Data governance vs. information governance: What's the difference?

What is data governance?

Effective data governance frames the technical discussion on collecting the information; appropriately naming, storing and tracking it; creating value from it; and protecting and deleting it. It is essential because it provides a way of framing conversations for automating the best practices for managing every step of the data lifecycle. This can help plan a data architecture that simplifies the handoff between these various processes while maintaining desired service levels.

Putting this into practice often requires a team effort spanning many different roles and areas of expertise. A chief data officer (CDO) may work with a variety of others to understand the requirements and intersection points of processes spanning a variety of data tools. Organizations can benefit from a clear data governance leader or committee who can oversee the entire process, identify gaps and improve the overall value.

Data collection requires input from business units to understand how data is collected by various business applications, SaaS applications, third-party data sources and others. The responsibilities of these roles can include the following:

• Database analysts (DBA) and other data management professionals develop appropriate naming conventions and schemas to describe the data.
• Data engineers help identify best practices to store and stage data across various databases, data warehouses, data lakes or long-term archives. They also help set up and manage master data management (MDM) tools to track data properties, data lineage and quality.
• Data engineers and data scientists find ways to weave this data into various analytics tools, decision engines and business apps using the appropriate data science and machine learning tools.
• Security and resilience experts create and vet the infrastructure and processes to protect the data from leaks, theft, corruption and ransomware.
• A data protection officer (DPO) oversees best practices and tools to reliably delete information when no longer required or in response to a data elimination request.

What is information governance?

An information governance initiative focuses on what needs to be done to improve business results, manage risks and comply with regulations. Various high-level executive roles may lead information governance initiatives, including the chief information officer (CIO), chief information governance officer, chief counsel or DPO. Regardless of the specific title, information governance requires striking the appropriate balance between maintaining compliance with legal requirements and managing risks while making it easier for business teams to pursue new opportunities.

Information governance frames the business, legal and compliance discussions regarding the following questions:

• What information needs to be collected in the first place?
• What information needs to be managed in a special way?
• Why can it create value for various business groups?
• Why should be it destroyed?

Information governance teams need to start with a strong understanding of the various legal and regulatory requirements pertaining to their business and the changing business domains. This includes healthcare regulations like HIPAA, know your customer (KYC) regulations, financial reporting requirements, and new privacy-specific regulations like GDPR in Europe or CCPA in California. Furthermore, teams also need to keep track of various tax requirements.

These teams can coordinate the adoption of tools to automate various business processes that enforce good information governance. Examples include the following:

• E-discovery tools automate legal discovery requests across structured and unstructured data sources.
• Industry-specific records management tools enforce best practices.
• Auditing tools track data, money and information flows for various reporting requirements.
• Risk management tools help to identify, prioritize and track various risks.
• Risk appetite statements set official policies on acceptable levels of risks and costs across the business.
• Data loss prevention tools can help create policies for labeling and protecting personally identifiable information (PII).

How do data governance and information governance differ?

At a high level, data governance is one key component of broader information governance. However, in practice, data governance initiatives could conceivably cost more time, money and resources than the other combined aspects of information governance tools. That said, information governance considerations can help frame the overall requirements and best practices that can simplify overall data governance implementations.

Some of the essential differences between these domains include the following:

• Data governance considers the data itself, while information governance considers how the meaning of data affects business value and compliance requirements
• Data governance focuses on technical data infrastructure, while information governance focuses on business processes surrounding data and physical information
• Common data governance tools include applications, databases, stream processing, MDM, security and disaster recovery. Common information governance roles include enterprise risk management, data loss prevention, tax tracking and auditing.

Companies in various industries are likely to address the distinctions between these two disciplines differently. Compliance-heavy industries like healthcare, banking and finance are the most likely to clearly and distinctly differentiate these different realms, particularly if they manage a large volume of physical paperwork or legally essential PDF documents. Other industries and startups may find it enough to maintain a single consolidated data governance practice that addresses both domains.

It is also worth noting that the distinctions between these disciplines are starting to blur, particularly as enterprises embrace more agile practices for operationalizing data through DataOps practices. These efforts incorporate input from business users, compliance and security teams earlier in the development and data product lifecycle.