Introduction to Data Governance

Data Governance is the discipline of treating data as an enterprise asset. It involves the exercise of decision rights to optimize, secure, and leverage data as an enterprise asset. It involves the orchestration of people, process, technology, and policy within an organization, to derive the optimal value from enterprise data. Data Governance plays a pivotal role in aligning the disparate, stovepiped, and often conflicting policies that cause data anomalies in the first place.

Much like in the early days of Customer Relationship Management (CRM), organizations are starting to appoint full-time or part-time owners of Data Governance. As with any emerging discipline, there are multiple definitions of Data Governance, but the market is starting to crystallize around the definition of treating data as an asset.

Traditional accounting rules do not allow companies to treat data as a financial asset on their balance sheets, unless it has been purchased from an external entity. Despite this conservative accounting treatment, enterprises now understand that their data should be treated as an asset similar to plant and equipment.

Treating data as a strategic enterprise asset implies that organizations need to build inventories of their existing data, just as they would for physical assets. The typical organization has an excessive amount of data about its customers, vendors, and products. The organization might not even know where all this data is located. This can pose challenges, especially in the case of personally identifiable information ([PII). Organizations need to secure business-critical data within their financial, Enterprise Resource Planning, and human resource applications from unauthorized changes, since this can affect the integrity of their financial reporting, as well as the quality and reliability of daily business decisions. They must also protect sensitive customer information such as credit card numbers and PII data, as well as intellectual property such as customer lists, product designs, and proprietary algorithms from both internal and external threats. Finally, organizations need to get the maximum value out of their data, driving initiatives such as improved risk management and customer-centricity.

Data is at once an organization's greatest source of value and its greatest source of risk. Poor data management often means poor business decisions and greater exposure to compliance violations and theft. For example, regulations such as Sarbanes-Oxley in the United States, the equivalent European Sarbanes-Oxley, and the Japanese Financial Instruments and Exchange Law (J-SOX) dictate a balance between restricted access and the appropriate use of data, as mandated by rules, policies, and regulations. On the other hand, the ability to leverage clean, trusted data can help organizations provide better service, drive customer loyalty, spend less effort complying with regulations and reporting, and increase innovation.

Organizations must also consider the business value of their unstructured data. This unstructured data, often referred to as content, needs to be governed just as structured data does.

A good example of unstructured data governance is setting records management policy. Many companies are required to maintain electronic and paper records for a given period of time. They need to produce these records quickly and cost-effectively during the legal discovery process. They also need to be in compliance with the established retention schedules for specific document types. Several organizations use the term "Information Governance" to define this program. Although we use the terms "data" and "information" interchangeably, we will stick with the more commonly used term "Data Governance" throughout this book.

Here are some benefits that organizations can derive by governing their data:

• Improve the level of trust that users have in reports

• Ensure consistency of data across multiple reports from different parts of the organization

• Ensure appropriate safeguards over corporate information to satisfy the demands of auditors and regulators

• Improve the level of customer insight to drive marketing initiatives

• Directly impact the three factors an organization most cares about: increasing revenue, lowering costs, and reducing risk

Founded in November 2004 by Steve Adler, the IBM® Data Governance Council is a leadership forum for practitioners such as Data Governance leaders, Information Governance leaders, chief data officers, enterprise data architects, chief information security officers, chief risk officers, chief compliance officers, and chief privacy officers. The council is concerned with issues related to how an organization can effectively govern data as an enterprise asset. It focuses on the relationships among information, business processes, and the value of information to the organization.

According to findings published by Adler for the IBM Data Governance Council in the whitepaper The IBM Data Governance Maturity Model: Building a Roadmap for Effective Data Governance, these are the top Data Governance challenges today:

• Inconsistent Data Governance can cause a disconnect between business goals and IT programs.

• Governance policies are not linked to structured requirements-gathering and reporting.

• Risks are not addressed from a lifecycle perspective with common data repositories, policies, standards, and calculation processes.

• Metadata and business glossaries are not used to bridge semantic differences across multiple applications in global enterprises.

• Few technologies exist today to assess data asset values that link security, privacy, and compliance.

• Controls and architectures are deployed before long-term consequences are modeled.

•...