Data governance is the set of policies, strategies and technologies that ensure data is used properly within an organization. These may be practices that enforce regulatory compliance and security best practices, but can also encompass general data handling procedures within an organization.
Forming data governance rules starts with defining goals, for example:
- Complying with laws for data collection, use, sharing, distribution or storage
- Protecting data assets from common threats, including theft, misuse, leaks and fraud
- Implementing best practices for data, for example, identifying authoritative data sources organization-wide
Once goals are established, the organization needs to define roles within data governance, such as who has ownership over data sources and data-based processes, and who is ultimately accountable for compliance with data governance principles.
Organizations can then define policies for ensuring that data governance principles are honored. For instance, data collection can be overseen to ensure it complies with regulations and internal company policies and can be used effectively. Flagging sensitive data for special handling is an example of how data governance may operate.
Data governance policies make decision-making easier. For example, a low-level employee discovering that sensitive data was mistakenly unmasked should know exactly who to report to and how to handle the incident.
Data governance involves technologies on several levels. An application that monitors data flow and flags possible rule violations provides an extra layer of oversight. Encryption tools are often used to protect data from unwanted access.
Organizations invest significant sums in data governance. These investments are a worthwhile hedge against the risk of even costlier consequences should data governance rules be violated. Violating regulatory laws or compromising sensitive customer data can carry a hefty financial penalty as well as negatively impact an organization’s public image.