As a frequent reviewer of data and strategy books, I am always interested in understanding authors’ perspectives on data governance. Two recent books have ideas that are worthy of data governance professionals: “Rewired” by Eric Lamarre, Kate Smaje, and Rodney W. Zemmel; and “Data Is Everybody’s Business” by Barbara H. Wixom, Cynthia M. Beath, and Leslie Owens. Let’s look first at what each says about data governance and then draw out some conclusions for data governance professionals. With this, I will then pepper in some final thoughts.
The authors of “Rewired,” published June 20, 2023, look at data governance from the lens of producing data that has value to the business. They claim that 70% of data development efforts involve wrangling and harmonizing data. Put simply, they suggest the goal of offensive data governance is to “create clean, relevant, and available data for better decision-making and better data-enabled solutions.”
Smartly, the authors say data leaders should start by identifying the data needed to deliver required digital solutions and use cases. With this accomplished, it is critical to access data readiness. The authors call this process “interrogating data.” In this process, they suggest data governance professionals set a target data accuracy rate. With this in hand, they say to measure the quality of data and report performance against predefined data quality rules. They believe as well that organizations should break their data into data products — a data mesh concept — but enable a data platform that creates data team agility.
A key element of this is organizing to get the most from data. In this process, “getting data governance and the operating model right is absolutely pivotal to becoming a data-intensive enterprise.” They continue by saying that “data governance is an essential function that allows enterprises to accelerate innovation confidently while ensuring data is reusable and meets relevant risk and regulatory requirements.” The authors claim that offensive “data governance establishes robust definitions for data, monitors and improves data quality, and helps focus efforts where there are the biggest data issues.”
For the authors, defensive data governance is about managing risk and building digital trust. For them, “digital trust is about establishing confidence that an organization protects consumer data, enacts effective cybersecurity, offers trustworthy AI-powered products and services, and provides transparency around AI and data usage.” How many of you are thinking about model governance as a part of your data governance charter?
To succeed, the authors say smart organizations identify the risks, classify them in a risk taxonomy, and score them based on what the impact would be if they did happen. Comprehensive digital trust policies address the use of data, analytics, and technology, and provide “a North Star for the organization.” These should be broader than traditional data policy, and address topics such as the use and handling of personal data, guardrails for the use of technology, and the fairness of code-based models.
The authors go on to suggest organizations build three operational data capabilities. The first embeds data control functions in data product teams. As a part of this, it is critical that legal, governance, quality assurance, and other risk experts not operate in silos. Second, the authors suggest that organizations create an overarching enterprise lead for digital trust. I think this should be the data governance leader. And, finally, they suggest that it is time for automation of risk controls: “Automating trust is the process of turning trust policies into code. This approach radically speeds up development and deployment and cuts back on risk.”
With these things accomplished, the authors suggest that data governance professionals raise awareness for the data governance program. Everyone in the organization is responsible for digital trust. This means building a culture of responsibility. The key to doing this is the trust message must come from the top. And with this, training is essential.
Data Is Everybody’s Business
The authors of “Data Is Everybody’s Business,” published Sept. 26, 2023, believe that everyone is a data practitioner. At the same time, they suggest that the raison d’être for data efforts is to “turn data into money.” In the book, the authors share how to create and realize value from data.
Where this has been determined, the authors suggest organizations establish five data practices. Two of these directly relate to data governance: data management and acceptable data use. Data management starts with master data. Here, the authors discuss the importance of producing reusable data assets including automated data quality processes, identifying data sources and flows, creating standard definitions of priority organizational data fields, and establishing metadata for those fields. They also discuss the notion of curating data. This involves the use of a taxonomy and ontology. Here, they assert the importance of depicting data and its relationships in a way that is accessible to users.
For defensive data governance, they talk about the importance of practices that address regulatory and ethical concerns regarding data asset use by and about employees, partners, and customers. As a goal, this function is about mitigating the risk of using data assets inaccurately, undesirably, or in ways that are not contractually or legally allowable. Key functions here are ensuring acceptable use of data by establishing data ownership and training employees about laws, regulations, and organizational policies. This includes practices that ensure appropriate use of data by partners.
Doing this right involves establishing clear agreements about the appropriate use of data by partners and auditing partner data use. And finally, it looks at automation. “Automation allows customers to self-manage their data beginning with establishing policies regarding customers control of data.”
Takeaways for Data Governance Professionals
- Establishing a data monetization strategy within a data initiative means data governance will likely have stronger organizational support.
- There are clear offensive and defensive data governance strategies, and these should tie back to the data monetization strategy and the value generated.
- Naming matters. Calling offensive functions of data governance “data readiness” may prove more business-friendly and receptive.
- As a part of data readiness, data governance leaders should work with the business to define minimum data quality levels. This should, clearly, be a point of alignment with business stakeholders.
- With defensive data governance, consider calling this “digital trust.” Business users get the concept of digital trust, especially with the emergence of generative AI.
- In building a data culture, data governance professionals should make sure they get the right people to support the data initiative.
- As part of a data initiative, data governance leaders should put together a complete set of tasks for data readiness. What’s more, they should determine with the business the acceptable uses of data.
- Data governance professionals should work with vendors to establish out-of-the-box policy templates and integration between policies and controls. The notion of policy as code is something we should all aim for.
It is time for a golden age of data governance. In the past, data governance was top-down and forced and sometimes not tied to a specific business initiative. Today, data governance should be built into data initiatives. It should be part of delivering the value proposition for data. The “Data Is Everybody’s Business” authors suggest a key way forward here. In other words, data initiatives need to have explicit monetization plans and business objectives. With this, everything should become easier, including data governance driving data readiness and digital trust.
Image used under license from Shutterstock.com