In this post, David Roe reports on the findings of Information Coalition’s (IC) Information Strategy 2017 report to which, unfortunately, I do not have access. Roe states that despite years of talking about information governance and compliance, less than half of companies surveyed have a compliance culture — and many companies apparently have no governance strategy at all …. [and] rate their organization’s information-related metrics as severely lacking. In fact, they add, employees turn to unauthorized apps to get the information they need to get their work done.
The study used the IC Information Governance Model as the benchmark to assess the effectiveness of information governance efforts:
- Authorities: Clearly defining the roles and stakeholders that should be a part of your Information Governance effort
- Supports: Supports must underly [sic] your Information Governance efforts to ensure ongoing, sustainable success
- Processes: Processes exist to ensure that your Information Governance efforts are actionable.
- Capabilities: Starting with creation through to disposal, information moves. You must have these capabilities to enable that movement.
- Structures: From technology structures to taxonomic structures, the Information Governance model covers it all.
- Infrastructure: While planning is fundamental, at some point the technology must align completely.
I have given presentations to members of government agencies about information governance. The response I often receive is that they are aware of the need for, and the principles of, information governance. The challenge, it seems, is translating that knowledge into specific action. Clearly, much more work still needs to be done.
In this article, Robert Seiner talks about the difference between the states of data anarchy and governance. Seiner points to the large amounts of personal data that each of us generates, often without being aware of doing so, and the state of anarchy in which this data exists. This state of affairs exists similarly for business data. Seiner distinguishes between data anarchy and data governance as follows:
- There is no clearly defined formal accountability for the definition, production, and use of data.
- There is no one responsible for overseeing subject matters of data as a cross-business asset.
- There is no formal process for escalating data issues to a strategic level that makes decisions.
- There are irresponsible investments and management of high profile data-related projects.
- There are inefficient/ineffective processes associated with leveraging data for decision-making.
- People that handle data are uncertain of the rules associated with sensitive data.
- People that [sic] define, produce, and use data are held formally accountable for following the documented and communicated rules associated with defining, producing and using the data.
- There are people that have the responsibility for managing data across business areas, business functions, and major data integration projects.
- There is formal accountability for following an agreed upon process to escalate data issues to the appropriate level of the organization.
- Investments and high-profile data integration projects are strongly vetted with an intent focus on the data requirements of the organization.
- Business and technical processes associated with managing data are formalized, and people are held accountable for following the processes.
- People that [sic] handle the data are well-versed and audited in following the rules associated with protecting sensitive data.
Seiner suggests that many organizations are in a state of data anarchy: The truth is that many organizations know what they want but they don’t know how to get it. Organizations must move from data anarchy to data governance if they want to get the most value out of their data. It’s all in the data.
Dave Wells provides a very good discussion of the importance of making ethical decisions regarding information. Wells suggests that information managers need to consider the following matters:
Informed Consent: Should individuals be provided with full disclosure about the data that is collected about them? Should collection and use of individuals’ data be subject to their agreement?
Anonymity: Should all personally identifying information be eliminated from the data? Should data be collected only in the form of aggregates such that individuals can’t be identified?
Confidentiality: Should sources and providers of data be protected from disclosure?
Security: To what degree must data be protected from intrusion, corruption, and unauthorized access?
Privacy: To what degree should individuals have the right to determine which data about them can be shared with third parties?
Accuracy: What level of exactness and correctness is required of the data?
Ownership: Is personal data about individuals an asset that belongs to the business or privately owned information for which the business has stewardship responsibilities?
Honesty: To what degree should the business be forthright and visible about data collection, protection, and usage practices?
Responsibility: Who is accountable and at what level for use and misuse of data?
Transparency: On a continuum with polar extremes of “totally open” and “stealth data collection,” what is the right level of transparency?
Wells provides a useful matrix to demonstrate the need for ethics in information governance:
Robert Seiner takes a unique approach to addressing the need for data governance by writing an open letter to a generic company about the implementation of a data governance policy. The letter is addressed to data users, rather than to senior management, which I think is an important point. So much of the literature about data governance focuses on the need to convince senior management about its importance – which is essential, of course – but does not necessarily address the average person in a company who produces and uses data. This letter could serve as a useful template by which to discuss data governance with employees. Steiner includes this handy graphic:
In this post, Robert S. Seiner, publisher of The Data Administration Newsletter (TDAN), summarizes, compares, and contrasts the following approaches to data governance:
- The Command and Control approach,
- The Traditional approach, and
- The Non-Invasive approach.
The matrix below provides a useful overview of each approach: