Sergey Nivens - Fotolia
A data governance framework is critical to any organization that uses analytics as part of its decision-making process.
An organization's data governance framework is a documented set of guidelines designed to ensure the proper use of its data. Among the guidelines are policies related to data quality, security and privacy, and who has access to what data and who can do what with that data.
For example, while an end user might have access to an organization's sales figures, only its system administrators can work with that data and make any changes to reports or data models.
In addition, a data governance framework includes implementing the guidelines and making sure they're followed.
Without that framework, organizations risk noncompliance with government regulations and data breaches that could sacrifice an enterprise's competitive advantage or reveal private personal information.
"Data governance is, first and foremost, about addressing responsibilities and risks," said Doug Henschen, principal analyst at Constellation Research.
The risks for unregulated or lightly regulated organizations are less than those for organizations that operate in more highly regulated environments, but they're significant nonetheless, Henschen added.
For unregulated or lightly regulated organizations, the misuse of data or a data breach could result in a damaged reputation. For more highly regulated organizations, significant fines and jail time could result in addition to reputational damage.
Donald FarmerPrincipal, TreeHive Strategy
But there's another side to data governance as well: enabling the discovery of insights. Organizations that have strong data governance frameworks in place stand to reap the advantages of efficiency.
"When a system is well-governed, it actually becomes a capability," said Donald Farmer, principal at TreeHive Strategy. "You free people up to do new work because you know they're well governed. You can give them a degree of freedom."
Data needs rules around it. Everyone simply can't know everything contained within an organization's database.
Some of the most sensitive data that needs a governance framework in just about any organization is personal information.
Privacy laws vary from country to country, and within the United States from state to state. But in the U.S., there are some absolutes.
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, for example, regulates the use and disclosure of protected health information, including anything related to a patient's medical records or payment history.
Penalties for violating HIPAA can range anywhere from a $100 fine for an unknowing violation to a fine of $250,000 and 10 years in prison for offenses committed with the intent to use individually identifiable health information for personal gain, a commercial competitive advantage or to maliciously harm someone.
The Right to Financial Privacy Act, Fair Credit Reporting Act and Driver's Privacy Protection Act are other examples of national laws designed to protect people's private information. Meanwhile, even something as seemingly innocuous as customer data needs to be anonymized before it can be used.
Beyond ensuring adherence to privacy regulations, data governance frameworks need to address individual industry regulations.
Among those with strict regulations are banking, insurance, utilities and financial securities.
Meanwhile, organizations operating in just one state need only have data governance policies in place to deal with that state's privacy laws, but those operating in multiple states need to have more complex data governance frameworks that enable compliance from one state to another.
And in industries such as banking and insurance in which lending and underwriting decisions are part of the process, organizations can be audited and need to show those decisions aren't biased. It's through the policies and procedures they take with their data that they can show a lack of bias.
"Data governance serves as a key pillar to an effective data strategy by enabling organizations to define a set of principles that serve as a guide to how data should be managed across the business, which includes defining rules from both a corporate and regulatory standpoint around managing, accessing and sharing the data," said Mike Leone, senior analyst at Enterprise Strategy Group, a division of TechTarget.
Data related to compliance, however, isn't the only data that needs a governance framework.
Organizations are often in direct competition with others.
In many industries, enterprises race each other to release new and innovative features that will draw customers to them and away from their competition.
With mobile phones, for example, Apple and Google, which owns Android, are in direct competition. Both keep any data tied to updates fiercely private, and it's only when the updates are released to the public that the other learns what new features are included in the latest version.
"That data can present certain risks," said Igor Ikonnikov, research and advisory director in the data and analytics practice at Info-Tech Research Group. "If you have something that is strategically important, you don't want to make that data public. You want to keep the competitive advantage to yourself."
In addition, Ikonnikov continued, as more enterprises move past decision-making based solely on past business experience and adopt a data-driven decision-making philosophy, the data used to make those decisions should be kept internal.
"Data protection is also needed to sustain your own company," he said. "We're going past that era when major decisions in a company were made only based on someone's personal experience -- 'I know because I've done it this way.' You can't do things the way you used to, and to do that you need to look at your data coffers."
Good governance vs. bad governance
According to Ikonnikov, a good data governance framework addresses fear, pain and hope.
Fear is the compliance aspect. Pain is about optimization. Hope relates to creating opportunities. And when an organization's data framework effectively addresses all three, it can lead to significant efficiencies that result in both increased revenues and increased savings.
When it focuses on only one, however, it can prove to be a hindrance.
Ikonnikov compared good data governance versus bad data governance to a police officer amid a crowd. That officer could go on the attack and lash out in order to push the crowd in a single direction, or that officer could use the baton to direct traffic in an efficient way to help people get where they need to go.
"It's an enabling function," Ikonnikov said.
Similarly, Farmer said the difference between good data governance and bad data governance is a framework that isn't merely defensive but attempts to enable employees to work with data.
In a sense, he said, data governance can be like child-proofing a home.
By covering electrical outlets and sharp corners, children are protected from harm but otherwise left free to run around and play.
"Governance is a system of control, but governance is also a way of empowering people by giving them more freedom to be more curious," Farmer said. "It can enable them to be even more adventurous because they're in a well-governed environment."
That kind of enablement has perhaps never been more needed that now amid the ongoing pandemic. Industries such as hospitality and dining have been particularly hard hit with travel restricted and the number of patrons any establishment can serve at a time severely limited, making flexibility and efficient data-driven decision-making critical.
Those decisions don't happen in a vacuum, however.
They result from the entire analytics process, which includes properly managing data to ensure data quality and ultimately developing faith in the decisions made based on its information.
"There are carrots as well as sticks in practicing good data governance," Henschen said. "A firm with good data governance policies, procedures and practices is also more likely to have sound data-management, data-insight and data-monetization practices that benefit the organization."
Implementation and technology
When it comes to developing and implementing a data governance framework, it's generally a joint effort between IT personnel and executives that include chief data officers, chief compliance officers, chief security officers and chief financial officers.
"While the government may impose certain rules and regulations, it's not uncommon for organizations to develop their own internal policies depending on business units, use cases and data flows," Leone said. "IT may have been responsible early on, but the data governance roles of today likely fall outside of IT, with titles as high as chief data officer down to data stewards or data engineers."
Meanwhile, vendors offer tools designed to develop and administer data governance frameworks.
Among them are Alation, Collibra, IBM, Informatica and Tibco.
Collibra, for example, introduced the Data Intelligence Cloud at its user conference in June 2020, a SaaS platform that includes data governance, data catalog and data quality capabilities. Informatica, meanwhile, recently released its new Customer 360 platform as part of its Master Data Management technology. And Tibco's recent acquisition of IBI -- formerly Information Builders -- adds the data governance and data management capabilities IBI developed over more than four decades as an independent vendor.
In addition, traditional BI vendors are wading into data governance. Leading platforms such as Power BI, Qlik and Tableau, for example, provide governance features.
Which tools enterprises should rely on, and from which vendors, however, is a nuanced issue, according to Ikonnikov.
"What is good for one customer may not be good for another," he said.
Among the factors that play into which data governance tools might be right for a given organization are its size and the complexity of its operations. What's good for a medium-sized company may not be good for a larger enterprise, and what's good for a company operating in one state or one country may not be good for a multinational -- or multi-continental -- organization.
Farmer, meanwhile, cautioned that governance can go too far.
If a data governance framework is too restrictive, it can drive employees to use tools -- spreadsheets, in particular -- that aren't meant for advanced analytics and don't have the same built-in protections as more sophisticated platforms, thus risking data breaches.
"Many of examples of noncompliance problems in businesses have resulted because IT departments have put a set of governance controls in place that are so strict that they get in the way of people doing their work," Farmer said. "As a result, people who are just trying to do their job end up going into sets of tools that are difficult to govern."
Data governance, simply, is complex.
When done well, it's simultaneously restrictive and enabling. Striking that balance, though, is tricky. But when they do it properly, organizations effectively protect themselves from running afoul of regulations and position themselves to grow.
"Data governance done right allows organizations to keep up with a continuous stream of data, follow regulatory requirements using industry-specific compliance tools, and accelerate master data management adoption and information integration," Leone said. "With high-quality data, organizations improve the accuracy of their insights [and] reduce risk."