What is Data Governance? What You Need to Know

In the digital age, data is becoming a more and more valuable asset. Since much of this data is often collected from consumers, there is a great deal of controversy over who actually owns it. Since it is increasingly collected from the Iot, it also crosses national and international lines, which makes it very difficult for governmental entities to regulate. Brands that show their consumers they take care and responsibility with how they collect, use, store and disseminate data can gain tremendous consumer loyalty for their brand in addition to avoiding potential legal complications.


Data governance is a set of internal policies and procedures that guide and dictate how businesses will gather, collect, analyze, store, share, distribute or disseminate data. This collection of policies and procedures is generally referred to as a data governance framework.


A good framework needs to address how data is handled throughout the entire cycle. This includes things like how and what data is collected, how it is stored and possibly most importantly of all, who has access to it. While having a data governance policy of some kind is becoming more critical for businesses of all sizes, some will inherently be more rigid, structured and complicated than others. If you share information with a third party, how that party uses the data is also important. For instance, while Facebook itself may not have done anything criminally or even morally wrong, they were strongly implicated in the Cambridge Analytica scandal, which caused them to seriously rethink many of their policies. There are essentially 6 questions that a good framework needs to address: who, what, why, how, where and when.

Who: Who has access to your data is of critical importance. In fact, the Target data breach was accomplished via a third party vendor. If you give access to your databases to a vendor that doesn’t have the same stringent protocols in place that you do, you will create a vulnerability in your system. Similarly, if you have access to other databases but do not implement strong security protocols on your end, you are creating a vulnerability for them and could potentially be exposing yourself to a massive lawsuit.

What: Linking databases can help you create a smoother, more streamlined system but it also grants access to sensitive information to a wider pool of employees. Therefore, it is always wise to consider security implications before linking systems of information.

Why: The fewer people that have access to certain information, the more secure it remains. Therefore, before granting employees access to certain data, it is important to ascertain why they need it. If they don’t need it, it is generally better they don’t have it.

How: In some cases, you may wish to institute policies that require approval before accessing certain information or limit how data can be downloaded or shared. For instance, some businesses do not allow data to be downloaded to an external storage device, while others do not allow data to be printed out on hard copy.

Where: Cloud security is becoming much more stringent, but it still comes with certain risks. Therefore it is important to ascertain what types of data are suitable for cloud storage that can be accessed remotely and what types of data need to only be accessible onsite.

When: When you restrict access to certain data to only a limited number of people, there may always come a time when someone needs immediate access to it that doesn’t currently have it. In addition, as employees advance within the company and their roles change, they may need access to certain data that they did not need before. Therefore, it is important to institute policies and procedures that address changing access needs.