Chapter 1. What Is Data Governance?
Data isn’t just a commodity; it’s a capital asset. It drives businesses, creates value, and inspires new ventures. If your enterprise has conscientiously collected, ingested, stored, maintained, and used data, now is the time to attach value to it and make it work for you. If you govern it properly and instill confidence in its quality, your data can give your business a competitive advantage. This report will walk you through that process.
Like money, data must be treated with a serious dose of respect, and a project using data should generate value with a reasonable maintenance cost over time. Everyone needs to understand why data is so important to the business and how serious the consequences of a data breach can be. Instilling that understanding and respect requires a cultural shift that affects the entire enterprise. That’s the purpose of data governance, the discipline of creating and enforcing policies and standards to ensure that data is always treated with care and respect for safety and the law.
This report will help you understand what data governance is and why it’s crucial to your business.
This chapter looks at the basic ideas involved in data governance: what it is, who does it, and how it fits into an organization. You’ll learn why data must be treated and valued as an asset and what sets it apart from other kinds of assets. We’ll discuss the fundamental principles that underlie data governance. You’ll also come to understand why you need to think of data governance as an ongoing program that’s integrated into your company culture—not just a project that begins and ends.
In Chapter 2, we’ll use real-world examples to look at the business advantages of a well-run data governance program, including risk management, efficiency, and brand image. You’ll see how a culture of data governance can reduce your time to market, help you realize value faster, build confidence, and protect your brand.
Chapter 3 covers how a company’s data governance program evolves and matures over time. You’ll learn how to assess the maturity level of your data governance program (even if you don’t yet have a formal program!) and what’s involved in moving your program to the next level.
Data governance is often misunderstood; many people think of it as a bureaucratic obstacle or a hoop to jump through. Nothing could be further from the truth—in fact, data governance is crucial to reaching your business objectives. You can’t possibly understand the full value of your data without it. We’ll begin, then, with a look at data asset valuation.
Data Asset Valuation
Money has a life cycle, and the better you understand it, the better you can use it to increase value without increasing risk. In its simplest form, this life cycle describes how revenue is generated and how budgets are spent—in short, cash flow. Every enterprise knows that, which is why no one disputes the importance of accounting and oversight units. They manage cash flow, conduct audits, create budgets, optimize investments, and ensure that the principles of accounting are followed in every financial transaction, among other important functions.
Data asset valuation is the process of assigning economic value to data so that you can understand its worth just like you would real estate, machinery, or any other financial asset. However, there are a few important distinctions that set data apart from other kinds of assets. Briefly, these include the following:
-
Data can be reused indefinitely.
-
Maintaining data has a cost.
-
The more data you maintain, the higher your risk. (We’ll discuss this in Chapter 2.)
-
Data can be sold multiple times.
-
To acquire value from data, you need to use it; unused data is a cost until it is used to generate value.
Understanding that data has a life cycle, just like money does, is key to turning data into a competitive advantage.
The data life cycle is driven by two forces, shown in Figure 1-1: execution (or management) and oversight (or governance). It’s important to understand the difference. An enterprise data management (EDM) system’s functions include data risk management, data quality management, and metadata management. The enterprise’s data governance arm, by contrast, acts as a control body, overseeing and ensuring the effectiveness of the data management system.
These two forces are handled by separate organizations within the enterprise in order to maintain impartiality. (This is similar to the “separation of powers” in governments; you can think of governance as the judicial/legislative branch and management as the executive branch.) People often conflate the two because data governance is part of the data management framework, but they are different functions performed by different people. Together, they comprise the enterprise data management framework.
This structure is known as the Governance V, adapted from John Ladley and represented in Figure 1-1.1
Figure 1-1. The “Governance V”
Data governance can’t be separated from the enterprise itself—it has to become part of the culture of the organization. The resulting mindset embeds good data-management habits into every level of the organization, not just IT. An example of good habits might be setting up processes so that an administrative assistant who creates a new file is automatically prompted to add metadata tags and register the file in the appropriate catalog. The idea is to make the correct processes as routine and automatic as possible for every role.
Key Concepts
Data governance and data management come with a rich vocabulary. This report will focus on only the most essential terms and concepts, but for a deep dive, see the 2017 second edition of the Guide to the Data Management Body of Knowledge (DAMA-DMBOK2).2 The DAMA-DMBOK2 is published by DAMA International (formerly the Data Management Association). This important reference, created by DAMA’s ecosystem of experts, is the gold standard of the field, providing data-management and data-governance professionals with shared definitions of important concepts, activities, tasks, roles, and responsibilities. It’s important to have precise definitions because a common vocabulary is fundamental to aligning everyone across teams, units, and divisions on the most important responsibilities, priorities, and activities.
In addition to the DAMA-DMBOK2, I also recommend reading John Ladley’s Data Governance (Morgan Kaufmann, 2012) for an in-depth explanation of these concepts (as well as several useful tools).
Data Management
Data management is a global framework that organizations use to ensure that their data is under control. The need for data management accompanies data from its origins to all of its destinations.
DAMA’s data governance wheel (Figure 1-2) puts data governance at the center of its framework.3 Radiating out from it are the various pillars of data management. The purpose of data governance is to guarantee that each pillar is executed properly and that data is treated as an asset. I have added arrows to DAMA’s graphic to represent how the data governance body monitors each pillar.
Figure 1-2. A slightly modified version of DAMA International’s data governance wheel, which depicts all major components of the enterprise data management framework
Covering all of the pillars is outside the scope of this report (indeed, that’s the purview of the entire DMBOK), but I do want to place special emphasis on two of them: metadata management and data quality management.
Metadata is information about data, and metadata management incorporates information about how the data is used and the systems that store it. Metadata is the data used for data governance. Managing it conscientiously is an important part of implementing a sustainable and efficient data governance program that is woven into the very fabric of the business.
For an enterprise to consider its data as an asset with value, it must have great confidence in its quality. Creating that confidence requires significant work to ensure the data’s quality as well as to demonstrate to the rest of the organization that the data it relies on meets the standards defined by the data governance body. The processes and policies used to do this comprise data quality management.
Data governance can only be achieved through a cultural change that spans the whole organization, across functions, units, domains, and roles. This requires a holistic approach based on a set of principles.
Principles
At the core of any data governance program lies a set of values or principles. Just as a government’s constitution attempts to apply a set of principles to create rules, data governance programs apply these principles to set policies for data management across the enterprise. It’s important to understand that they are philosophical values, not tasks. They operate at a high level and are applied universally, across the board and across time.
DAMA’s starting point for this set of values is the Generally Accepted Information Principles (GAIP), which in turn is based on the Generally Accepted Accounting Principles practiced by accountants around the world.4
Let’s look at a few of those key principles, which need to be understood by everyone in an enterprise:
- Asset principle
Data needs to be treated and intuitively understood as one of the company’s capital assets, just like personnel, cash, hardware, or buildings. This is also called the content as asset principle.
- Value principle
-
Data contains value. The value of its usage, loss, or acquisition can be estimated and reported. This is also called the real value principle.
- Going concern principle
-
Data is critical for ongoing business management. It is alive and needs to be handled accordingly: as a continual part of the business, not as a project with an endpoint.
- Risk principle
-
Data is an asset that presents internal and external risks (to be clear: internal and external to the data itself, not to the company). Internal risks are related to the content itself; for example, it might become outdated or corrupted. External risks are associated with the data’s usage, such as being misused, stolen, or sold improperly (such as in the infamous Cambridge Analytica scandal). Because data usage must meet regulatory standards for protection—such as Basel II, Solvency II, or the EU’s General Data Protection Regulation (GDPR, covered later in this report)—misuses that violate these regulations also carry the risk of heavy legal penalties.
- Due diligence principle
-
Humans can introduce bias at different stages of data processing, as well as other kinds of risk. Every person and group in the enterprise, from entry-level employees to the very top, should take responsibility for reporting any risk or anticipated risk associated with data. Internal departments and/or the data governance body should confirm any reports and raise issues to the next level as appropriate, up to and including the relevant government agencies or committees.
- Quality principle
-
The quality of data should be monitored according to a high standard and the results reported up to the highest level. Even seemingly small quality issues can allow for incorrect interpretations, which can lead executives to make the wrong strategy decisions.
- Audit principle
-
Proper documentation of data content and usage, including its provenance, freshness, and treatment, must be reliably maintained so that it can be audited by an independent party.
- Accountability principle
-
Data has value not only for the organization managing it, but also (for personal data) for the individuals behind it. Therefore, throughout the data life cycle, specific people must be officially accountable for that data. This helps avoid problems stemming from data misuse.
- Liability principle
-
Any organization that manages data is liable for how it stores and uses that data and must do so ethically and in compliance with all relevant laws.
- Level of valuation principle
Data contributes to the enterprise’s goodwill valuation. Like any assets, the valuation varies over time and includes the cost of acquisition; unlike most other assets, data can be sold and resold more than once. (Think of this as a bit like selling a digital ebook file: unlike a physical book, it can be sold again and again without incurring additional production costs.) The possibility of multiple resale prices and kinds of revenue must be accounted for in any valuation.
It’s important to understand the difference between policies and standards, both of which put these principles into practice.
Data policies formalize principles, translating them into rules that guide how to implement data management. These rules mandate the use of standards, which outline measurable units of work or actionable tasks at a very granular level, which can also include how and when those tasks are performed and by whom. (If, like a national constitution, policies put principles to work, then standards function like laws—translating high-level rules into specific ones.)
Data processes are the procedures used to implement and maintain those data standards. Together, policies, standards, and processes form the operational model of a data governance program. The operational model outlines the roles and responsibilities involved.
Roles
Data governance can be organized and implemented in many different ways, with varying levels of hierarchy as well as potential roles. This section will focus on roles. Please note that a role is a function, not necessarily a job position; a role can be filled by a dedicated person, by a team, or by someone who also fills other roles. The only role we’ll discuss that is clearly a job is that of a chief data officer:
- Chief data officer (CDO)
-
The leadership position of CDO is, as Sunil Soares defines it, “the C-level executive with overall accountability for Enterprise Data Management.”5 The CDO reports to one or more other executives, such as the chief risk officer, chief information officer, or chief executive officer. They often set up a steering committee composed of leaders (such as vice presidents, product owners, and even vendors) to oversee the data governance program.
- Data owner
-
A data owner is generally a senior person in the company who is accountable for all management activities around a specific set of data, including quality, liability, and compliance. This role is outlined in the GAIP’s accountability principle. In most cases, data ownership is shared by several people and can be organized by data domain, business function, or other metrics.6
- Data stewards
-
Data stewards, as the name implies, take care of the data, carrying out the daily operations for which the data owner is responsible. Data stewardship can take several forms.
-
For example, a business data steward is generally a person with deep domain and context knowledge who understands how the data generates value for the organization. They manage how the data is used for business purposes and identify misuses.
-
A technical data steward ensures that information about the data itself is gathered and maintained and can be shared with others. They identify quality and process issues, such as sloppy entry procedures that lead to problems later, and go deep into the details to form descriptive knowledge about how the systems work.
-
An operational data steward operates at a more granular level, taking responsibility for the ingestion of data, fixing problems, and administration.
Summary
Now that you’ve learned the basic principles of data governance and the key roles involved, you’re no doubt noticing that this is a big undertaking. It can involve hiring, reassigning roles, training employees, reorganizing systems, documenting processes, and creating a shift in company culture. Why make such a serious investment? In the next chapter, you’ll learn just how much value data governance adds—and what kind of return on investment you can expect when you implement data governance and transform into a truly data-driven business.
1 John Ladley, Data Governance: How to Design, Deploy, and Sustain an Effective Data Governance Program (Waltham, MA: Morgan Kaufmann, 2012), 10.
2 DAMA International, DAMA-DMBOK: Data Management Body of Knowledge, 2nd ed. (Basking Ridge, NJ: Technics Publications, 2017).
3 Ibid., 35–39.
4 DAMA-DMBOK2, 78–79. See also John Ladley, Data Governance, 17; and Accounting.com, “What is GAAP?”.
5 Sunil Soares, The Chief Data Officer Handbook for Data Governance (Boise: MC Press, 2015), 6.
6 Jill Dyché and Analise Polsky, “5 Models for Data Stewardship”, SAS Institute.