Creating a Data Governance Policy

By on
data governance policy

A Data Governance (DG) policy is a document that describes how organizations use and manage their data. These documents establish rules that help safeguard data, define the roles and responsibilities of staff involved with Data Governance, and set standards for Data Quality and security. 

Good Data Governance policies make the business’s governance goals, practices, and responsibilities accessible and transparent. A well-designed governance policy provides guidance for all staff involved, and assures everyone is on the same page regarding goals and procedures.  

A Data Governance policy serves several purposes. It provides a source of standards and practices staff can follow to ensure the quality and accuracy of their data. A governance policy also defines the procedures employees should follow during different scenarios, for example, a data breach.

By defining the organization’s goals, data standards, and practices, a Data Governance policy should provide organizations with trustworthy data, as well as regulatory compliance. The content of the governance policy will vary, depending on the size of the organization, the business processes, and the complexity of data. The tools used for data collection, access, and processing can help businesses avoid being fined for the misuse of customer information (along with reputational damage). 

A DG policy is not meant to be a static document, and organizations may review and change it as the business evolves and privacy regulations change.

Developing a Data Governance Policy

The first step in creating a Data Governance policy is to collect feedback on core issues, such as data access, security, and storage. Collecting feedback involves communicating with other staff and asking them to help in developing key DG principles. 

Gathering feedback prior to writing the Data Governance policy provides useful information. Determine who is – and who will be – involved with the Data Governance program. The questions to ask when gathering information to shape the policy are:

  • How is data currently being handled?
  • What are the problems being experienced?
  • How can the data collection process be improved?
  • How can data storage be improved?
  • How can in-house data be accessed more easily?
  • Are there any problems with security?
  • Any other questions you can think of?

After the questions have been answered and discussed, it is time to create a formal list (which should be posted/emailed for additional comments). When the formal list is completed, the policy can move forward. The questions listed above are designed to provide the Data Governance policy with the information needed for the following steps:

  • Define the DG program’s goals and objectives
  • Develop DG principle
  • Create standards and policies for the data
  • Establish a framework for the program
  • Implement data security policies
  • Establish Data Quality controls
  • Promote data sharing and integration
  • Determine roles and responsibilities, and provide appropriate training
  • Monitor and evaluate progress
  • Develop a data catalog

Define Goals and Objectives

Some generic examples of goals and objectives for an organization’s Data Governance program are listed below. 

Data Governance goals:

  • Protecting the integrity, privacy and security of the business’s data 
  • Implementing Data Management software that ensures clean, consistent data
  • Establishing standardized, repeatable processes for data entries and reporting
  • Developing a culture that relies on clean, consistent data when making decisions

Data Governance objectives:

  • Develop and maintain a data dictionary
  • Develop and maintain a business documentation process 
  • Develop and maintain error/audit reports

Develop Data Governance Principles

The Data Governance Institute has developed what it calls “universal Data Governance principles.” Their system provides a base to work from, and it can be adjusted to fit your business and Data Governance policy, by adding or subtracting principles. They are designed to prevent and help resolve data-related conflicts that are common to every business. The Data Governance Institute’s principles are listed below.

  1. Integrity: The practice of integrity means being truthful and forthcoming. As a Data Governance principle, it implies any concerns, issues, or improvements should be communicated to other staff quickly and efficiently.
  1. Transparency: Data Governance and stewardship practices should be transparent. Transparency promotes good communications and understanding.
  1. Auditability: Keep all data issues above board and auditable. (See Transparency.) Data-related processes, decisions, and controls should be recorded and auditable. If an audit needs to be done, records should show clearly how and when data was used.
  1. Accountability: Being accountable is a form of proactive honesty, and means individuals take responsibility for their actions, and the results of their actions. This form of proactive honesty helps to reduce confusion about staff’s responsibilities in the workplace, and promotes efficient communications. 
  1. Stewardship (supporting stewardship): This particular principle requires assigning accountability for the data to an individual, or multiple individuals. Depending on the organization, there may be multiple data stewards, or only one. Data stewards are responsible for maintaining the data’s accuracy and general health, acting as a communications liaison for all things Data Governance, and playing the role of the data police when a pattern of errors presents itself. 
  1. Checks and Balances: This refers to the relationships between the business and technology teams. It may also refer to the people creating or collecting information versus those who manage and use it. A balance of power between departments should be maintained to promote the organization’s evolution. 
  1. Standardization: This includes both the standardization of routine office practices and the standardization of data. Standardization makes processes and data easily recognizable and easy to work with. Automation should be used to standardize data.
  1. Change Management: While some might enjoy having their managers replaced, that is not what change management means. It actually means embracing a proactive philosophy in adapting to change as the organization evolves.

Create Standards and Policies

Policies can be described as guidelines that are used to ensure an organization’s data is used properly and managed with consistency. The guidelines normally include concerns related to security, access, privacy, and quality. 

Data standards are written agreements about format, definition, structuring, representation, tagging, transmission, use, and Data Management. Processes involve the policies and standards used for effective Data Management.

The standards and policies described in the Data Governance policy provide guidance and are part of the Data Governance framework. 

Establish Data Governance Framework

The DG framework is a subdivision of the DG policy and focuses on the rules and processes needed to ensure an organization’s compliance with various laws and regulations.

A DG framework supports an effective Data Governance program and will standardize several rules and processes throughout the organization. It is an assembly of rules, responsibilities, and processes that are used to organize a business’s DG program. Establishing a Data Governance framework will help in improving data standards, business strategies, and data privacy.

Implement Data Security Policies

Data security protects an organization’s customer and business data against unauthorized access and use. Data security controls are designed to restrict access and protect this data. A well-designed data security plan can help in preventing data breaches and malware.

Data security is a significant concern, and continues to be a major cybersecurity challenge.

Establish Data Quality Controls

Data of high quality is correct and useful. Data of poor quality has mistakes and promotes bad decisions. The quality controls of data are the processes used in determining if data meets the organization’s standards. The data can be measured using certain key aspects, such as: 

  • Accuracy
  • Reliability 
  • Precision 
  • Completeness 
  • Timeliness
  • Integrity 
  • Confidentiality

Promote Data Sharing and Integration

Data sharing allows researchers to share information with each other, and to collaborate on shared projects. Data sharing and collaboration between researchers can often result in important new discoveries within a field or industry. Data integration, however, doesn’t really require humans but involves linking records and correcting data through automation.

Data sharing is extremely efficient because it allows researchers to share resources in a synergistic relationship.

Determine Roles and Responsibilities and Provide Training

Prior to developing and formalizing a DG policy, and the assignment of Data Governance roles, staff often perform Data Governance tasks somewhat randomly. For example, any employee who works with health or financial data has a responsibility to maintain compliance with the appropriate laws and regulations. While every business will have its own unique structure, these are the four most common DG roles:

  • Data administrator
  • Data steward
  • Data custodian
  • Data user: This role can be filled by an individual or another organization. The primary responsibility of a data user is to ensure the data is stored, processed, and handled in a secure manner. (Data users are often the weakest link in terms of security.) 

Monitor and Evaluate Progress

This step deals with proactively noting and recording any improvements that take place as the Data Governance policy is implemented, or any steps that aren’t going as planned. It is important to record the changes accurately to identify what is working, and any areas where improvements may be needed. 

By regularly assessing the DG program’s progress (by way of sales figures, customer feedback surveys, website analytics, etc.) a business can improve its efficiency and customer relations.

Develop a Data Catalog

The last step in creating a Data Governance policy involves researching data catalog software and developing it. A data catalog stores all of a business’s metadata, as well as tools to help its users locate the needed information. It essentially acts as an inventory for an organization’s data. TechTarget has published a selection of data catalog software.

data catalog will not only provide a list of the organization’s data, but also a description that is easily understood by humans.

A data catalog organizes all the data stored within the business. This is an extremely useful feature for analytics and developing business intelligence. The data catalog connects the datasets with the people who work with the data.

Image used under license from Shutterstock