What is data governance?
Data governance is a concept within the discipline of data management that takes a holistic approach to an organization’s data and its lifecycle: data ingestion, data catalogs, retention, storage management, sharing, archiving, backup, recovery, loss prevention, removal and deletion.
Good governance fortifies a data management framework throughout the organization with a set of policies and procedures, as well as the personnel, that ensure data management:
- Aligns with business strategy.
- Promotes data-driven decisions.
- Protect business and personal data.
- Complies with data standards and regulations.
This guide will help you understand the applications of good governance for data, its components, and the roles and responsibilities within a governance system.
Data governance use cases
Centrally-managed but universally implemented governance processes for data help manage risk, meet regulatory requirements, and empower better data-driven business outcomes.
1) Risk management & data governance
Accelerating data flows and expanding attack surfaces place companies at constant risk of security breaches. Good governance can bring those risks under control.
Companies once managed their data entirely on-premises. Centralized systems delivered data to employees working on office computers behind secure perimeters.
Today, a company’s data and its users can be anywhere, thanks to the combination of cloud, mobile, and internet technologies. Critically, the threats to enterprise data are just as diffuse. Attacks can come anytime from any direction.
The immense financial, operational, and reputational consequences of a successful data breach are risks no organization can take lightly.
Governance identifies the flow of data, its value, and its sensitivity. In addition, governance defines who may access the data under what circumstances. These policies let the company optimize its cybersecurity resources.
2) Regulatory and compliance management
Closely aligned with cybersecurity, compliance management ensures the company meets the data protection expectations of industry standards and government regulations such as:
- System and Organization Controls (SOC) — documents how well service companies protect confidential customer data.
- Payment Card Industry Data Security Standard (PCI DSS) — required by credit card companies of any organization handling cardholder data.
- Health Insurance Portability and Accountability Act (HIPAA) — defines how healthcare organizations and their service providers protect patient information.
- General Data Protection Regulation (GDPR) — protects European Union residents’ personally identifiable information.
Strong governance policies ensure compliance with these and other applicable data security frameworks.
For example, HIPAA and other data privacy regulations impose stiff penalties when security breaches allow unauthorized access to protected data. However, those penalties do not apply when encryption renders stolen data inaccessible. Once the governance team defines which data requires encryption, these policies follow the data as it moves from one system to another. Keeping protected data encrypted wherever it goes helps the organization remain HIPAA-compliant.
3) Enabling data accessibility for the business
Business decisions depend on timely access to data. Access becomes even more critical with the trend toward data-driven cultures that decentralize decision-making. Despite its importance, data security taken too far will undermine data accessibility.
Data governance provides businesses with the framework and guidance to balance security and access. For instance, governance policies will define the conditions for granting access to data sources. These conditions may include:
- Data security classifications.
- User identity and role.
- Device ownership and security state.
- Device location and network connection.
With a consistent governance strategy, data customers can use self-service analytics tools to access the information they need, when they need it.
11 data governance framework pillars
To make the most of their data, enterprises require automation and consistency in data management that’s impossible without a shared frame of reference. These eleven elements contribute to an effective data governance best practices.
1. Data ownership and data stewards
Make sure to assign clear ownership and accountability throughout the organization. This ownership grants decision rights over data assets but comes with the responsibility to keep these assets accessible and interoperable.
2. Data quality
Quality decision-making depends on quality data. Governance policies throughout the data lifecycle set standards for keeping data accurate, complete, current, and consistent, from data integration to analysis.
3. Master data management
As businesses become more complex, they inevitably duplicate master data which risks drift in values over time. Governance policies reduce the burden of master data management by enforcing consistency between versions.
4. Data classification and metadata management
Governance creates classification, metadata, and data definition standards for use across the organization. This consistency enables data managers and users handle data more efficiently.
5. Access control
By defining the criteria for authorizing data access, governance provides a framework and workflows for applying access control consistently across business units.
6. Auditing
Governance performance metrics must be ready for outside inspection. Compliance audits not only examine whether a company manages its data correctly but how well its governance system enforces proper data management practices.
7. Data lineage
Data lineage solutions are essential tools that roadmap the provenance of all data the company manages, how that data flows across various systems, and any transformations applied to the data on its journey.
8. Data privacy
To ensure regulatory compliance, governance policies define what personally identifiable information (PII) the company may collect, its uses, when to dispose of PII, and who may access the data while in the company’s possession.
9. Data security
A strong security strategy establishes the company’s information security objectives and provide oversight of policy execution to guarantee that confidential, private, and sensitive data remains secure.
10. Data literacy
People in data-centric cultures need a shared understanding of data’s provenance, lineage, meaning, and value — called data literacy. This common ground eliminates debates about the numbers and speeds consensus-building.
11. Data accessibility and usability
Good governance programs and policies for data dissolve institutional barriers by holding data owners accountable for its accessibility and usability. By enabling richer data analysis, governance unlocks more value from the company’s data.
Data governance framework roles and responsibilities
Governance assigns responsibilities for how the organization manages and uses data, split between three stakeholders: those who create governance, those who execute governance, and those who use data.
Chief Data Officer or Chief Data Governance Officer
Effective governance requires an executive sponsor who owns the governance strategy and is held accountable for its execution. This Chief Data Governance Officer (CDGO) oversees everything around data, including governance initiatives, assigning ownership roles to individuals within the company. As the leader of the governance team, the CDGO works with data owners and their stewards to monitor governance performance.
Data owners and data stewardship
Data ownership belongs to the business leaders of the domains where datasets reside. They are accountable for their domain’s compliance with the company’s governance policies. Data owners (and stewards) are those responsible for the technical implementation and daily execution of these policies.
Data users
Governance policies extend beyond the core governance team to those using company data. Some policies focus on what users should and shouldn’t do, such as annual cybersecurity training requirements. However, governance’s ultimate purpose is to help data users derive business insights quickly.
Data governance vs. data enablement vs. data security
Organizationally, governance uses policy, ownership, and accountability to balance the competing interests of data enablement and data security. This defines the policies that protect data while guaranteeing authorized users have the high-quality data needed to support business decisions.
Data enablement
Data enablement helps the organization extract the most value from its data to support effective decision-making.
Data security
Data security protects data from unauthorized access to sensitive and critical data while making data more accessible to more users.
How data democratization balances governance tensions
Data-driven cultures depend on distributing data access as widely as possible while eliminating bottlenecks and reducing the influence of gatekeeping subject matter experts.
On the other hand, governance requires a degree of centralization that pulls authority from business domains.
Data leaders must balance this tension by remembering governance’s consistency and standardization serves a purpose: making the most data more useful to the most people. In this way, good governance drives data democratization and empowers smarter decisions at every level in the organization.
Governance takes on greater importance as data becomes more distributed. Data mesh and other decentralized models require federated governance strategies that enable users while ensuring compliance.
Moreover, Starburst’s speed to insight gives users easy SQL-based analytics tools and a single point of access to every data source in a safe and secure way. Get the free starter plan to see how Starburst’s data lake analytics platform can unleash the value and business intelligence in your data.