The process of identifying critical data elements (CDEs) is a fairly new best practice in Data Governance programs. Software does not yet support the identification process. CDEs may be described as the specific data needed for doing business (requiring high-quality data) or the specific data that is extremely sensitive (requiring good security). These particular data elements often have a stronger financial impact on the business than other data elements.
When understood and managed correctly, a focus on critical data elements can reduce security expenses and minimize the labor needed for maintaining high-quality data. The use of CDEs is based on a philosophy of focusing on Data Quality and security in a few key areas that are essential to the smooth flow of business.
The CDE philosophy can improve the organization’s efficiency, security, and success. Examples of CDEs include customer data, protected health information, intellectual property, and financial information. A business’s obligations or critical functions and processes can also qualify as a critical data element.
Incorrect information can promote errors and faulty business intelligence, and poor security can result in having customers’ personal information stolen, making the organization open to lawsuits. Many people automatically embrace the idea that “all incoming data” should be correct, accurate, and of high quality, and that security should cover all the business’s data. The CDE philosophy, however, suggests that it is more appropriate and cost-effective to restrict the focus to specific key areas.
Each individual organization will have its own unique combination of CDEs, based on its specific needs and priorities.
Data Governance and Critical Data Elements
Over the last decade, the concept of critical data elements has gradually become a more important part of Data Governance programs. The importance of CDEs is based on two factors: scalability (a software limitation) and regulations regarding the personal privacy of their customers (security, which can also be a financial concern).
Normally, Data Governance software cannot expand significantly. For example, it is not typically designed to cover manufacturing and production data or the data stored by financial service organizations. Both industries can support millions of data elements in files, documents, database tables, and other data storage areas. With the scalability limitations common to Data Governance software, selecting the appropriate “critical” data elements becomes an important decision. A separate security program for “noncritical data elements” can be established.
Privacy regulations are usually a part of the Data Governance program, and the data they cover are considered critical data elements. Privacy regulations have become a growing concern for modern businesses. A number of countries and California have developed their own version of Europe’s General Data Protection Regulation (GDPR). Additionally, the regulations regarding data for financial services have sharpened significantly over the last few years.
With the increasing importance of CDEs, an evaluation of the business’s critical data assets has become a first step in developing a new Data Governance program.
Some data elements are less critical than others and need less governance. These data elements are not considered as important, and per the CDE philosophy, are a lower priority in terms of Data Quality and security.
Examples of noncritical data elements are research materials gathered from outside sources, any publicly available information, and purchased data. These need only light governance, and managing Data Quality and providing security may be considered a waste of time.
Understanding which data elements qualify as critical is needed to support a strong Data Governance strategy.
Identifying CDEs is a Data Governance practice that allows organizations to determine which data has significant value, and which does not. Critical data will vary by industry and the business’s priorities. The identification of the CDEs should be assigned to the Data Governance steward.
Data elements that are critical to one business may not be critical to another business.
Critical data elements are used to achieve specific business goals. To identify these elements we need to look at how data supports a specific business process. Questions that determine which data elements are critical are listed below.
- Which data elements must be secured and kept private? (Personal privacy data, business transactions, financial information.)
- Which data elements are critical to the organization’s business processes? (Customer information, contracts, the organization’s banking information.)
- Which data elements must be available for the business to operate? (Access to the internet, passwords to access the cloud or other internet accounts.)
- Which types of data elements are too numerous to be covered by the Data Governance program? (Manufacturing data, financial services data, purchased bulk research data.)
- Which data elements have the most costs associated with them?
- What are the risks associated with the individual data elements?
- How many people, teams, or departments are using a data element?
A scale of importance can be applied to the questions. Using a scale of 1 to 10, each CDE can be assigned a numerical value establishing its importance.
Benefits of Identifying CDEs
The proper management of critical data elements helps to prevent business disruptions and the loss of revenue. The CDE philosophy can provide numerous benefits by reducing the amount of data needing to be governed. Good Data Governance of the critical data can also be used to:
- Maximize revenues
- Improve customer satisfaction
- Reduce operational costs
- Ensure data integrity
- Simplify the implementation of control policies and security measures
The Lack of Software for Critical Data Elements
Because of the lack of software designed to identify critical data elements – as well as the lack of Data Governance software designed to identify or work specifically with critical data elements – the identification and protection of CDEs must be done manually and is currently described as a best practice.
The mapping of an organization’s critical data elements can be quite useful for recording, referencing, and communication purposes. There is no standardized approach to data mapping, but some common steps include identifying the critical data elements’ sources, and describing their data formats, and their metadata (or meta title).
If it is already a part of your Data Governance program, the software of a data catalog can be used to publish your critical data elements in the business glossary as business assets. The business glossary can then become a useful tool for identifying and locating CDEs quickly and efficiently.
The Future of Critical Data Elements
With the massive amounts of data currently available, it has become impractical to treat and handle all data elements equally. Businesses are currently focused on maximizing the value of their data and are implementing data strategies that minimize costs.
The philosophy of collecting massive amounts of data and attempting to protect all of it, and screen it for quality, should gradually fade away as wasteful. This behavior will be replaced with the practice of determining which data within the organization needs security and to be of high quality.
The CDE philosophy offers a method for prioritizing the data an organization keeps secure and ensures is trustworthy.
By prioritizing critical data elements, businesses can manage the data’s quality and governance and allocate resources efficiently. The difficulties involved in making Data Governance software scalable (some clouds are working on this issue) make it unlikely the philosophy of CDEs will fade away soon. However, it does seem likely software or an app will be developed that can identify CDEs, based on keywords and/or other criteria.
Image used under license from Shutterstock.com