MenuMenu

  1. Home
  2. Data Education
  3. Data Columns
  4. Data Is Risky Business: Is Data Governance Failing? Or Are We Failing Data Governance?

Data Is Risky Business: Is Data Governance Failing? Or Are We Failing Data Governance?

In January, CDO Magazine carried an article by a consortium of authors including Dr. Tom Redman, John Ladley, Dr. Anne-Marie Smith, and others. The eye-catching headline: “Data Governance is failing — here’s why.” The article sets out the results of a Force Field Analysis study carried out by the authors to try and understand why, across the board, we continue to smack our heads against the bulkhead of progress on implementing the necessary changes in organization culture and approach to data that are actually needed to tackle the challenges of data debt, data quality, regulatory compliance, and the data-related aspects of environmental sustainability regulation and reporting. 

The eye-catching headline came with some gut-wrenching home truths about the current state of data governance. Not least the assertion that “there is growing skepticism about its value.” Nothing in the article should come as a surprise to a data management professional. And that, in part, is a key part of the problem. 

I recommend that before you read further here you pop over to CDO magazine and read the analysis in the article there.  On the assumption that you’ve either already read the piece or have just come back here from reading it, I’ll share my thoughts and insights. 

A Resonating Note, In the Face of Discord 

The title of the CDO magazine article resonated with me. It resonated because a little over two years ago, I participated in a panel at the Innovation Value Institute’s Summer Summit at Maynooth University on the topic “Data Governance Has Failed.” The panel format for that event involved each of the panelists making some opening remarks. I made some forthright comments about how, rather than data governance failing, we needed to ask how the educators of business leaders and influencers of policy were failing data governance. 

In doing so, I looked at the syllabus of my undergraduate degree and the modern equivalent to highlight how we had moved from teaching fundamental management concepts applicable to data to teaching commoditized skills that, in practice, could be taught in industry. Nearly 30 years ago, I studied quality systems theory, business statistics, and information management systems for business. My modern counterpart today is learning how to use Tableau. The foundational knowledge on which the use of tools can be built is subsumed into and is subservient to development of familiarity with the user interface of one of a myriad of tools that someone might be exposed to in the workplace. 

More recently, I have spent the last few months reviewing over two and a half thousand academic papers on data governance or topics that are “data governance adjacent” as part of my doctoral research. The hit rate for papers that are actually any good or reflect the real experience of data governance in the wild is depressingly low (less than 3%). I shudder to recall how many of the papers are simply literature reviews of other previously published papers. However, my research supports many of the points raised by Anne-Marie Smith and her co-authors in the CDO Magazine article, particularly with respect to the negative forces affecting data governance success. 

Misunderstanding and a Lack of Agreement on What Data Governance Is and Is Not 

In the academic literature, there is an acknowledged lack of consensus on what data governance is. Ignore for a moment defining what it is not. Almost every researcher who has discovered the topic in the last decade or so has decided to come up with their own definition. This is, in part, a symptom of the lack of industry consensus on a definition of data governance or a consensus on the attributes of what it means to govern data. 

It is compounded by the adoption of the term “data governance” by other related fields of practice and of academic study. “Data governance” has become synonymous in some areas of academic study and industry publication with the development of legislation, regulation, and standards setting out rules and common requirements for how data should be processed or put to use.  It is also still considered synonymous with or a sub-category of IT Governance in much of the academic literature. And let’s not forget our friends in records and information management and their offshoot of data governance. 

The emergence of “AI governance” as a new field in response to the rise of regulatory and other concerns with respect to the use and deployment of artificial intelligence is another symptom of this failure to establish consensus on what data governance is or is not. But much of what is required in regulation relating to AI is simply a specific application of data quality management, governance of data, and risk management. Articles 10 through 15 of the EU’s AI Act are a good example of this. (My personal opinion is that much of AI governance is just data governance wearing a Groucho Marx glasses and mustauche disguise.) 

So, what can we, as data management professionals do about this issue? 

  1. Let’s get clarity on the attributes of the thing we are labeling “data governance.” We are defining a management system that ensures the definition of, application of, and oversight of appropriate controls and safeguards over the creation, use, maintenance, and disposal of a class of asset. We are describing how people and processes are expected to behave in respect to data. But what does that actually mean? 
  2. Let’s recognize that there are (at least) three different levels of “data governance” we need to be thinking about and discussing: 
    • Governance of data as a macro policy issue — How does society want data to be governed, what are the social norms that are being reflected in legislation and regulation, and what does this mean in practical terms? 
    • Governance of data as an organization governance issue — If data is an asset, what are the responsibilities and accountabilities of individuals in the organization in relation to that asset? What are the internal moderators and modifiers of individual behavior we need to put in place to standardize conduct, ensure clarity of purpose, and support compliance with legal or fiduciary duties and obligations? 
    • Governance of data as an individual accountability and competence — What am I, as an individual, expected to be accountable for with respect to the data that I use to execute my functions in an organization? What skills and knowledge do I need to have? How do I find out what “good” looks like in how I do my job? 
  3. Let’s engage more with academia, either by supporting researchers, engaging in academic research, or participating in academic research programs. Bluntly: The cutting edge of academic research in this field is about five years behind industry practice because academia suffered the same “shiny object” syndrome as industry, albeit a few years earlier. The pragmatic reality is that academic research grants have tended to fund research into novel technologies like machine learning and AI rather than areas where we were researching less glamorous topics like data quality and data governance (although this has changed in recent years, at least in the EU). 
  4. Let’s eat our own dogfood a little as a profession and define, formally, a taxonomy of things that are governance applied to data, mapping the core genus and sub-species of this profession. 

People-Related Challenges 

The CDO Magazine article tells us that “successful data governance requires not only the right systems but also the right people.” But this is an area where both practitioner and academic thinking has a huge gap. While there is extensive discussion in academia and in practitioner literature about the need for people to lead on data and the importance of people performing data stewardship-type roles, there is nothing that has dug deeper to identify what we mean by “the right people.” In saying this, I need to clarify that there is a LOT written about the need to have certain roles or types of function to drive and lead change, and that there is a need to have certain types of stakeholder engagement.  

But how do we define what a “data governance person” is? What are the actual attributes of a successful data governance leader? Is there a difference between the attributes of a data governance leader who establishes the functions and structures and the attributes of the leader who sustains the function and ensures its resilience in the face of societal, regulatory, or organizational change? 

In my research, I have looked for any exploration of these topics in data governance. Over two thousand papers later, and a dozen or so books by leading practitioners, I have been able to identify none that actually ask these questions and provide any real answers. However, my research suggests that similar questions have arisen in other spheres where the practices and value proposition of a governance-type activity where being questioned. How the question gets answered will have profound implications for the professionalization of data governance and the framing of its value to organizations and society. 

So, what can we do as professionals? Three things spring to mind: 

  1. Think about which attributes and skills of people you see as important to driving data governance in an organization. Are they different from the skills and attributes of people who make that change resilient on a day-to-day basis? 
  2. Engage with professional bodies in data management and ask them what they are doing to help define the model for a “data governance” person’s ideal attributes and skills. 
  3. Think about how we, as a profession, can help improve the pathways for developing the “right people” to get involved with and engaged in data governance in our organizations or across our profession. 

Structural and Organisational Issues 

The authors of the CDO Magazine article highlight structural and organizational issues as key negative forces affecting data governance. To my mind, this is possibly the most significant issue. It’s also the one where we come full circle to the failings of practitioners and academia. 

In the academic literature, data governance is still largely presented as a sub-set of IT governance. This is fundamentally wrong from a practitioner perspective, but it is an error that continues to propagate because academics reference prior research and so the error persists. But this model infuses how the topic of data governance is referenced and taught in universities to the future business leaders, technology leaders, and data leaders in our organizations. 

In the organizations of today, however, we are dealing with business leadership and technology leadership for whom these topics simply did not exist when they were engaged in study before entering the workforce. Therefore, they operate within the mode of thinking and apply the mental models that were taught to them, or which have dominated the cultures of the organizations where they have cut their teeth and the roles they have had as they moved from entry-level to management functions to leadership roles. This is compounded by siloed approaches in organisations where there may be a cultural inability to “connect the dots” between different drivers for well-governed data and clarity on roles, responsibilities, and accountabilities in relation to data and its use. 

Our critical challenge is to identify ways to shift the understanding in these contexts so that the importance of data governance as an enabling business discipline is more clearly understood. 

So, what can data professionals do? Based on my personal experience, we can do more than we think! 

  1. Reach out to your local universities or colleges and offer to do a “practitioner view” guest lecture on data governance and what it is. Make sure you tell them it’s not an IT thing! 
  2. As a profession, we need to look at other fields where the professionalization of a discipline has helped diffuse the thinking and understanding of its importance and key functions across organization silos. Today, nobody questions the importance of financial accounting and controls in organizations, and the disciplines of project management are widely accepted and adopted. What did these functions do or experience that helped them become resilient and accepted “table stakes” disciplines in business? 

Navel Gazing No More 

A key lesson from the quality management revolution was that organizations that adopted the philosophy of quality rather than merely aping the form of quality management tended to have more sustainable success and more reliable outcomes. Today, Data Governance is equally blessed and cursed with an abundance of material that sets out rationales and models for doing data governance. We are also faced with a smorgasbord of regulation and legal obligations that require that data be governed. 

But as a profession, our thinking has stagnated with slavish adoption of models and approaches with all too often too little interrogation of the relevance of the approach to the specifics of the organization. In addition, our message has been drowned out by the cacophony of the “shiny object syndrome” that often affects organization leadership thinking (Generative AI being the latest trumpet blast in that symphony). 

We are, to borrow a line from the late British comedian Eric Morecambe, “playing all the right notes, just not necessarily in the right order.”1 

Data Governance is failing. We cannot sit on our laurels and fail Data Governance. 

1 Please watch this video – it’s a classic of 1970s British comedy with many teachable moments for data professionals. 

Share this post

Daragh O Brien

Daragh O Brien

Daragh O Brien is a data management consultant and educator based in Ireland. He’s the founder and managing director of Castlebridge. He also lectures on data protection and data governance at UCD Sutherland School of Law, the Smurfit Graduate School of Business, and at the Law Society of Ireland. He is a Fellow of the Irish Computer Society, a Fellow of Information Privacy with the IAPP, and has previously served on the boards of two international professional bodies. He also is a volunteer contributor to the Leaders’ Data Group (www.dataleaders.org) and a member of the Strategic Advisory Council to the School of Business in NUI Maynooth. He is the co-author of Ethical Data & Information Management: Concepts, Tools, and Methods, published in 2018 by Kogan Page, as well as contributing to works such as the DAMA DMBOK and other books on various data management topics.

scroll to top