to become a data-centric organization or completing a digital transformation. A sample list of the work includes (not numbered because they are not in a particular order):
- Gaining the support, sponsorship and understanding of Senior Leadership.
- Recognizing who has fiscal accountability and authority over specific data domains.
- Recognizing who defines, produces and uses the data across the enterprise.
- Recognizing who has the authority and responsibility for the value and effectiveness of data.
- Making everybody in the organization aware of the importance of governing data as an asset.
Getting people to be mindful of data and getting them to recognize that every action of defining, producing and using data has a consequence, is a major activity of a Data Governance program. The items on the list may be considered a lot of work but that does not mean that the work is difficult. And each of the actions listed above is a people-oriented task.
I mentioned in the previous two purposes for Data Governance that many, if not all, of the activities listed require commitment, resources and people’s time, to complete. And in this specific list of activities, they are not completed one-time. These actions are on-going and require continued commitment, resources and people’s time. Each activity listed above is a people-oriented activity and again, become the formal responsibility of whoever is guiding the governance ship.
Governance Made Easy?
Non-Invasive Data Governance, one of my favorite subjects, focuses on formalizing existing levels of accountability and responsibility before clubbing people over the head with a stick, telling them that their work has changed, their title has changed, and that life, as they know it, has gone away.
Fixing all of your data problems is not easy. In fact, it is near impossible to solve ALL of your data problems before other problems become apparent. Solving data problems require planning, resources, money and time. Several of these are in short-supply which makes the idea of perfect data nearly unattainable.
But that does not mean that Data Governance is not easy. Obviously Data Governance requires planning and resources … but the actions of governing the data itself do not have to be difficult. Staying non-invasive in your approach to data governance will make the discipline as easy as it can get.
Start and stay non-invasive my friends. Why make it hard on yourself?