An excerpt from Robert Smallwood’s upcoming book, Information Governance: Concepts, Strategies, & Best Practices, 2nd Edition (Wiley, 2019)
There has been a great deal of confusion around the term Information Governance (IG), and how it is distinct from data governance. Some books, articles, and blogs have compounded the confusion by offering a limited definition of IG, or sometimes offering a definition of IG which is just plain incorrect, often confusing it with data governance. Even so-called “experts” confuse the terms!
Data Governance expert Robert Seiner, author of the book Non-Invasive Data Governance, offers his definition of data governance, “Data governance is the execution and enforcement of authority over the definition, production and usage of data.”
Data governance involves processes and controls to ensure that data at the most basic level—raw data that the organization is gathering and inputting—is true and accurate, and unique (not redundant). It involves data cleansing (or data scrubbing) to strip out corrupted, inaccurate, or extraneous data and de-duplication, to eliminate redundant occurrences of data. It also usually involves implementing Master Data Management (MDM) software and methods, to ensure that applications are referencing a “single version of the truth.”
Data governance focuses on data quality “from the ground up” at the lowest or root level, so that subsequent reports, analyses and conclusions are based on clean, reliable, trusted data (or records) in database tables. Data governance is the most fundamental level at which to implement Information Governance. Data governance efforts seek to assure that formal management controls—systems, processes, and policies—are implemented to govern critical data assets to improve data quality and to avoid negative downstream effects of poor data. DG efforts also hold data stewards accountable.
IG is new, but Data Governance is also a newer, hybrid quality control discipline that includes elements of data quality, data management, IG policy development, business process improvement (BPI), and compliance and risk management.
Corporate governance is the highest level of governance in an organization and a key aspect of it is Information Governance (IG). According to the Sedona Conference, IG programs are about minimizing information risks and costs and maximizing information value. This is a compact way to convey the key aims of IG programs, and it is what should be emphasized when the merits of an IG program are discussed. The definition of IG can be distilled further. An even more succinct “elevator pitch” definition of IG is, “security, control, and optimization” of information.
IG processes are higher level than the details of data governance. The IG approach to governance focuses not on detailed data capture, stewardship, and quality processes, but rather, on controlling the information that is generated by IT, office systems, and external systems; that is, the output of IT. IG efforts seek to govern and control information assets to lower risk, ensure compliance with regulations, and to improve information quality and accessibility while implementing information security measures to protect and preserve information that has business value.
IG programs focus on breaking down traditional functional group “siloed” approaches, to maximize the value of information. Mature IG programs employ the principles of infonomics, to measure and monetize information. But these programs also must rely on robust, effective data governance programs to provide good, clean data so that calculations and analytics that are applied yield true and accurate results.