Data is Risky Business: It Takes a Village to Raise a Datum

Since my last contribution to, two activities I’ve been involved in have made me think about what lies beneath the challenges we face in data today, what the root causes might be, and what routes to solutions might be needed.

On one hand, I was engaged by an international organisation to advise on the development of a regulatory strategy for AI and AI Ethics at a national level in a developing nation. This was a fascinating piece of forward looking work that required consideration of a variety of issues at a macro level with regard to how a country and region might need to think about data and its benefits and harms and what fundamental building blocks might be needed.

And all of this needed to reflect an ethical and cultural framing of issues that presented different perceptions of opportunity and risk than might dominate in the “Global North”.

On the other hand, I was invited by the Innovation Value Institute in NUI Maynooth to contribute to a panel discussion on “Why has Data Governance failed to deliver?”. This panel was part of the annual IVI symposium in the University, and I was asked to present a practitioner perspective on the question.

The regulatory strategy project involved extensive engagement with a range of stakeholders to help identify a roadmap of key actions and initiatives to help a country build a long term sustainable data capability that supported social good. There was also a very strong subtext in the mandate and in the input from indigenous stakeholders: after generations of colonial rule and loss of control of their natural resources, there was a recognition that data presented both an invaluable future industry and an invaluable social resource for the country and the region.

But it was essential that how that comes to be must represent the values and culture of the people and not simply substitute the yoke of a political colonisation for the yoke of an industrial or technological colonisation. There was an explicit recognition of the need to reflect regional and national ethical and cultural values in the development of not just data management and AI solutions, but in the development of the dialogue around such solutions and the evolution of regulation. The local experts and practitioners we interviewed, and the various surveys and studies that had been carried out by the sponsoring organisation, were clear that the slavish adoption of models of regulation and governance for data and AI developed elsewhere was something that was recognised, explicitly and implicitly, as something to be avoided.

I was fortunate that I also had two colleagues who, though not from the client country, were at least from the same geographical region. One of them is even doing a PhD on a topic closely related to the project. So, it was not a huge surprise when it became apparent from our interviews with stakeholders that the terms of reference for the project had fallen into the trap of assuming a homogenous ‘Ethic of Society’ which risked presenting an over-generalisation of a fundamental social and ethical construct in the region.

That over-generalisation in turn risked creating a barrier to acceptance of any recommendations or frameworks for the regulation of data and data ethics because it would become easy to dismiss it as another example of a colonial imposition of a crassly generalised view of the diverse cultural and social values across an entire region. We are all familiar with this issue at different levels: people will resist change that is being done to them or at them and not with them and for them, particularly when the vision for change is built on shaky foundations and faulty assumptions about culture and values.

In the end, the output of this project set out a roadmap for the development of a mature framework for the regulation of AI and AI Ethics in the country. The first part of which was an explicit statement that the framework was not simply for the regulation of AI and AI Ethics, but was actually needed to address data management broadly, with AI implementation as one specific application of data and data technology. After all, there can be as much of an ethical issue with the implementation of more traditional data processes. The key consideration from an ethical perspective must always be the impact on society and on individuals in society.

Other elements of the framework included an explicit recognition of a need to develop competences and capabilities for data management professionals and in areas of academia engaging in research in related fields including, but not limited to, computer science, law, and social sciences. But the framework also recognised the need to develop data competencies at a societal level so that people in society would better understand how technology works, how it can benefit them, and the nature of risks that can arise. This included the need to develop professional competencies in data as a business management discipline. Treating this as simply a “data issue” or a “legal issue” or a “technology issue” will result in sub-optimal outcomes, so the framework stresses the need for cross-functional action and cross-domain education.

In Ethical Data and Information Management, we set out a conceptual model for Ethical Information Management that included an explicit reference to the ‘Ethic of Society’ as a key factor in determining if the application of data and data management practices within organisations was considered ‘ethical’. For the ‘Ethic of Society’ to effectively evolve, it is essential that we invest in educating that society in data, data skills, and to develop the conceptual tools for people in that society to recognise, evaluate, and act on data-related risks and issues.

It takes a village to raise a datum. But it only takes one idiot to wield it in a harmful way!

Which brings me to the second activity that made me think.

The IVI panel topic “Why has Data Governance failed to deliver?” actually posed two questions that needed to be addressed. Firstly: Has data governance failed to deliver? Secondly: If so, why?

With respect to the first, I have to say the jury is out. Partly because we need to define what we mean by ‘failed to deliver’. If we define ‘failed to deliver’ as being a failure to deliver proper data quality management, good management and stewardship of metadata, and organisations that consistently meet their regulatory obligations and ethical expectations in respect of how data is obtained, processed, stored, shared, and generally put to use, then arguably yes, data governance has failed to deliver. But equally, that is arguably a failure against an over-generalised idealised target.

The answer to the second question, ‘Why?’, is one we urgently need to ponder, regardless of our view on the first question. Because it is only by answering this can we understand the root causes for the successes we have had, learn from the failures we have had, and seize the opportunities for the successes we might have.

In preparing my argument for the panel, I looked at the current syllabus for the business degree I took back in the 1990s. Back then, I took courses on quality management that laid out the theory and practice of quality management in manufacturing and service sector businesses. I took courses on information systems that included some fundamentals of data management and computer science as well as basic skills in databases, data modelling, and data analytics. I was perplexed to find that the current crop of students, who will be graduating into a data-driven and technology enabled workplace, did not have any exposure to quality systems, and their exposure to information systems seemed to have been distilled into learning how to use Tableau. The fundamental information science and information systems topics that were the backbone of a whole semester back in the dark ages seem to have been consigned to the CompSci department.

I had to fight the temptation to channel the spirit of Al Pacino in Scent of a Woman, when he berates the expensive boarding school that is seeking to discipline Chris O’Donnell’s character:

“Makers of men; creators of leaders; be careful what kind of leaders you are producin’ here!”

Hoo ha!

If data governance has failed, I would suggest it’s because we have failed to keep data management and data quality fundamentals on the agenda for our business leaders by failing to keep it on the agenda of how they are trained and created. We have failed to be careful of what kind of leaders we are creating, and instead have fallen into the trap of extolling the “data geek” as a technical skill set and prioritising the development of mechanical and operational skills in software over deeper fundamental concepts and cross-disciplinary thinking— qualities we need the workers and managers of today to have and the leaders of tomorrow to apply.

This is the same trap that the country I was working with in the first vignette was aware of not falling into, recognising that data-driven and data-related change was a social change and not just a technology project.

I thought back to my own career arc. The exposure to the work of Deming and Juran as an undergraduate meant that I immediately understood what English and Redman were telling us data people in the late 1990s and early 2000s. My exposure to fundamental information management concepts and practices helped me understand the data projects I was put in charge of. And the combined business, legal, and technology understanding I could bring to those projects has wound up with me here.

At the IVI Symposium, I made a strong case for the importance of these inter-disciplinary and cross-disciplinary learning opportunities at undergraduate and postgraduate level, and through continued professional education. I argued that data governance hasn’t failed, but academic education in data skills has failed data governance by putting it in the CompSci and technology skills bucket and taking the fundamentals off the menu for the leaders of tomorrow.

So, what does all this mean for data management professionals?

My three key thoughts (and this is something I am still pondering).

  1. We cannot define ‘data literacy’ too narrowly as simply being skills in tools and technologies. We must ensure that this is on the menu and agenda for education in business schools, social science, and other disciplines. That cross-functional and cross-cultural learning is essential to developing rounded data leaders.
  2. We need to be aware of our own conceptual biases and mental short-hand when defining and describing the problems and opportunities. Those biases can create a barrier to change.
  3. We need to be sensitive to the issues of ‘organisational colonialism’ where one ‘tribe’ or culture in an organisation (or indeed in a society) has dominated others. This is not a “business versus IT” discussion any more and we need to move beyond that framing to build a new information society, at the organisational and societal level.

To paraphrase Lt Col Frank Slade (retired):

“Now here’s the data professionals. They have come to a crossroads.”

It’s time to choose a path, a path made of principle. It takes a village to raise a datum. Hoo hah!

Share this post

Daragh O Brien

Daragh O Brien

Daragh O Brien is a data management consultant and educator based in Ireland. He’s the founder and managing director of Castlebridge. He also lectures on data protection and data governance at UCD Sutherland School of Law, the Smurfit Graduate School of Business, and at the Law Society of Ireland. He is a Fellow of the Irish Computer Society, a Fellow of Information Privacy with the IAPP, and has previously served on the boards of two international professional bodies. He also is a volunteer contributor to the Leaders’ Data Group ( and a member of the Strategic Advisory Council to the School of Business in NUI Maynooth. He is the co-author of Ethical Data & Information Management: Concepts, Tools, and Methods, published in 2018 by Kogan Page, as well as contributing to works such as the DAMA DMBOK and other books on various data management topics.

scroll to top