Metadata Governance: Crucial to Managing IoT

By on
IoT governance
Gorodenkoff / Shutterstock

The Internet of Things (IoT), devices that produce and consume data through the internet, will likely comprise over 207 billion devices by the end of 2024. These widgets generate, consume, and send vast data over business networks.

As a result, organizations must include IoT in their Data Governance programs to ensure better integration and legal compliance. Without effective governance, firms face the risk of penalties, such as the 32 million euros levied by France on Amazon for GDPR violations related to excessive surveillance conducted through worker scanners or their IoT devices.

To mitigate risks, businesses must proactively govern the IoT data they send and receive. As software developer Nahla Davies emphasizes, IoT often collects sensitive personal and business data, raising significant concerns about security and privacy and calling for Data Governance services to protect data from unauthorized access and breaches.

Thankfully, implementing comprehensive metadata governance practices can effectively prevent oversights in IoT and enable successful integration. This article explores the significance of metadata governance for IoT, its implementation, and how to overcome related challenges.

Understanding Metadata Governance 

Data Governance harmonizes different components – roles, processes, communications, metrics, and tools – so that the right data flows to the right resources at the right time. Its framework is crucial in integrating and managing IoT data through metadata governance.

Governance of metadata requires formalization and agreement among stakeholders, based on existing Data Governance processes and activities. Through this program, business stakeholders engage in conversations to agree on what the data is and its context, generating standards around organizational metadata. The organization sees the results in a Business Glossary or data catalog.

In addition to Data Governance tools, IT tools significantly contribute to metadata generation and usage, tracking updates, and collecting data. These applications, often equipped with machine learning capabilities, automate the gathering, processing, and delivery of metadata to identify patterns within the data without the need for manual intervention.

As a result, people and systems create and use metadata, even if it is disorganized without a formal governance structure. Through Data Governance, metadata governance improves the organization’s critical metadata with improved Data Quality, efficiency, and decision-making capabilities.

Importance of Metadata Governance for IoT Data

Since so many IoT devices exist, generate, and deliver data, legislators generally assume they fall under data regulations. To formalize this assertion, the EU passed a Data Act, enforceable in 2024 and containing guidelines about permissible use and access to IoT data.

Not everyone knows these requirements, even though people or business units can easily purchase IoT devices. For example, several police departments have gathered IoT surveillance without public stakeholders’ awareness or feedback.

While a small business may be less likely to purchase a drone, it still needs awareness about handling IoT data. For example, a person can get a smart-mini GPS to prevent losing something important. But as other workers or managers get their hands on the device, their usage can morph into innocently tracking employee activities and violating their privacy.

Tracking every IoT device risk presents a near impossibility, as too many details exist. However, a company can use critical metadata that is governed. For example, a business can see how many things have accessed the network, by whom, when, and where, providing a way to mitigate risk. 

Best Practices for Implementing Metadata Governance of IoT

As a first step, organizations should create and implement a robust metadata management program to clarify the mission and goals using metadata for business objectives. This process typically involves engaging Data Governance resources to define the purpose of metadata and how it should be produced.

The need for metadata governance services will emerge through establishing and maintaining this metadata management program. By setting up and running these services, an organization can better utilize Data Governance capabilities to collect, select, and edit metadata.

Developing these processes requires time and effort, as metadata governance needs to adapt to the organization’s changing needs. Therefore, consider narrowing the scope of metadata governance to focus on the most critical and high-risk metadata types. 

To ensure adequate metadata quality, Bob Seiner, president and principal of KIK Consulting and Educational Services, suggests focusing efforts on three areas: the quality of the definition, the production, and the use of the metadata. 

Getting to the specifics requires talking with business stakeholders to determine which metadata should be governed and to gain agreement on what is considered critical. Guidance from the metadata management program would support these efforts.

Real-World Applications of Metadata Governance for IoT

Real-world applications of metadata governance for IoT can be observed in smart cities like Oakland, California, and Portland, Oregon. These cities have taken the lead in utilizing metadata governance to ensure adherence to privacy requirements.

In the case of Oakland, the city passed the Surveillance Technology Ordinance in 2016, establishing a privacy commission to represent the public and advise the council on surveillance issues. Oakland’s agencies must provide metadata about their surveillance technology, including IoT, to its Privacy Advisory Commission. A web reference distills this metadata to educate the public about the data collected and ways to request records with more details. 

Similarly, Portland has engaged with public stakeholders through Smart City PDX and used Metadata Governance. A steering group facilitates public input on the metadata to collect for surveillance, including IoT. The resulting metadata will contribute to Portland’s surveillance inventory, which will be open and available by April 2024.

Oakland and Portland exemplify transparency and accountability in managing IoT data through their metadata governance activities. By involving the public and establishing mechanisms for metadata provision and public access, these cities foster trust and ensure more responsible governance of IoT data.

Overcoming Challenges in Metadata Governance for IoT

While metadata governance for IoT can lead to trust and legal compliance, it does face some significant challenges. The rapid influx of new IoT data makes it difficult to govern the associated metadata effectively. Often, as business teams come together to define metadata, other departments have already purchased and used additional IoT-generating data, potentially adding risks.

To address these challenges by ensuring compliance and high metadata quality, organizations must prioritize the management of their critical metadata and avoid getting sucked into administering all possible metadata when some are less relevant. Focusing narrowly on governing only the most essential metadata allows for better resource allocation. This prioritization can evolve as metadata governance continuously improves as part of an ongoing process.

Getting a good set of governed critical metadata requires a constant feedback loop. Internal governance bodies and regular third-party audits of metadata activities can provide this input, informing the creation of new metadata definitions and clarifying existing ones. The assessment results also provide valuable insights for metadata production and usage discussions, leading to improved guidance.

Implementing metadata governance will require effective automation and generative AI to timely manage, refresh, and closely monitor metadata usage trends. However, it is important to note that these automated processes should be supervised by at least one dedicated human resource, with two or three backups. 

This assignment ensures that systems handling metadata receive necessary updates and maintenance. Also, people can edit or alter systems-generated metadata during its transformation to align with evolving business needs.


As regulators tighten requirements around IoT data, companies must get a handle on it. A good metadata governance program provides an effective way to do so.  It supports a metadata program by aligning and coordinating metadata definition, production, and usage across the organization. 

Given the ease of accessing lots of IoT data, metadata governance provides a necessary tactic to show compliance by efficiently providing context around that data. Smart cities have already taken the lead in taming this deluge of information. It is up to private businesses and other organizations to learn from them and develop and move their programs forward, avoid fines, and take advantage of new opportunities.