Table Of Contents
Ensuring security and privacy are maintained as data moves in and out of an organization is paramount. With organizations engaging in data sharing and in some cases, implementing processes to glean insights from big data, it’s more important than ever to ensure that consistent and effective security is maintained with data, regardless of its source or where it ends up.
This is the mission of a data governance model. And in this short article, you will get clear definitions and examples of data governance models, how to set one up, and how to make sure it satisfies your organization’s needs.
A data governance model outlines an organization’s security and privacy processes and systems that apply to every aspect of data handling including the creation, storage, maintenance, and eventual disposal of data. The data governance model specifies access rights and facilitates a framework of accountability as data is created, has a value assigned to it, and moves internally within an organization as well as externally.
What Is a Data Governance Model?
A good data governance strategy should follow widely accepted data governance principles, or “pillars” to ensure not only effective data governance but also organization-wide acceptance:
- Transparency. Effective data governance starts with trust, and trust is built on transparency. An organization can gain buy-in with regards to data governance from employees and stakeholders much easier if they are clear about what data is collected, where and how it’s stored, how it’s expected to move through the organization and outside of it, and who can and cannot interact with it in different situations.
- Accountability. Building off of the idea of trust, accountability with data comes into play. An effective data governance strategy should outline who is responsible for data in every instance, including collection, storage, accessibility, security, and more. Accountability should go beyond the IT department and include every relevant stakeholder, which typically means department managers, supervisors, and other senior staff. These individuals should act as data stewards in that they are responsible for the data relevant to their department.
- Integrity. Effective data governance can’t happen without high-quality data. This means ensuring that good data catalog tools are used is a critical component. In addition, stakeholders should have an active role in discussing decisions surrounding data, and honesty and transparency should be prioritized.
- Collaboration. Like any security measure, it can’t be effective without collaboration. This means eliminating silos and ensuring that data stewards—along with anyone else who interacts with organizational data regularly—are communicating with each other and upholding the set-out data governance principles. The other part of this is democratizing access to data.
As a data fulfillment platform, Revelate makes it easy for relevant individuals to access data on demand while still enforcing data governance policies set out by your organization. Your fully customizable data web store makes finding relevant data sets easy. Plus, data is extracted, processed, prepared, and distributed once a fulfillment request is made, meaning that your data stays where it’s stored and isn’t stored on Revelate’s servers. Learn more about the Revelate data platform.
Steps to Implementing a Data Governance Strategy
Since every business deals with data of some variety, every business should have a data governance strategy. But there are several steps that need to be taken and best practices to observe in order to ensure clarity, consistency, and accuracy in terms of data governance.
1. Establish Data Governance Scope and Objectives
Determining the scope of your organization’s data governance requires a careful look at how your organization already deals with data, including the current state of data management efforts, and how data currently moves through the organization. This means consideration of the following:
| Data governance objective | Description |
| Data architecture | Like a blueprint showing the structure of a building, data architecture refers to how data is managed from collection to consumption—or in other words, the map showing how data flows through storage systems. Business needs should drive good data architecture and seamlessly work in conjunction with data models, which specifically outline how data should be captured and how it should be used in different contexts. Data architecture should also be flexible enough to accommodate changes in data-related business needs, including process improvements. |
| Data storage | If the data architecture is the blueprint outlining a building’s structure, then data storage refers to the building’s rooms. As data enters the organization or is created by individuals within it, that data needs to be stored in a standardized and consistent way so that it can be accessed properly. Standardized metadata, attributes, and data cataloging all contribute to effective data governance at the data storage layer. |
| Data security | Organizational data security should be influenced by regulatory requirements, as well as addressing specific challenges that the organization has in overall information management. A data governance strategy should have oversight to ensure that established rules are followed and that accountability can be tracked. |
| Data quality | Standards for data quality should be established and enforced through all areas of data management, from storage to transformation and finally distribution. |
2. Define and Implement Data Stewardship Programs
To ensure that data stewards are consistent across an organization in terms of understanding and acting on their responsibilities, defining and implementing a data stewardship program that can easily be followed is paramount.
To develop a data stewardship program, specifics should be set out about how data should be handled at each stage of the data lifecycle via operational procedures. This includes:
- Understanding where organizational data originates
- Establishing data quality thresholds
- Identifying critical data (data that organizations feel is essential to the success or needs to be retained to meet regulatory requirements)
- Creating and defining operational procedures to meet organizational requirements with data creation, collection, and storage
- Ensuring that standards are in place that allows effective communication between systems, programs, and applications in terms of data transfer and processing
- Metadata management standards
3. Progress on Data Standardization and Quality Goals
Standardization of data systems, policies, and procedures to aid in ensuring data quality is one of the fundamental goals of data governance. Setting out data governance policies and procedures to standardize how data is handled moving forward is one thing, but addressing current data needs to be done as well.
First, an organization should determine the most important areas of data focus, which is the data that is making the biggest impact on business decisions. This can mean:
- Focusing on critical data elements for the business, which could be based on a KPI, regulatory report, or a specific metric.
- Identifying the risks associated with specific poor-quality datasets and tackling the ones with the highest risk first.
In both cases, data governance supports collaboration to control data quality, including the policies, business rules, and needed resources. IT and regular business stakeholders should always be on the same page and working together to ensure that data quality throughout the organization remains intact.
4. Establish Master Data Management
Master data refers to core, non-transactional organizational data that can be used as a single source of truth. Specific characteristics of master data include:
- Less volatile data that doesn’t frequently change. For example, customer information such as name, phone number, and address is considered master data. Although this data does need to change occasionally, ensuring that it always remains correct as it’s used in different systems and processes is imperative.
- Data that’s complex with multiple variables, which is typical of larger datasets. In terms of customer information can become quite complex if an organization is dealing with multiple customers from a single company or a parent organization with multiple child companies. As a whole, it’s important that processes are in place to ensure that master data (such as customer data) remains up-to-date and accurate.
- Data that’s essential to decision-making including analytics and decisions relating to day-to-day operations. Customer data also falls into this category, as different parts of it could be used to influence decisions across the organization, from financial to sales and marketing.
- Data that’s non-transactional means it’s more static in nature. Transactional data is mainly financial, like orders, invoices, and payments, whereas non-transactional data, if we go back to our customer information example, would be things like website visits, demographics, industry, etc.
Effective master data management is essential to ensure that it remains accurate as it is used throughout the organization. Master data should be available in a centralized location, and any updates to it should be global to ensure uniformity. To support the overall theme of master data being a single source of truth, data architecture and models should be created under the lens of creating a single, shared reference point. Ensuring that different systems and applications synchronize master data updates effectively is another aspect that is extremely important to the effective management of master data.
5. Track Ongoing Performance Improvements
Your data governance strategy should be approached like a living document in the sense that it will continually be tweaked and adjusted over time, especially as business needs change and evolve.
Effective tracking of your data governance model should include the following considerations:
- Improvement in data quality scores in terms of data completeness, accuracy, and timeliness (relevance of data based on its age)
- Compliance with data management standards and processes, which should track adherence both at a high-level and granular level
- Reduction in risk events, which could include anything from reduced client loss or fewer flags or penalties from regulatory bodies
- Reduction in needing to fix data of poor quality, which could originate from within the organization or from an external source
To ensure that your data governance model remains effective over time, performance tracking should always be a priority. This way, issues can be identified before they become bigger than they are, and stakeholders like data stewards can always keep a close eye on data performance.
Revelate provides a suite of capabilities for data sharing and data commercialization for our customers to fully realize the value of their data. Harness the power of your data today!
Simplify Data Fulfillment with Revelate
Why Are Data Governance Frameworks a Key Challenge for Data & Analytics Leaders?
Implementing an effective data governance framework in an organization means that data quality will increase, better insights can be gleaned from datasets, and access to data can be democratized without sacrificing security or privacy.
But while data governance frameworks have a myriad of benefits, that doesn’t mean that their implementation doesn’t come with challenges that organizations have to overcome.
Conveying the Business Value of Data Governance
Conveying the value of implementing a data governance strategy, which often requires technology and resource investment, can be a challenge, especially if current solutions for fulfilling data orders and handling data movement appear to be working well enough.
Convincing the rest of the executive team of the importance of a data governance model requires breaking down the facts behind the following:
| Data governance value factor | Questions to ask |
| Quantifying the organization’s confidence in its data |
|
| The efficiency of data movement across the organization |
|
| How organizational data is classified and stored |
|
By answering these questions and getting a complete picture of the current situation with data in your organization, it will be easier to convey why a data governance framework is important to the executive team.
Dealing with Siloed Data
It’s easy for data to get siloed in different areas across an organization when there is a lack of data governance frameworks in place. Legacy systems hinder data movement across the organization’s digital ecosystem and make it difficult to share, organize, and update information. Using data governance tools isn’t exactly a magic bullet; siloed, stale, and disorganized data still needs active management that involves tracing data history, cataloging, and applying a granular security model so that it can be effectively incorporated into a data governance framework.
Getting buy-in for this process can be tricky, but the fact of the matter is that the longer that data that is unaccounted for or lives on legacy systems is left, the greater the risk to security for it increases over time.
Understanding Data Responsibility and Ownership
For many organizations, users think that IT has full ownership and responsibility of data. They are the first and last stop for data-related inquiries, fulfillment requests, and security or access issues. Data governance frameworks distribute data responsibility to the actual data owners (e.g., marketing would be responsible for data from ad campaigns, Google analytics, and email, while finance would be responsible for invoice, payment, and billing data) as well as the users (if you use organizational data you have a level of responsibility in keeping it secure) and finally data leaders, like data scientists, analysts, engineers, etc.
Sure, IT and other technical professionals in an organization have a higher level of responsibility with data handling compared to a typical user, but one of the points of data governance is to build a cultural understanding in an organization that everyone is responsible for data, and that it should be taken seriously.
One of the ways to convey responsibility with data management is by ensuring that businesspeople work alongside IT and data professionals to define data and data requirements and ensure that high-quality data is produced.
Outcomes of Ineffective Data and Analytics Governance
Being able to convey the risks and potential consequences of bad data governance is another essential part of gaining buy-in for the development of an effective data governance model. Perhaps one of the most effective ways to demonstrate this is through a real-world example.
A website called SafetyDetectives, a group of cybersecurity experts, privacy researchers, and technical product reviewers, is responsible for bringing the following story to light.
An organization called Securitas, based in Sweden is a huge multinational corporation that provides a full suite of security services and products for a variety of clients in different industries. Securitas employs over 350,00 people in 48 markets, serving around 150,000 clients worldwide. In 2020, they were worth over $369 million USD.
It’s important to note that Securitas has a strong presence in Colombia, with offices in several locations across the country. The security breach, which was a result of an open Amazon S3 bucket (the bucket was left completely accessible without any authentication procedures in place) resulted in the exposure of around 1.5 million files, and about 3TB of data.
The exposed data consisted of employee PII (personal information) and sensitive company data from at least four different airports in Colombia and Peru. The files contained pictures of ID cards, photos of employees, photos of planes and fueling lines, luggage being loaded and unloaded, and more. The photos also contained metadata, such as the device used to take the photo, location, time, and date.
The impact of the breach in terms of safety concerns isn’t completely understood, but it’s important to realize that a breach of this magnitude can result in a cascading effect from high-level to granular. Not only are the business outcomes of the organizations involved compromised, but also their employees and airline passengers. Leaked data, for instance, could be used for financial gain, to target individuals for fraud and scams, and much more.
From a financial perspective, the breach could cost Securitas hundreds of thousands of dollars in potential fines, as well as sanctions for data protection violations.
Aligning Enterprise Data Governance Strategy to Business Drivers
An enterprise data governance model can’t be effective if it isn’t aligned with the organization’s business objectives and goals. It should support the movement of data so that the relevant stakeholders can get access to the data they need to make informed business decisions or so that data sharing or data monetization opportunities can be fully utilized. Essentially, data governance should follow flexible data movement that works with an organization’s business objectives, not against them.
The data governance model should also be flexible. If business or security needs change, Data governance initiatives should be able to follow suit and be adjusted to match new requirements.
Data Governance Strategy Example Use Cases
1. Democratization of Data Access
Without an effective data governance model in place, it is likely difficult for stakeholders to gain access to the data they need, whether it’s organizational data or data from an external source. The typical scenario is that data governance would be handled entirely by the organization’s IT department, which means that the process of procurement and transfer of a dataset would always need a middleman.
But with a data governance model, access to data can be democratized while still ensuring that security measures are followed. For instance, if an employee receives a dataset from a data marketplace or web store, the organizational data governance model applies the appropriate checks and balances to ensure the security and safety of said dataset. When a stakeholder needs access to internal data, data governance outlines who owns a dataset (e.g., if financial data is needed, the stakeholder would contact the finance department) so that the stakeholder isn’t scrambling to find the data they need
2. Provide high-quality data to Machine Learning (ML) and Artificial Intelligence (AI)
With an effective data governance model in place, the quality of data within an organization, should increase. In addition, data that’s coming into the organization, whether that be through standard data sharing or data exchange networks or through big data streaming, a data governance model ensures that ML and Ai technologies, which are utilized in organizations for a wide variety of purposes, have access to high-quality data that increases their usefulness.
Conclusion
There is no doubt that as organizations utilize data more and more as the basis for making data-driven and unbiased business decisions, having an effective data governance model is paramount.
Part of an effective data governance model is keeping data secure. But what if you could democratize access to data without giving up control? With Revelate, you can provide datasets on demand to internal and external stakeholders while still ensuring that your data security remains rock-solid. Want to learn more? Book a demo today!
Simplify Data Fulfillment with Revelate
Revelate provides a suite of capabilities for data sharing and data commercialization for our customers to fully realize the value of their data. Harness the power of your data today!
Fully automated data fulfillment
With Revelate, prepare, package, and deliver data from anywhere to anyone to realize the full value of your data.
