Data Governance is the ‘exercise of authority and control (planning, monitoring and enforcement) over the management of data assets’3.
What does this mean? Data Governance is the oversight mechanisms that formalise responsibility and accountability for data and its management in an agency. The purpose of Data Governance is to ensure data is properly managed, according to policies and procedures developed by the agency, and that people understand their responsibilities. It enables an agency to understand, manage and reduce risks, including security and privacy risks relevant to the data it holds.
3 DAMA International (2017).
Data Governance is a process for guiding and overseeing Data Management. It is a hierarchical relationship.
Data Governance oversees the activities related to data. It ensures there is accountability for data and that the appropriate policies are followed when working with data. Data Management refers to the agency’s practices that relate to the actual data itself. It is not a single activity, but a process related to all aspects of data usage, including acquisition, processing, storage, security, releasing, archiving and disposal. Effective data management ensures data is accessible, discoverable and useable when you need it.
Figure 2 – Relationship between Data Governance and Data Management
Establishing an ongoing Data Governance Program may involve:
- identifying what level of governance is required
- establishing oversight structures
- developing policies and procedures for data
- defining roles and responsibilities
- identifying agency data monitoring and audit topics to assess how well data practices are being implemented
- identifying risks and management/mitigation strategies
Developing an ongoing Data Governance Program demonstrates that an agency understands that its data has value and needs to be looked after accordingly. A Data Governance Program must have a clearly defined purpose for it to be beneficial. It should be established and formalised to the degree that is appropriate for an agency’s needs and culture.
A Data Governance Program does not necessarily require a whole new governance structure be created. Indeed, a Data Governance Program is easier to establish and generally more effective if it is integrated with, and leverages, existing governance processes.
There are several key elements to a successful Data Governance Program:
- Appropriate style of governance
- Senior executive support
- Staff buy in
- Scope of governance program
- Defined roles and responsibilities
- Relevant policies and procedures
- Clear implementation and review plan, including a Data Governance Framework
Consider the style of governance
There are many different styles of governance. A style that suits one agency may not suit another; a mixed approach may suit somewhere else. The following are some examples of Data Governance styles that could work within an agency:
Examples of Data Governance styles include:
- Centralised Data Governance – All data governance activities are overseen and set by a central body or authority, across all business areas.
- Replicated Data Governance – The same method of governing data is adopted by multiple business areas, but there is no overarching authority.
- Federated Data Governance – The data governance is coordinated across multiple business areas to ensure consistency.
(For more information see: DAMA International Data Management Body of Knowledge)
- Non-Invasive Data Governance – The data governance is applied to existing policies and procedures, without imposing new ones or unnecessary burden. The principle is to augment existing practices. Responsibilities are formalised where they already exist and not assigned to anyone who is not already undertaking the role in their day-to-day work (Seiner, 2014).
(For more information see: The Data Administration Newsletter)
Senior Executive support and champions
The Data Governance Program needs to be supported by Senior Management, particularly a Senior Data Leader, so it receives the attention it needs to be successful. Having many data champions within an agency, beyond the Senior Data Leader, helps bring all staff on the journey and promote the benefits of a Data Governance Program.
Data Governance is most successful when it is collaborative. Areas with data holdings should be supportive of a Data Governance Program. However, there may be resistance, particularly where the Program is perceived as creating more work or diverting resources. Consultation and communication can help and with persistence, resistance will often dissipate when benefits are shown.
A Data Governance Program should be implemented through a collaborative effort between:
- those responsible for formalising Data Governance (the Data Governance team or Data Policy team where they exist, or the equivalent if such teams have not been created within an agency),
- business areas (those responsible for managing and working with data on a day-to-day basis),
- corporate areas (those responsible for other levels of corporate governance)
Through working collaboratively, the team responsible for Data Governance can discover what data practices are currently in place, determine whether those practices are fit-for-purpose and where there are gaps. This team can then work with the business areas to formalise and enhance their processes, accountabilities and responsibilities.
Scope of Governance Program
A Data Governance Program must help ensure that an agency’s data can support business activities and agency goals. Having a Business Strategy and/or a Data Strategy in place will outline the direction an agency wishes to take in improving its data practices and gives purpose to the Governance Program.
It is important to consider Data Governance in the context of the existing governance processes within an agency. Many agencies will already have governance processes for information and records management, information and IT security, project implementation, organisational decision making, etc. A Data Governance Program can ‘lean on’ these existing processes and build upon them to ensure data is effectively governed.
It is also important to consider what needs to be governed: what data processes need oversight, what practices are currently in place, what existing practices need formalising. Using a Data Strategy and supporting state analysis may assist in this process.
In considering data governance, the question of ‘how much control or governance?’ needs to be answered. The level of oversight to apply to the data depends on its sensitivity and the legislation, rules and guidelines that apply. Does the agency deal primarily with sensitive data that needs to be tightly controlled so decisions about the data need more consideration and clearance? Can decisions about data be made locally within data teams? Is the culture of the agency risk-avoidant, or is it more comfortable with risk and in need of additional ongoing oversight?
Understanding what needs to be governed and how much governance is required will help an agency determine what ‘style’ of governance is needed; it must be the right fit for the culture and context of the agency.
Define roles and responsibilities
Defined roles and responsibilities for data ensure accountability. The definition and implementation of roles and responsibilities should be a collaborative effort with the business and potentially IT areas. It may also be more effective to formalise the role of someone who is already actively managing data assets for which they are responsible (i.e. formally appoint them as ‘Data Steward’), rather than imposing a role upon someone else.
Agencies may wish to consider training to support staff assigned to certain roles, for example, data stewardship training for data stewards. This helps staff understand the responsibilities, accountabilities and expectations of their role.
Develop policies and procedures
Policies and procedures outline the rules for working with data. These should be developed in collaboration with areas responsible for implementing and complying with the policies. It will ensure they are workable and their implementation is supported. It may be helpful to engage with other agencies when developing policies and procedures. You can learn from their experience, 18 Office of the National Data Commissioner it can lead to similar approaches for similar data types or situations being adopted, and it will help promote consistency across the public service.
Data policies can be high level, but due to the varied nature of data work, some procedures may need to be more specific and localised.
Examples of areas that may require formalised data policies and procedures include:
- Data access
- Data security
- Data storage
- Data retention and disposal
- Metadata management
- Cataloguing data
- Data quality management
- Handling sensitive data
- Releasing data
Data Governance Framework
A Data Governance Framework is a written document that defines the context for governing data within an agency. It may reference:
- legislation relevant to an agency’s business processes
- whole of government data policies and initiatives
- strategies and policies internal to the agency
- committee structures and reporting relationships
- roles and responsibilities of various data stakeholders
- the policies and procedures related to data, developed by the agency
The Data Governance Framework should align with an agency’s Information Governance Framework. The Information Governance Framework will be broader than the Data Governance Framework as it will include all of an agency’s information and records (emails, documents, etc.). The Data Governance Framework will specifically focus on data. Some agencies may choose to have a single Information Governance Framework covering information and data, others may choose to have separate but related frameworks.
A Data Governance Framework can follow the same structure as an Information Governance Framework. The National Archives of Australia’s Information Governance Framework4 provides a useful structure for a specialised Data Governance Framework.
The Data Governance Framework should be endorsed by Senior Management to provide authority for the Framework.
Implementing an ongoing Data Governance Program will take time and involves cultural change, so a progressive roll out may be beneficial. The Data Governance Program can be developed as a whole, but then implemented piece by piece. For example, if consistent data cataloguing has been identified as an area to improve, an agency can start by developing a policy to mandate the registration of all data an agency holds and then develop consistent procedures for cataloguing data.
To ensure successful implementation, the Data Governance Program will need to be promoted and staff kept informed about the program and its benefits. This task is easier if the program has been developed through a collaborative and consultative approach.
Implementation will also be easier if the program has received Senior Executive endorsement and there are champions within the agency to promote and drive the data governance agenda.
Periodically reviewing and evaluating the Data Governance Program helps to ensure it remains fit-for-purpose. It is important to test whether elements of the program are working effectively and continue to meet agency needs.
- Australian Government Information Management Standard (National Archives of Australia)
- Data Governance and Management (National Archives of Australia)
- Information Management (Queensland Government Chief Information Office)
- Data management and use: Governance in the 21st Century (British Academy for the humanities and social sciences, and The Royal Society)
- Data Management Framework (Office for National Statistics)
- New Approach to Data Governance (Statistics New Zealand)
- Data Management Body of Knowledge (DAMA International)
- Non-Invasive Data Governance (Seiner, 2014)
- The Non Invasive Data Governance Framework – The Framework Structure (Seiner,2019)
- Data Governance Operating Models Exposed (LightsOnData, 2018)
- Working with Data (Australian National Data Service)
Questions to ask:
- Has accountability and responsibility for data and data initiatives in our agency been clearly defined?
- Are there senior executive officers responsible for, and championing, data?
- Who should be involved in the development of the Data Governance Program?
- Who needs to be convinced of the benefits of a Data Governance Program? Has staff support been secured?
- What will the role of mid-level staff, like data stewards and custodians, be?
- What needs to be governed?
- What governance processes are in place and can they be leveraged?
- What style of governance is appropriate?
- Has a governance framework been developed to support the implementation of the Data Governance Program?
- Have roles and responsibilities been clearly defined in the Data Governance Program?
- Have policies and procedures been clearly developed? Are they visible and easy to find?
- Who needs to endorse the Data Governance Program for it to take effect?
- Is there a clear plan and support for implementation?
- How can the Data Governance Program be best communicated?
- How will the Data Governance Program be reviewed for effectiveness and relevance?