I recently read a blog that mocked my statement that “everybody is a data steward” and explicitly negated the fact that “everyone who uses data should be a data steward.” I have to tell that blogger that they are wrong. Everyone who uses data IS a data steward if they are held formally accountable for how they use the data. And typically, that should be everybody in the organization. It’s all in the data.
Let’s say you have 100 people that have access to sensitive data. They must all protect that data. The government (and your customers) will not be happy if only 75% of those people are accountable for protecting the data. Everyone who uses sensitive data MUST protect that data. My experience tells me that you should consider these people to be data (usage) stewards.
Everybody is a data steward if they are held formally accountable for how they use the data. Actually, my basic premise (and a core tenet of Non-Invasive Data Governance) is that “everybody is a data steward if they are held formally accountable for how they define, produce and USE data.”
To hold somebody formally accountable requires that they know and understand the difference between healthy data-related behavior and unhealthy data-related behavior. And that means that somebody in the organization has to be held accountable for defining what healthy behavior means in terms of people’s daily relationships to the data. Practicing formal accountability also means that there must be repercussions for not following the letter of the healthy data law. That is what makes the accountability formal.
Chances are that you define data and/or produce data and/or use data as part of your job. If you are held accountable for that relationship to the data— you ARE a data steward. You cannot reject that notion; you ARE a Data Steward— but you don’t have to be called a Data Steward (it would be silly to change everybody’s title to Data Steward).
What about those people in your organization who define the data required for operations, analytics, customer satisfaction, and decision making? Are they being held accountable for the data they define and what does that even mean? Data definers are those people that are defining new (or putting definition to old) data that the organization requires in order to operate. Data definers are those people creating new systems or acquiring new packages or applications to benefit the organization.
Data definers should be accountable for considering that the data may already exist before defining new data. Data definers should accountable for making certain that the data is well-documented, meaning that the appropriate metadata and business rules are available about the data they defined. Data definers should also be responsible for data classification so the people can protect the data per the defined rules. People that define data are automatically Data Stewards when they are held formally accountable for the items I just mentioned.
What about those people in your organization who produce the data required for the reasons listed in the previous paragraph? Should they be held accountable for the data they produce and what does that mean? Data producers are the people on the front lines that are entering data into your systems. Data producers are people that acquire data from outside the organization to benefit them in their job function. Data producers are those people that combine, merge, select, and enhance data that already exists to form new data. Data producers are the people that populate the data that has been defined as being necessary to run the business.
Data producers should be accountable for understanding how the data they produce will be used by the organization. They should be accountable for the quality of the data they producer or enter into the packages or applications. Data producers should also be accountable for the data they bring into the organization from the outside including the quality, confidence and protection of that data. People that produce data are automatically Data Stewards when they are held formally accountable for the data they produce.
And last but not least— what about those people in your organization that use the data that is defined and produced by the people mentioned in the previous paragraphs? Are they being held accountable for the how they use the data they use, and what does that mean? Data users are people that have access to the data in your information systems and databases. Data users are people that have access to the data for reporting and analytical purposes. Data user are people that have access to reports, documents or the places that data resides.
Data users should be accountable for how they use data, who they share data with, and how they disseminate data within or outside the organization. Data users should be accountable for knowing the rules associated with how they can use the data, including protecting the data based on its classification. Data users should be accountable for sharing the rules with the people with whom they share data. People that use data are automatically Data Stewards when they are held formally accountable for the data they use.
There you have it. People that define, produce, and use data within your organization ARE Data Stewards based on their relationship to the data if they are held formally accountable for that relationship. These people should not be given the opportunity to decline being a Data Steward if their relationship to data indicates otherwise.
That would be like someone saying, “I know that there are specific rules associated with how I must use (or define or produce) the data – but I am not going to follow those rules.” You would not and should not allow people to go against the rules if you expect to stand up a successful Data Governance program. It’s all in the data.