6 Data Governance Best Practices in 2020

Checklist of data governance best practices

Data governance is an essential practice in today’s digital landscape, but it's a broad topic that needs to be deeply understood in order to be implemented efficiently and effectively. Building on the information we introduced in our previous post (“What is Data Governance?”), we’re going to use this blog to look a little further into the topic of data governance.

Our primary goal here is to answer the question what are data governance best practices. By outlining and explaining a few popular methodologies for data governance, we hope you and your organization will be better prepared to execute a successful data governance strategy.

This can help you discover specific ways to ensure you’re getting the most out of your organization’s data governance program and framework.

What is Data Governance?

Before we get into best practices, let’s do a quick review of what we learned in our last post.

With so much data residing within the systems of today's organizations, data governance has the potential to affect an entire organization far beyond the scope of information security and technology. As a result, the outcome of implementing a data governance program can impact both an organization's operations and bottom line.

That's why it's so important to first understand the term "data governance" and its related concepts before beginning to evaluate your organization's current state of data management.

A popular definition of data governance is the establishment and subsequent execution of consistent rules, processes, and procedures for managing data to ensure it is handled appropriately, thus maintaining the quality and organization of that data.

In today's technological environment, data is an extremely valuable asset that provides utility and insight to nearly all business processes, so understanding and practicing proper data governance can help maximize the value of data, ensuring it remains accurate, accessible, and useful.

In addition to understanding the quality and location of your data, data governance can help you determine how to sufficiently protect it to satisfy regulatory obligations for PII compliance and standards for other data types. Without sufficient data governance, data within an organization can quickly become disorganized, useless, and a dangerous liability.

Data Governance Frameworks

A data governance framework defines the parameters of a data governance program. It provides your organization with guidelines for which people and departments should be responsible for managing different types of data, and it establishes the processes and procedures they should follow when handling that data.

Ultimately, this framework should be informed by an overall business goal related to the value your data is serving. In other words, it should make your data—and your business—better.

Data governance best practices framework

What are Data Governance Best Practices?

Data governance can provide valuable insight into how your organization processes, stores, and transmits data—and whether those people, processes, and technologies are the best ones for you. By evaluating how data is handled and used, you can begin to outline best practices and then implement them in your pursuit of optimal data stewardship.

Remember, though: Every organization is different. These best practices are meant to serve as general guidelines—not a universal, comprehensive plan—for developing and delivering an effective data governance program. Think of them as a starting point.

DATA GOVERNANCE BEST PRACTICES: NO. 1 ESTABLISH GOALS

Before you begin building your data governance program, it's crucial to first establish goals for the program. Because every organization is different, no one-size-fits-all approach exists for data governance.

Each organization will have its own unique set of processes and needs that must be considered when developing an effective data governance strategy, so start by trying to determine what you hope to achieve by better managing your business's data.

For example, your organization might want to make sure it knows where all of its sensitive data resides. Or, you might want to do a better job of restricting certain data types to specific areas of your environment. You might even want to review all of the data in your possession to ensure it's usable and up-to-date.

Goals like these can help inform the creation of your data governance program.

DATA GOVERNANCE BEST PRACTICES: NO. 2 MAP DATA

Once you have established the goals for your data governance program, you can begin performing a mapping exercise to determine the scope of data in your organization. You'll want to identify the data you possess, locate where it resides within your network and other environments, and determine where and how it moves throughout your organization. Once you've mapped the flow of data, you can better understand your organization's data environment and how it can be improved.

DATA GOVERNANCE BEST PRACTICES: NO. 3 EVALUATE RISK

Processing data of any type comes with risk. Whether that risk exists in the form of a potential breach or corruption of data, organizations can—and should—attempt to mitigate that risk whenever possible.

Certain regulatory compliance obligations—such as the PCI DSS, GDPR, CCPA, and NACHA Operating Rules and Guidelines—must be met in order to work with certain data types.

Meeting these requirements can help an organization reduce its risk for breaches or exposure, but it does not completely eliminate that risk. Organizations should evaluate the security of their technologies—such as tokenization or point-to-point encryption—systems and procedures and weigh the risks of those processes against their business needs to determine what level of risk is reasonable for them.

Learn how tokenization can reduce the scope of PCI DSS compliance by downloading our "PCI Descoping" ebook today.

Get your free ebook

DATA GOVERNANCE BEST PRACTICES: NO. 4 ASSIGN "DATA CONTROLLERS"

In order to successfully implement a data governance program, organizations must entrust the ownership and management of their data to individuals and departments within their companies. Determining who these "data controllers" should be and defining what their responsibilities entail is an integral part of this process.

Controllers will act as the stewards of an organization's data, tasked with enforcing the data governance framework to ensure the appropriate purposes and measures for retaining data are followed.

DATA GOVERNANCE BEST PRACTICES: NO. 5 ADOPT DATA-CENTRIC SECURITY

In order to meet the many international regulatory compliance obligations of processing, storing, and/or transmitting sensitive data, organizations must maintain data policies that include measures for data protection and data privacy both by design and by default. These aims can be accomplished with a data-centric approach to security within your overall data governance program.

By focusing foremost on the security of data—rather than merely attempting to meet minimum compliance requirements—you can ensure that data is sufficiently protected, thereby minimizing risk and maximizing compliance at the same time.

DATA GOVERNANCE BEST PRACTICES: NO. 6 PLAN IMPLEMENTATION

This is the final step. You've already outlined your data governance program based on the solid data governance framework you established earlier. Now you need to determine how best to transition from your old practices to your new ones.

Not all of this can happen overnight—some initiatives will be easier to implement than others. But by determining which aspects of the data governance program should be introduced in what order, you can maximize the effectiveness of its rollout while minimizing its chances of setbacks—or worse, failure.

Again, each instance of a data governance program is unique to its organization, and organizations change over time. Don't be afraid to re-evaluate your existing program and refine it to meet your organization's changing needs.

Understanding Data Governance Practices

Data flow for data governance practices

A data governance program is only as good as its execution. The ideal foundational framework followed by a perfect plan can be ruined if the program itself is implemented poorly or best practices aren't followed.

We hope you'll use these six data governance best practices as helpful guides to assist you in your development and implementation of a successful data governance program. Understanding how to introduce an efficient and effective data governance program to your organization is the first step toward optimal data stewardship and the benefits of better data that come with it.

Topic(s): data security

Keep Up With Our PCI & Privacy Blog