What is a data governance policy?

Why is an effective data governance policy important?

The importance and benefits of a strong data governance program are becoming clearer as, since the start of the 20^th century -- and increasingly with each decade -- data has become one of every organization's most valuable assets. Data is now used routinely to drive tactical and strategic business decisions.

Data also now powers automation, machine learning and AI initiatives that can streamline and improve business processes. It enables the creation of new products and services. Manufacturers found they could use their product data to analyze performance and predict when scheduled maintenance will be needed at customer sites.

However, data is only a valuable asset if it meets an organization's needs, is accurate, and the organization uses it consistently. That creates a strategic imperative to govern data with a comprehensive policy. Such a policy helps establish a data governance framework that provides the following:

• Appropriate level of oversight of the organization's data assets based on their potential business value and business risks associated with them.
• Consistent, efficient, effective and ongoing management of data throughout the organization.
• Suitable security, privacy and access control levels for different data categories.

A successful policy helps ensure the data governance structure supports the organization's strategic vision for its data management and analytics programs, whether the main goal is driving new revenue, developing new products and services, fueling broader digital transformation or some other objective.

To support such goals, data governance policies include a data stewardship function for overseeing data sets and ensuring that governance rules and procedures are implemented. Governance policies can be aligned with ones for other corporate management processes, like business process management and enterprise risk management.

Types of data governance rules a policy should include

A data governance policy sets various types of data-related rules that cover different parts of the governance process. Common aspects include the following:

• Data quality and integrity. Data quality improvement is a top goal of most data governance programs, and clean, accurate data sets are perhaps the most visible sign of effective governance. The data governance policy should include procedures for managing data quality and integrity to prevent data errors, inconsistencies and to find and fix problems. It should detail data quality metrics for measuring the program's success.
• Data access. Policies here should ensure business and analytics users can access the data necessary to do their jobs but not other data, especially sensitive or proprietary information. The policy might include role-based access controls with different privileges for separate user groups. It might identify consequences users could face for accessing data without authorization.
• Data usage. Rules on appropriate and ethical data uses should ensure that data is used properly, in compliance with applicable data privacy laws. Customers should have confidence that their personal data will not be used in illegal or questionable ways. The policy often also lists penalties for users who violate the rules, ranging from loss of data access to disciplinary measures, termination and potential legal action.
• Data integration. These rules seek to create common data definitions and avoid or eliminate data silos. The twin goals: to make relevant data available to users across an organization and ensure that workers in different departments aren't using inconsistent data sets.
• Data security. The policy typically includes end-user responsibilities for helping to keep data secure; it might describe those in detail or point to the overall IT security policy. The policy commonly also incorporates internal data classification standards for categorizing data to govern security, as well as access and usage. Data sets might be classified as public, confidential or sensitive information.

How to develop a data governance policy

Beyond the business representatives on the data governance committee, the policy-making process should involve the following:

• Legal, compliance and risk management executives.
• IT and security leaders.
• The chief data officer -- or, if there is no CDO, the executive charged with overseeing enterprise data.

The group should help determine who is responsible for different data assets, the business risks associated with them, and the applicable regulatory compliance requirements. Once those assessments are done, the data governance committee should use the information in developing the data governance policy's rules and procedures.

The team responsible for creating a governance policy typically takes these steps:

1. Data asset inventory. Create an inventory of data assets, and then assess data usage, data quality and existing data management practices to identify issues a governance program could address.
2. Data governance business case. Use the inventory information to develop a data governance business case to secure executive support and program funding.
3. Data governance team. Name a data governance manager (ideally the CDO) and create a governance team. The team should include business unit level data stewards who monitor policy compliance at the department level. Other team members might include data architects and data quality professionals.
4. Data governance committee. This committee can supplement the data governance team and involve senior executives as well as representatives from all departments and business units.
5. Data governance program scope and goals. Within the committee, define the scope and overall goals of the program to help guide the policy process. Address the impact of data governance on information systems and information security. A key goal is to integrate data governance into the company culture.
6. Data governance program structure. Develop a formal program structure that delineates fully different governance roles and responsibilities.
7. Define standards and terminology. Work to create common data standards and definitions within the policy. Be sure to reference important standards and regulations, such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
8. Define performance metrics. To ensure the program achieves its goals, metrics should be defined that will track performance, addressing issues such as data quality and data literacy.
9. Write and review a draft policy. Share an initial draft of the policy with senior executives, the legal department and other parties for review.
10. Complete and distribute the finished policy. Revise the policy as needed and create communication and training plans for releasing the final document to all staff and launching the program.
11. Review and continuous improvement. Once the data governance policy is set, prepare a schedule for review and updates to ensure it is improved continuously.

Data governance policy structure and components

Organizations often structure data governance policies differently. While length and level of detail can vary, policies typically have these components:

• A statement of purpose covering overall goals for the program.
• A scope statement that outlines who the policy applies to and what kinds of data it covers.
• A set of specific objectives for improving data access, usage and management.
• A list of the positions and entities that will oversee different parts of the program and their responsibilities.
• The principles and rules at the heart of the policy.
• Definitions of standards and terms used for reference purposes.
• References and links to related internal policies and relevant regulations.

Data governance policy templates

Many organizations have posted their data governance policies online. Most of them are government agencies or academic institutions, but their policies can be models for a governance policy in a business. Templates for creating a data governance framework that are available from educational and professional organizations, such as the Data Governance Institute and DAMA International, can also help guide policy development. Some data governance software vendors also offer templates and methodologies for creating a governance framework.

Informa TechTarget offers a free ready-to-use template for preparing a data governance policy. Click here to obtain the template.