Data fuels modern business, but ensuring the quality, usability, and profitability of all that information remains a struggle. And not only does the use of that data need to obey ever-expanding regulatory demands and privacy laws; it should also help alert a business when an employee, unit, or supplier poses a risk.

That’s a pretty tall order, then, for good data governance.

“The only good data that is worth investing in is the information that creates greater velocity in the way you make business decisions,” says Jeffrey Ritter, a technology consultant and lecturer at Georgetown University’s Law Center. “There is tons of data being collected. What businesses need is more information that is trusted and immediately accessible.”

The concept of data governance—establishing internal controls, protocols, and procedures to ensure that data assets are managed well—is nothing new. In fact, many describe the current iteration of these protocols as “data governance 2.0,” a term that encompasses the explosion of Big Data and its associated analytics. The truth, experts say, is that companies of all sizes, in all sectors, have plenty of work to do.

“Across the industry we are playing data defense,” says Alan Paris, global head of financial services consulting for eClerx, a global technology company. “How do you transform that into data offense? How do you actually monetize data? How do you use the approach that you take to data, data management, and data governance to drive business? There is a lot of wood to chop there, and a lot of opportunity yet to be mined.”

“With all of the competitive pressures that are on companies today, they can’t afford not to know that the information is accurate,” Ritter says. “They can’t process fiction.” Likewise, there must be assurances that the information can be used and analyzed without violating any regulatory obligations tied to the data. In privacy law, for example rules pertaining to personal information limit the use of that data. “That’s important to the compliance community because their job is to align those rules of use to information assets,” he says.

To understand what must go into a data governance initiative, think of it as an e-discovery program on steroids. The first objective is to make sure you know what data you have and that you can easily catalog and access it. Taking that inventory, however, cannot be offloaded to the IT department, since the business units are in the best position to know the data they need and the risks (regulatory or otherwise) that they face.

“There is tons of data being collected. What businesses need is more information that is trusted and immediately accessible.”
Jeffrey Ritter, Technology Consultant, Georgetown University

Protocols to govern data should be developed through a cooperative effort that includes management, compliance, and legal. “Traditionally the hardest problems to solve are the ones that are not solved in a single line of business or in a single workflow,” says Harald Collet, global head of Bloomberg Vault. “You need a strong-willed and forceful leader, because there are a lot of obstacles to getting five or seven different parts of the company all on the same page.”

“You need executive buy-in and support,” says Rex Ahlstrom, chief strategy officer for BackOffice Associates, a data governance consultant. “How high up the food chain can you get? That will depend on a company. Maybe it’s the VP running a division or the CIO, but somewhere along the line you need the buy-in.”

Put to rest the notion you can just plug in a solution. “You can’t just buy it,” Ahlstrom says. “It needs to be a combination of the new processes you will have to implement, tying it into business value, and creating the right reporting structure so you can demonstrate a return and expand. You can’t solve this with technology alone. You have to start with the right people, the right processes, and the right organizational structure.”

Business owners “know what that data is used for and where it gets leveraged when they run those business processes,” Ahlstrom adds. “If business is not a stakeholder and owns this, IT really has no idea where to go or what to do.” He points to a Gartner statistic that shows how companies might bridge the gap between IT and the business: The research firm predicts that by 2017, 50 percent of companies will have a chief data officer.

Collet’s advice is to avoid the temptation to “attempt data governance across the entire company.” Instead, narrow the scope of the implementation by focusing on the most regulated line of business.

Small Bites

Breaking the task into steps will also help navigate the complex world of data privacy laws. “You have to implement a data governance solution, but unfortunately you can’t move the data into any kind of central place because of the data privacy rules in other countries,” he says. “You can end up in a stasis of not being able to do anything because of all the risks that operations, compliance, or legal teams see.”

By prioritizing efforts within specific geographies that are less challenging, a data governance program can still gain momentum. “You need to set a strong business strategy so that instead of worrying about all the risks and unknowns, you make intelligent tradeoffs between a business strategy and the risks that are involved in deploying solutions in a certain way,” Collet says.


The following, from a blog post by Michele Goetz, an analyst at Forrester Research, details research by the firm into how vendors are adapting to the evolution of data governance. What you should know when considering data governance tools? She offers the following:

There is no single solution, but data quality, master data management and metadata management often are tightly connected to govern across.

Identify tools that enforce best practices for the administrative aspects of data governance. Keep in mind the end user is the business and may not be a "data geek."

Look carefully at what it takes to connect data conditions and processes to business outcomes as this effort may be a Business Intelligence on Data project.

Understand the vendor roadmap. Choose those that have solid strategies and prototypes/early releases geared toward the strategy, process, and administrative aspects of governance, not just data management and data processing.
Source: Michele Goetz, Forrester Research.

“Certainly there is a strong cyber-security mandate now,” he adds. “You have to get your house in order and know what data you have in order to protect it.”

“Getting your data act together is paramount to avoid steep fines, reputational risk, and embarrassment,” Paris says. “The stick is the regulatory fines you want to avoid by getting your data act together. Then, there is the carrot where you can actually run a more efficient and less capital-intensive, less costly business environment.”

A data governance program needs to ensure data quality, accuracy, and reliability. “You have to fix the data at the source and you can drive accountability by creating scorecards and rating people for, essentially, their data citizenship,” Paris says.

Some, he says, are considering whether to factor those goals into compensation. “So, if you are a bad actor and consistently providing poor, unclean, or spotty data to the rest of the organization, that’s going to affect your paycheck,” he says. “Managing compensation is a very good way to manage behavior and provide the proper incentives.”

Just as company websites can mine a wealth of relevant customer data, social media can also be ripe with helpful information, including insight into customer behaviors and buying patterns. A company can assess its reputation, see whether marketing efforts resonate, and even pick up on inadvertent pricing and labeling issues. The challenge, as it is with other data streams, is separating good data from the bad, and that is easier said than done, given the sprawling nature of social media sites.

“Social is an interesting data source that presents interesting problems,” Collet says. He suggests that it be viewed as a subset of the company’s overall approach to collaboration data and use of services like Yammer, Salesforce Chatter, Bloomberg terminals, and other communication channels.

“Social media seems different, and can be very fragmented, but what you want to do from an enterprise data management perspective is not treat it as something that is very different,” he says. “Treat it just as you would your e-mail system or an instant message sent inside the company. Then you can start getting consistency across the channels and a 360-degree view of the interactions.”