Categories
erwin Expert Blog

Five Pillars of Data Governance Readiness: Team Resources

The Facebook scandal has highlighted the need for organizations to understand and apply the five pillars of data governance readiness.

All eyes were on Mark Zuckerberg this week as he testified before the U.S. Senate and Congress on Facebook’s recent data drama.

A statement from Facebook indicates that the data snare was created due to permission settings leveraged by the Facebook-linked third-party app ‘thisisyourdigitallife.’

Although the method used by Cambridge Analytica to amass personal data from 87 million Facebook users didn’t constitute a “data breach,” it’s still a major data governance (DG) issue that is now creating more than a headache for the company.

The #DeleteFacebook movement is gaining momentum, not to mention the company’s stock dip.

With Facebook’s DG woes a mainstay in global news cycles, and the General Data Protection Regulation’s (GDPR) implementation just around the corner, organizations need to get DG-ready.

During the past few weeks, the erwin Expert Blog has been exploring the five pillars of data governance readiness. So far, we’ve covered initiative sponsorship and organizational support. Today, we talk team resources.

Facebook and the Data Governance Awakening

Most organizations lack the enterprise-level experience required to advance a data governance initiative.

This function may be called by another name (e.g., data management, information management, enterprise data management, etc.), a successful organization recognizes the need for managing data as an enterprise asset.

Data governance, as a foundational component of enterprise data management, would reside within such a group.

You would think an organization like Facebook would have this covered. However, it doesn’t appear that they did.

The reason Facebook is in hot water is because the platform allowed ‘thisisyourdigitallife’ to capture personal data from the Facebook friends of those who used the app, increasing the scope of the data snare by an order of magnitude.

Pillars of Data Governance; Facebook

For context, it took only 53 Australian ‘thisisyourdigitallife’ users to capture 310,000 Australian citizens’ data.

Facebook’s permission settings essentially enabled ‘thisisyourdigitallife’ users to consent on behalf of their friends. Had GDPR been in effect, Facebook would have been non-compliant.

Even so, the extent of the PR fallout demonstrates that regulatory compliance shouldn’t be the only driver for implementing data governance.

Understanding who has access to data and what that data can be used for is a key use case for data governance. This considered, it’s not difficult to imagine how a more robust DG program could have covered Facebook’s back.

Data governance is concerned with units of data – what are they used for, what are the associated risks, and what value do they have to the business? In addition, DG asks who is responsible for the data – who has access? And what is the data lineage?

It acts as the filter that makes data more discoverable to those who need it, while shutting out those without the required permissions.

The Five Pillars of Data Governance: #3 Team Resources

Data governance can’t be executed as a short-term fix. It must be an on-going, strategic initiative that the entire organization supports and is part of. But ideally, a fixed and formal data management group needs to oversee it.

As such, we consider team resources one of the key pillars of data governance readiness.

Data governance requires leadership with experience to ensure the initiative is a value-adding success, not the stifled, siloed programs associated with data governance of old (Data Governance 1.0).

Without experienced leadership, different arms of the organization will likely pull in different directions, undermining the uniformity of data that DG aims to introduce. If such experience doesn’t exist within the organization, then outside consultants should be tapped for their expertise.

As the main technical enabler of the practice, IT should be a key DG participant and even house the afore-mentioned data management group to oversee it. The key word here is “participant,” as the inclination to leave data governance to IT and IT alone has been a common reason for Data Governance 1.0’s struggles.

With good leadership, organizations can implement Data Governance 2.0: the collaborative, outcome-driven approach more suited to the data-driven business landscape. DG 2.0 avoids the pitfalls of its predecessor by expanding the practice beyond IT and traditional data stewards to make it an enterprise-wide responsibility.

By approaching data governance in this manner, organizations ensure those with a stake in data quality (e.g., anyone who uses data) are involved in its discovery, understanding, governance and socialization.

This leads to data with greater context, accuracy and trust. It also hastens decision-making and times to market, resulting in fewer bottlenecks in data analysis.

We refer to this collaborative approach to data governance as the enterprise data governance experience (EDGE).

Back to Facebook. If they had a more robust data governance program, the company could have discovered the data snare exploited by Cambridge Analytica and circumvented the entire scandal (and all its consequences).

But for data governance to be successful, organizations must consider team resources as well as enterprise data management methodology and delivery capability (we’ll cover the latter two in the coming weeks).

To determine your organization’s current state of data governance readiness, take the erwin DG RediChek.

To learn more about how to leverage data governance for GDPR compliance and an EDGE on the competition, click here.

Take the DG RediChek

Categories
erwin Expert Blog

Five Pillars of Data Governance Readiness: Organizational Support

It’s important that business leaders foster organizational support for their data governance efforts.

The clock is counting down to the May 25 effective date for the General Data Protection Regulation (GDPR). With the deadline just a stone’s throw away, organizations need to ensure they are data governance-ready.

We’re continuing our blog series on the Five Pillars of Data Governance (DG). Today, we’ll explore the second pillar of data governance, organizational support, and why it’s essential to ensuring DG success.

In the modern, data-driven business world, data is an organization’s most valuable asset, and successful organizations treat it as such. In this respect, we can see data governance as a form of asset maintenance.

Take a production line in a manufacturing facility, for example. Organizations understand that equipment maintenance is an important and on-going process. They require employees using the equipment to be properly trained, ensuring it is clean, safe and working accordingly with no misuse.

They do this because they know that maintenance can prevent, or at the very least postpone repair that can be costly and lead to lost revenue during downtime.

Organizational Support: Production Lines of Information

Data Governance: Organizational Support

Despite the intangible nature of data, the same ideas for maintaining physical assets can and should be applied. After all, data-driven businesses are essentially data production lines of information. Data is created and moved through the pipeline/organization, eventually driving revenue.

In that respect – as with machinery on a production line and those who use it – everybody that uses data should be involved in maintaining and governing it.

Poor data governance leads to similar problems as poor maintenance of a production line. If it’s not well-kept, the fallout can permeate throughout the whole business.

If a DG initiative is failing, data discovery becomes more difficult, slowing down data’s journey through the pipeline.

Inconsistencies in a business glossary lead to data units with poor or no context. This in turn leads to data units that the relevant users don’t know how to put together to create information worth using.

Additionally, and perhaps most damning, if an organization has poorly managed systems of permissions, the wrong people can access data. This could lead to unapproved changes, or in light of GDPR, serious fines – and ultimately diminished customer trust, falling stock prices and tarnished brands.

Facebook has provided a timely reminder of the importance of data governance and the potential scale of fallout should its importance be understated. Facebook’s lack of understanding as to how third-party vendors could use and were using its data landed them in hot PR water (to put it lightly).

Reports indicate 50 million users were affected, and although this is nowhere near the biggest leak in history (or even in recent history, see: Equifax), it’s proof that the reputational damage of a data breach is extensive. And with GDPR fast approaching, that cost will only escalate.

At the very least, organization’s need to demonstrate that they’ve taken the necessary steps to prevent such breaches. This requires understanding what data they currently have, where it is, and also how it may be used by any third parties with access. This is where data governance comes in, but for it to work, many organizations need a culture change.

A Change in Culture

Fostering organizational support for data governance might require a change in organizational culture.

This is especially apparent in organizations that have only adopted the Data Governance 1.0 approach in which DG is siloed from the wider organization and viewed as an “IT-problem.” Such an approach denies data governance initiatives the business contexts needed to function in a data-driven organization.

Data governance is based primarily on three bodies of knowledge: the data dictionary, business glossary and data usage catalog. For these three bodies of knowledge to be complete, they need input from the wider business.

In fact, countless past cases of failed DG implementations can be attributed to organizations lacking organizational support for data governance.

For example, leaving IT to document and assemble a business glossary naturally leads to inconsistencies. In this case, IT departments are tasked with creating a business glossary for terms they often aren’t aware of, don’t understand the context of, or don’t recognize the applications or implications for.

This approach preemptively dooms the initiative, ruling out the value-adding benefits of mature data governance initiatives from the onset.

In erwin’s 2018 State of Data Governance Report, it found that IT departments continue to foot the bill for data governance at 40% of organizations. Budget for data governance comes from the audit and compliance function at 20% of organizations, while the business covers the bill at just 8% of the companies surveyed.

To avoid the aforementioned pitfalls, business leaders need to instill a culture of data governance throughout the organization. This means viewing DG as a strategic initiative and investing in it with inherent organizational and financial support as an on-going practice.

To that end, organizations tend to overvalue the things that can be measured and undervalue the things that cannot. Most organizations want to quantify the value of data governance. As part of a culture shift, organizations should develop a business case for an enterprise data governance initiative that includes calculations for ROI.

By limiting its investment to departmental budgets, data governance must contend with other departmental priorities. As a long-term initiative, it often will lose out to short-term gains.

Of course, this means business leaders need to be heavily invested and involved in data governance themselves – a pillar of data governance readiness in its own right.

Ideally, organizations should implement a collaborative data governance solution to facilitate the organization-wide effort needed to make DG work.

Collaborative in the sense of enabling inter-departmental collaboration so the whole organization’s data assets can be accounted for, but also  in the sense that it works with the other tools that make data governance effective and sustainable – e.g., enterprise architecture, data modeling and business process.

We call this all-encompassing approach to DG an ‘enterprise data governance experience’ or ‘EDGE.’ It’s the Data Governance 2.0 approach, made to reflect how data can be used within the modern enterprise for greater control, context, collaboration and value creation.

To determine your organization’s current state of data governance readiness, take the erwin DG RediChek.

To learn more about the erwin EDGE, reserve your seat for this webinar.

Take the DG RediChek