Browse Definitions :
Data lake governance: Benefits, challenges and getting started data catalog

Data governance vs. information governance: What's the difference?

Data governance and information governance provide specific benefits for organizations looking to improve how they handle data.

Data governance and information governance can help enterprises frame the technical and business discussions required to meet governance, risk management and compliance needs while increasing the value of operationalizing data.

Both terms include the word governance. Other aspects are implied in both disciplines, including risk management, compliance, efficiency, alignment and simplicity. As businesses become more digital, a thoughtful approach to addressing the lifecycle and workflows of data governance and information governance grows in importance.

The two disciplines approach related problems at different conceptual levels. Data governance focuses on various technical considerations of the data itself. Information governance focuses on the implications relating to the meaning of the data in relation to enterprise goals, business users, regulators, legal teams and customers.

What is data governance?

Effective data governance frames the technical discussion on collecting the information; appropriately naming, storing and tracking it; creating value from it; and protecting and deleting it. It is essential because it provides a way of framing conversations for automating the best practices for managing every step of the data lifecycle. This can help plan a data architecture that simplifies the handoff between these various processes while maintaining desired service levels.

Putting this into practice often requires a team effort spanning many different roles and areas of expertise. A chief data officer (CDO) may work with a variety of others to understand the requirements and intersection points of processes spanning a variety of data tools. Organizations can benefit from a clear data governance leader or committee who can oversee the entire process, identify gaps and improve the overall value.

Data collection requires input from business units to understand how data is collected by various business applications, SaaS applications, third-party data sources and others. The responsibilities of these roles can include the following:

  • Database analysts (DBA) and other data management professionals develop appropriate naming conventions and schemas to describe the data.
  • Data engineers help identify best practices to store and stage data across various databases, data warehouses, data lakes or long-term archives. They also help set up and manage master data management (MDM) tools to track data properties, data lineage and quality.
  • Data engineers and data scientists find ways to weave this data into various analytics tools, decision engines and business apps using the appropriate data science and machine learning tools.
  • Security and resilience experts create and vet the infrastructure and processes to protect the data from leaks, theft, corruption and ransomware.
  • A data protection officer (DPO) oversees best practices and tools to reliably delete information when no longer required or in response to a data elimination request.
data governance team
Several roles within a business contribute to a well-rounded data governance team.

What is information governance?

An information governance initiative focuses on what needs to be done to improve business results, manage risks and comply with regulations. Various high-level executive roles may lead information governance initiatives, including the chief information officer (CIO), chief information governance officer, chief counsel or DPO. Regardless of the specific title, information governance requires striking the appropriate balance between maintaining compliance with legal requirements and managing risks while making it easier for business teams to pursue new opportunities.

Information governance frames the business, legal and compliance discussions regarding the following questions:

  • What information needs to be collected in the first place?
  • What information needs to be managed in a special way?
  • Why can it create value for various business groups?
  • Why should be it destroyed?

Information governance teams need to start with a strong understanding of the various legal and regulatory requirements pertaining to their business and the changing business domains. This includes healthcare regulations like HIPAA, know your customer (KYC) regulations, financial reporting requirements, and new privacy-specific regulations like GDPR in Europe or CCPA in California. Furthermore, teams also need to keep track of various tax requirements.

These teams can coordinate the adoption of tools to automate various business processes that enforce good information governance. Examples include the following:

  • E-discovery tools automate legal discovery requests across structured and unstructured data sources.
  • Industry-specific records management tools enforce best practices.
  • Auditing tools track data, money and information flows for various reporting requirements.
  • Risk management tools help to identify, prioritize and track various risks.
  • Risk appetite statements set official policies on acceptable levels of risks and costs across the business.
  • Data loss prevention tools can help create policies for labeling and protecting personally identifiable information (PII).

How do data governance and information governance differ?

At a high level, data governance is one key component of broader information governance. However, in practice, data governance initiatives could conceivably cost more time, money and resources than the other combined aspects of information governance tools. That said, information governance considerations can help frame the overall requirements and best practices that can simplify overall data governance implementations.

Some of the essential differences between these domains include the following:

  • Data governance considers the data itself, while information governance considers how the meaning of data affects business value and compliance requirements
  • Data governance focuses on technical data infrastructure, while information governance focuses on business processes surrounding data and physical information
  • Common data governance tools include applications, databases, stream processing, MDM, security and disaster recovery. Common information governance roles include enterprise risk management, data loss prevention, tax tracking and auditing.

Companies in various industries are likely to address the distinctions between these two disciplines differently. Compliance-heavy industries like healthcare, banking and finance are the most likely to clearly and distinctly differentiate these different realms, particularly if they manage a large volume of physical paperwork or legally essential PDF documents. Other industries and startups may find it enough to maintain a single consolidated data governance practice that addresses both domains.

It is also worth noting that the distinctions between these disciplines are starting to blur, particularly as enterprises embrace more agile practices for operationalizing data through DataOps practices. These efforts incorporate input from business users, compliance and security teams earlier in the development and data product lifecycle.

Dig Deeper on Compliance, risk and governance

  • SD-WAN security

    SD-WAN security refers to the practices, protocols and technologies protecting data and resources transmitted across ...

  • net neutrality

    Net neutrality is the concept of an open, equal internet for everyone, regardless of content consumed or the device, application ...

  • network scanning

    Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network ...

  • virtual firewall

    A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (...

  • cloud penetration testing

    Cloud penetration testing is a tactic an organization uses to assess its cloud security effectiveness by attempting to evade its ...

  • cloud workload protection platform (CWPP)

    A cloud workload protection platform (CWPP) is a security tool designed to protect workloads that run on premises, in the cloud ...

  • Regulation SCI (Regulation Systems Compliance and Integrity)

    Regulation SCI (Regulation Systems Compliance and Integrity) is a set of rules adopted by the U.S. Securities and Exchange ...

  • strategic management

    Strategic management is the ongoing planning, monitoring, analysis and assessment of all necessities an organization needs to ...

  • IT budget

    IT budget is the amount of money spent on an organization's information technology systems and services. It includes compensation...

  • ADP Mobile Solutions

    ADP Mobile Solutions is a self-service mobile app that enables employees to access work records such as pay, schedules, timecards...

  • director of employee engagement

    Director of employee engagement is one of the job titles for a human resources (HR) manager who is responsible for an ...

  • digital HR

    Digital HR is the digital transformation of HR services and processes through the use of social, mobile, analytics and cloud (...

Customer Experience
  • chatbot

    A chatbot is a software or computer program that simulates human conversation or "chatter" through text or voice interactions.

  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.