Think data governance is an IT issue? It’s actually all about behaviour
In the first blog of this series, I talked about the four components of data governance: ownership, access, quality and security. Technology plays a significant role in helping institutions manage all of these components, but at the end of the day, it’s the behaviour of the people using the technology that determines whether data is being used to drive institutional success.
Data governance is about controlling the way people behave with regard to data and data technology. Specifically, it:
- identifies the appropriate people to steward and govern various types of data;
- sets policies outlining appropriate rules of behaviour;
- and embeds those rules into everyday processes across the institution.
Here’s a brief look at how effective governance of people, policies and processes supports technology ownership, access, quality and security.
Supporting data ownership
Assigning individual owners or stewards for each type of data is the key to clarity and accountability. Each owner should be intimately familiar with where the data lives, how it’s defined and whether it’s being interpreted consistently across the institution.
Of course, there may be multiple people with a stake in how specific data is governed. For example, the registrar may own one type of student data and the admissions office another. That’s why roles should be clearly documented. Policies should dictate who can make decisions about what. If the decision one stakeholder makes can impact another (for example, changing a single code can have unintended ripple effects), there should be processes in place to resolve—or better yet, prevent—the inevitable conflicts.
Supporting data access
There are three good reasons to control who can see what:
- Failure to comply with privacy regulations can result in both financial and reputational penalties.
- When administrative staff don’t trust that access and privacy are tightly controlled, they are reluctant to share information that could benefit institutional decision making. Silos deepen, insights stay buried.
- Ensuring that people are accessing information most relevant to their jobs just makes good sense.
Governing data access starts by asking who is allowed by law to access sensitive data—including teaching and administrative staff, students, family and the public. The next step is to map who needs access to which data in order to make decisions that impact every area of the business. Set policies around how credentials are assigned and develop processes to ensure credentials are revoked when people leave or change roles.
Supporting data quality
Everyone knows the frustration of dealing with “bad data.” It’s missing, it’s out of date, it doesn’t match or you know from experience that you just can’t trust it.
More data than ever before is flowing into institutions. However, directing it to the right system, giving it the right name and keeping it up to date is harder than ever. That’s where rigorous governance comes in.
When it comes to bad data, the culprit is usually data entry errors or changes to codes or terminology that are not communicated to all stakeholders. Individual data owners—as well as cross-functional governing bodies—should establish standard data definitions, rules for data usage, policies to maintain regulatory compliance and processes for quality control.
Supporting data security
Data privacy and security is consistently ranked as one of the top challenges facing higher education today. While IT often leads the charge, security is as much about people as technology.
Most institutions lack comprehensive policies governing how people display data (like sharing spreadsheets with private information), fail to ensure compliance with regulatory requirements (like those governing student privacy or financial transactions), or inappropriately share data internally and with third parties. It’s a daunting task to map which policies are missing or outdated and how they impact various people and functions across the institution. It’s even more work to refine systems and processes to enforce the new policies you put in place, but considering what it could save the institution in financial and reputational damage, this is an area of governance that provides great value.
Putting it all together
The graphic below provides a quick snapshot of the elements of data governance I’ve covered in the previous blogs.
Other blogs in this series:
Are you drowning in data?
Breaking down the silos