Data Governance FAQ

An asset has value, is quantifiable, helps the organization achieve its strategic objectives, and requires specialized skills to develop and maintain it. Data meet all of these criteria. In order for the value data can bring to be realized, they must be inventoried, tracked, monitored and maintained, much like the physical assets of an organization. Data which are not managed introduce risk into the organization.

IT governance is the process that ensures the effective and efficient use of IT in enabling an organization to achieve its goals. It provides over-arching structure for aligning IT strategy with business strategy. By following a formal framework, organizations can produce measurable results toward achieving their strategies and goals. IT governance also takes stakeholders' interests into account, as well as the needs of staff and the processes they follow.

IT governance includes:

Data governance: the deliberate act of formalizing the decision making around data within an organization. It includes the people, processes and structures involved in collecting, managing and using an organization's data.
Project and portfolio governance: the selection, prioritization and control of an organization’s projects and programs in line with its strategic objectives and capacity to deliver. It includes:
- Program management: the management of portfolios and projects leading to a strategic goal or outcomes.
- Portfolio management: the management of multiple related projects within a program.
- Project management: the management of resources and the application of processes, methods, knowledge, skills and experience to achieve the project objective.

Data ownership and data stewardship are both aspects of data governance. While data governance provides an overarching structure for the formalization of decision making around data, data ownership ensures accountability for specific pieces of data or data sets; and data stewardship encompasses the intentional acts of formally managing data and the processes associated with over-seeing, or being accountable for, data.

Stated another way, data management policies and practices are adopted through the overarching data governance structure, data ownership ensures accountability for the data and associated policies and practices, and data stewardship ensures data-related work is performed according to those formally adopted policies and practices.

Yes. Understanding the different types of data within the organization and how each should be managed is key to effective stewardship. By identifying the types of data that exist within the organization, what business or technical role the data plays according to its type, and who is responsible for stewarding the data, an organization is ensuring that all data is being managed appropriately and adding business value. The different types of data that may exist in an organization include:

Master Data – the core data that is essential to operations in a specific business or business unit. (TechTarget)
Transactional Data – the information recorded from transactions. A transaction is a sequence of information exchange and related work (such as database updating) that is treated as a unit for the purposes of satisfying a request. (TechTarget)
Reference Data – are the data objects relevant to transactions, consisting of sets of values, statuses or classification schema. An example would be order statuses and their related codes, such as “canceled” and its related code, “CN,” required for reference purposes in an online order system. (TechTarget)
Metadata – structured information that describes, explains, locates or otherwise makes it easier to retrieve, use or manage an information resource. It is data that provides information about data. (TechTarget)
Historical Data – collected data about past events and circumstances pertaining to a particular subject. (TechTarget)

Data is owned by the enterprise rather than the individuals, divisions or programs within the enterprise. However, data management and use often falls within the organizational boundaries of specific divisions or program areas, at times spanning across multiple divisions or program areas. To ensure data is protected and used appropriately, it is necessary to designate data owners, who are accountable for specific data subject areas, and data stewards, who are responsible for working with data in accordance with adopted policies and practices, from divisions or programs to help ensure accountability for all data within the enterprise.

Assigning data ownership is large in scope. Broad classifications can be used in the beginning and then narrowed down as the organization and its data management efforts mature. For example, in the beginning perhaps ownership of all finance-related data is assigned broadly to the chief financial officer. However, as the organization begins to better understand the many ways finance data is collected and used, ownership may be parsed out to other departments or to specific offices within the Finance department, depending on who the subject matter experts are and the primary uses of the data. Data-related accountabilities may be tied to different levels of granularity of information such as:

- Documents.
- Content units (used in documents, web displays, reports, etc.).
- Data feeds.
- Data records.
- Raw data.
- Domains of data (for example, all data related to customers).
- Usage-related collections of data (for example, all fields appearing on a certain report, or all fields included in a compliance mandate such as HIPAA, HMDA or Sarbanes-Oxley).
- Specific data entities (for example, within a data feed, an entire customer record, including the customer’s ID, name and all related data).
- Data attributes (for example, only a certain preference flag within a customer record).

Yes. Data steward responsibilities should be tied to data-related processes and data flows as well as data quality and use. This ensures that data is handled appropriately, according to the policies and practices adopted, defined and documented by the data governance program. Data that is protected throughout its lifecycle (from creation through use and eventual archival or destruction) adds value to the organization and helps achieve strategic business goals. Alternatively, data that is mishandled because data processes are not defined and data flows are not understood is detrimental to the organization.

Yes. Some organizations base accountabilities on related data sets, such as data requiring compliance with certain laws, like HIPAA or the Home Mortgage Disclosure Act (HMDA). They put teams in place that are responsible for finding the data wherever it exists in the system, specifying rules for how and when the information is used and shared, and making sure those rules are followed.

Access to data should be assigned based on an individual’s role in the organization. Data should be classified based on privacy restrictions imposed by legal mandate or rule and/or organizational policy. Access to data should be granted based on those classifications and limited to only those who need access to fulfill their job requirements. The data classifications assigned should inform all decisions regarding data access, including who may have access to data; how individuals may access data; and how individuals may share and/or transport data.

Data use should be driven by business needs. The appropriate use of data should be overseen and defined by data owners. Data stewards provide guidance and guidelines to data users to ensure data is protected and represented accurately when it is used.

Metadata is information about data, technical and business processes, data rules and constraints, and logical and physical structures of the data used by an organization. When metadata is documented and made available, it allows data to be understood, located, verified, traced and consistently used and reused. By providing key information about an organization’s data, metadata allows data users to interact productively with the data assets, functions, processes and systems of an organization.

The short answer to this question is ALL data elements should be governed at the enterprise level. However, this is not practical for most organizations, particularly those new to governing data. Therefore, a manageable place to start is with those data elements that are deemed critical for business operations, decision-making and reporting purposes.

To determine which data elements are critical, it is necessary to engage subject matter experts within each line-of-business and organizational support function to identify the key business processes and their associated critical data elements. Focus can then be on governing this set of enterprise critical data at the enterprise level and to not boil the ocean.

Business needs drive data needs which, in turn, drive technology needs. Because the business roles within an organization are often subject matter experts with a deeper understanding of data, its definition and usage, as well as decision support, risk management and reporting, those roles should be central to the design and implementation of a data governance structure. These subject matter experts are aware of the ramifications of data quality issues on decision-making and the organization's ability to fulfill its mission, therefore, they should hold the responsibility of being data owners and data stewards. Technology and operations teams, on the other hand, function as data custodians. This is a trusted advisor and implementation role which ensures that the right systems, infrastructure and processes are in place to support and sustain data governance.

Organizations sustain data governance over time by building a structure that is reliant on formalized processes and documented procedures that are embedded in the organization's data culture, rather than on specific people. This is achieved by implementing a governance model, assigning roles and responsibilities, and rolling out organization-wide standards and policies related to data. Additionally, ensuring an appropriate escalation mechanism is in place and followed, proactively monitoring compliance to standards and policies, as well as communicating the value of the program to all stakeholders is key to program maturation over time and ultimately long-lasting success.

Data Governance FAQ

Why does data need to be managed as a state asset?

What is IT governance?

What constitutes IT governance?

What is the difference between data governance, data ownership and data stewardship?

Who should be data stewards?

Should data ownership and data stewardship be tied to specific types of data?

How should data ownership and data stewardship be assigned to data subject areas?

At what level of detail should data ownership and data stewardship be assigned?

Should data ownership and data stewardship be tied to processes and data flows?

Should data ownership and data stewardship be tied to compliance and/or usage?

How should access to data be assigned, and how should data be used?

What is metadata and why is it important?

Which data entities and data elements should be governed at the enterprise level?

What roles do the business and technology organizations play in implementing data governance?

How should data-related issues be logged and addressed?

How do organizations sustain data governance programs over the long haul?