Data is Risky Business: Data Literacy is Not Just About Shiny Toys

In this column I want to talk about data literacy, and not because it is the “buzzword de jour.” By “buzzword de jour” I mean “bandwagon people are hopping on as the latest fad without necessarily actually understanding the thing they are talking about.”

You know what I mean. We’ve seen this before with data quality, data governance, data ethics (a band wagon that is gaining both momentum and fragmentation as we speak) and, my personal favorite, Customer Relationship Management.

If you don’t know what I mean, please forgive me. I am long in the tooth in this profession and I see the wheel of Karma turning yet again in the industry.

A Chinese philosopher who is even older than me, Confucius, famously told us that “the beginning of knowledge is to call things by their proper name.” So, when we start talking about “data literacy,” it’s important that we break that down into a meaningful operational definition that actually reflects both data and literacy. Having looked at a number of the definitions that are out there with my colleagues in the Leader’s Data Group, I’m a little bit concerned. A lot of the definitions of “data literacy” are heavy on the data but not so hot on what it means to be literate in data.

Gartner, for example, talk about data literacy as “the ability to read, write, and communicate data in context, including an understanding of data sources and constructs, analytical methods and techniques applied, and the ability to describe the use case, the application and resulting value.[1]      

My ‘business-head’ response to that is: “Yawn!!”

Gartner (and others) are promoting the idea of teaching data as a second language to enable data driven businesses.

My ‘business-head’ response to that is to think about how I learned three languages in school from the age of four and I’m left scratching my head about what that actually means in the context of people in organizations doing work in information-related functions. I also think of the team I ran way back in my call center team leader days (a horrifying twenty-three years ago this summer) who I used to teach how to use Excel so they could produce reports. What does “data literate” mean in the context of the day to day interactions that people in organizations have on a day to day basis?

And why should the leadership of organizations give a rat’s ass about it?

Over the past two months I’ve had two incidents happen in client engagements and in my teaching activities that have brought home to me the importance of one perspective on data literacy in organizations.

In one incident, the Data Protection Officer in a client organization asked that we remove a logical data model we had produced describing the relationships between entities in a particular data processing activity because they thought it was a nonsensical diagram. We tried to explain what the diagram described and its importance to the risk assessment we were undertaking, but to no avail. Ultimately, we had to take the diagram out of the risk assessment and explain the findings in a different way.

The root cause for the issue was simple. A business-side manager from a legal background wasn’t able to understand the concepts of a conceptual representation of the relationships between data entities and couldn’t grasp how that was pertinent to assessing the risks associated to the proposed processing activities. We were effectively speaking French to someone who was used to thinking in English. The “literacy” issue here was that our client stakeholder didn’t able to read and understand the basic ‘visual grammar’ of a skill that information management professionals often take for granted.

For our client however, this represents an issue similar to when a traveler in a foreign country finds themselves stranded without an ability to read, speak, and understand some basic words in the local lingo. In that situation, our traveler finds themselves either having to muddle through by trial and error (and, depending on where they are travelling, no little risk to their safety and their possessions), or they are depending on finding natives who can understand enough of our traveler’s language to translate and point them in the right direction.

One of the ways we try and address this type of language issue when we are travelling is by trying to learn some fundamentals of the language of the country we are travelling to. This brings me to the second incident. One of the academic courses on data protection I’m teaching includes an introduction to some basic data management concepts (e.g. definitions of data governance, metadata management, and other DMBOK disciplines).

Student feedback on the first few weeks included a comment that the language was “too technical.”  When I explored the issue further with the learners, it became clear that the issue wasn’t that these business-side people weren’t doing the things that we were describing and covering in the course, but rather they hadn’t been aware of the formal data management disciplines and terminology for basic data management concepts. The concern here is that the students on this course are, largely, data protection officers and other ‘business-side’ managers with responsibility for data.

Now, the good news is that this gap is the very reason that the content for this semester of the course I’m teaching was developed and based on the feedback received I’ll be making some tweaks to the syllabus and delivery to better align with the comprehension level of the class. And the issue raises another perspective of literacy – what level of competence or capability is required, expected, or needed for people when performing roles in relation to information-related processes? The risk that is posed by the focus on data literacy as an enabler for analytics or the use of technologies is that it misses the fact that not all staff in organizations will need those skills. However, they may require an understanding of basic nouns, adverbs, and grammar of the language of data so that they can effectively communicate with more “technical” colleagues on data-related issues.

The analogy I’ll draw here is this: My colleague Dr Katherine O’Keefe is an American with a PhD in Anglo-Irish literature from an Irish University. My sister-in-law is also an American, but she only has a master’s degree in Anglo-Irish literature from a different Irish University. The difference in their respective qualifications in Irish literature doesn’t actually affect their ability to engage in conversation with their friends, family, and work colleagues and to make themselves broadly understood. The level of ‘Hiberno-literacy’ required for them to understand and be understood on a day to day basis is different to the level they would need to have if engaging in discussions of textual analysis or development of themes of nationalism in the works of Oscar Wilde.

However, if I (a native Hiberno-literate) was to start trying to engage in a discussion of thematic analysis in Oscar Wilde, I know that I would have some basic skills and knowledge of what to do but I would not have the same depth of knowledge, terminology, or skills as either Katherine or my sister-in-law.

So, when we start talking about Data Literacy, we need to consider what we mean by this term, and we need to consider this in the context of those who we want to make “literate” and what level of “data fluency” they actually need.

After all, while it may be possible to lock a hundred monkeys in a room with a hundred typewriters and have them produce the works of William Shakespeare, we may need to remember to first teach the monkeys to type.

[1] Source:

Share this post

Daragh O Brien

Daragh O Brien

Daragh O Brien is a data management consultant and educator based in Ireland. He’s the founder and managing director of Castlebridge. He also lectures on data protection and data governance at UCD Sutherland School of Law, the Smurfit Graduate School of Business, and at the Law Society of Ireland. He is a Fellow of the Irish Computer Society, a Fellow of Information Privacy with the IAPP, and has previously served on the boards of two international professional bodies. He also is a volunteer contributor to the Leaders’ Data Group ( and a member of the Strategic Advisory Council to the School of Business in NUI Maynooth. He is the co-author of Ethical Data & Information Management: Concepts, Tools, and Methods, published in 2018 by Kogan Page, as well as contributing to works such as the DAMA DMBOK and other books on various data management topics.

scroll to top
We use technologies such as cookies to understand how you use our site and to provide a better user experience. This includes personalizing content, using analytics and improving site operations. We may share your information about your use of our site with third parties in accordance with our Privacy Policy. You can change your cookie settings as described here at any time, but parts of our site may not function correctly without them. By continuing to use our site, you agree that we can save cookies on your device, unless you have disabled cookies.
I Accept