I have to admit, this is dull. But like most things that are dull (broadband router settings, industrial grade carpets, tax returns) policy and governance are necessary.
The term “shelf-ware” was probably invented to describe policy documents. I would imagine the vast majority of people reading this (i.e. at least two people) have never, ever picked up a policy document – and if they have, then almost certainly not read it cover to cover, and definitely not remembered it all.
Good policy is just like the rules of football. I haven’t read the complete IFAB (International Football Association Board) rule-book, nor can I cite the exact wording of the offside rule, but if I go and have a jumpers-for-goalposts kick-about in the park with some friends, we all broadly know what is acceptable and not acceptable in order for the game to function and not descend into anarchy.
Even without a referee, we can enjoy a good game. Yes, there will be the odd heated debate about whether it was “post-and-in” or a goal kick, but broadly speaking, the game will work without need for arbitration and… well, governance.
This is the goal for data policy. To underpin an appropriate way of working that people just “get”. This is achieved by people consistently doing the right thing, and passing on good behaviours by setting the right example.
My kids know that you can’t just hack someone down when they are through on goal, in the same way that (when policy is working) call centre agents capturing new customer data know they shouldn’t just enter “Mickey Mouse” in the name field because of the impact on data quality, or send a customer’s email address to their mate who has a marketing agency, because of data privacy.
But people don’t always do the right thing, and in edge cases they need guidance. This is why governance does need to exist.
Now, “Data governance” has a specific meaning, which is not necessarily as broad as “governance of data”. Data governance functions typically focus on ensuring that data is fit for use by the business. This means establishing ownership for different data entities (e.g. “customer data”, “employee data”), agreeing data definitions (e.g. what constitutes a “customer”), keeping track of where data is held in the business, checking the quality of that data, and fixing it when it is not fit for purpose.
Such functions nestle up alongside others such as data privacy (who want to ensure that data is handled in a manner compliant with privacy regulation) and data security (who want to keep data safe and secure). Also for a period, they had to interface with specialist GDPR teams which (in some cases) were separate entities.
All of the above are essentially responsible for the “governance of data”, and I would assert they should be more closely coupled than is typically found in many organisations – which see data governance, data security and data privacy as discreet.
In the next chapter I will focus on what it takes to make data governance work.
It won’t be really boring, I promise.