Nine key steps you can take to govern data effectively are:
1. Recruit a strong executive sponsor. As in broader IG efforts, data governance (DG) requires cross-functional collaboration with a variety of stakeholders. To drive and facilitate this sometimes contentious conversation, a strong executive sponsor is required. This is not an easy task since executives generally do not want to deal with minutia at the data level. You must focus on the realizable business benefits of improved DG (i.e., specific applications that can assist in customer retention, revenue generation, and cost cutting).
2. Assess your current state. Survey the organization to see where the data repositories or silos of data are, what problems related to data exist, and where some opportunities to improve lie. Document where your DG program stands today and then map out your road to improvement in fundamental steps.
3. Set the ideal state vision and strategy. Create a realistic vision of where your organization wants to go in its data governance efforts, and clearly articulate the business benefits of getting there. Articulate a measurable impact. Track your progress with metrics and milestones.
4. Compute the value of your data. Try to put some hard numbers to it. Calculate some internal numbers on how much value data—good data—can add to specific business units. Apply some of the formulas for calculating the value of information presented in Doug Laney’s groundbreaking Infonomics book. Data is unlike other assets that you can see or touch (cash, buildings, equipment, etc.), and it changes daily, but it has real value.
5. Assess risks. What is the likelihood and potential cost of a data breach? A major breach? Are ransomware attacks on the rise in your industry? What factors come into play, and how might you combat these potential threats? Perform a risk assessment to rank and prioritize threats and assign probabilities to those threats so you may develop appropriate countermeasures.
6. Implement a going-forward strategy. It is a significantly greater task to try to improve DG across the enterprise for existing data, versus focusing on smaller business units, one at a time. Remember, you may be trying to fix years if not decades of bad behavior, mismanagement, and lack of governance. Taking an “incremental approach with an eye to the future” provides for a clean starting point and can substantially reduce the pain required to implement. A strategy where new data governance policies for handling data are implemented beginning on a certain future date is a proven best practice.
7. Assign accountability for data quality to business units, not IT. Typically, IT has had responsibility for data quality, yet the data generation is mostly not under that department’s control, since largely data is created out in the business units. A pointed effort must be made to push responsibility and ownership for data to data stewards in the business units that create and use the data.
8. Manage the change. Educate, educate, educate. People must be trained to understand why the DG program is being implemented and how it will benefit the business. The new policies represent a cultural change, and supportive program messages and training are required to make the shift.
9. Monitor your data governance program. See where shortfalls might be, and continue to fine-tune the program. From a risk management perspective, DG is a critical activity that supports decision makers and can mean the difference between retaining a customer and losing one, or even saving lives in healthcare settings.
Protecting your data is protecting the lifeblood of your business, and improving the quality of the data will improve decision making, foster compliance efforts, and yield competitive advantages.