Data governance is a set of processes that makes sure an organization’s crucial data is managed formally, effectively and efficiently by all of the users, throughout the whole business. It also ensures that data is reliable and can be trusted with everyone being held accountable for any adverse event due to error or low quality data.
The focus is on putting people in charge of preventing and correcting any issue that may arise with the enterprise’s data so that the whole organization can become and remain more efficient. Data governance is also an evolutionary process for a company, that alters the company’s thinking and initiates a process to handle information so that it may be utilized by the entire organization.
Over time, it is likely, organizations have created multiple copies of their data to serve a variety of purposes. These various views of an organization’s data may overlap in some instances, resulting in duplicate data.
On the other hand, there may be some information that is known only to the user that is specifically interested in that type of information and still other data that isn’t represented at all. This is why data mapping is a crucial tool in data governance.
Data maps that exist within an organization’s data governance include:
eDiscovery Data Maps – These maps are required by the Legal department to support their need to know where locate information that is relevant to litigation, audit and government investigations.
Records Retention Schedules – These are often developed and maintained by the Records Management department, and identity official company records and the time periods these records are to be retained in order to meet the organization’s legal, regulatory and operational requirements.
Application Profiles – Information Technology may maintain these maps to identify the key structured data systems under its management. These profiles may identify the system name and owner, as well as other technical information needed by IT.
Information Security and Data Classification Inventories – These maps identify systems or storage locations that contain sensitive and private data. Often identified by the Privacy Office or Information Security, these systems or locations warrant enhanced control and protection against breach or attack.
Privacy Data Flows – These show the path that privacy and sensitive information takes from the point it is acquired from the customer or employee to the point it leaves the organization.
An organization needs a comprehensive understanding of all of its data, and the value of that data, from several different perspectives, including regulatory requirements, privacy and security, business importance and cost. Without a comprehensive view, an organization risks falling back into the habit of siloed information management.
One of the first tasks of the Data Governance Team should be the development of an all-inclusive map of the organization’s data to provide the baseline for assessing whether its Data Governance objectives are being obtained.
Often, the organization’s record type inventory is a good place to start adding relevant fields of information regarding storage location, security classification, specific sensitive information contained and how the data flows through the organization.