How to Stay Compliant While Using Novel Datasets
Now that e-commerce, the internet of things (IoT) and remote work are more prevalent than ever before, companies are collecting and storing ever-increasing amounts of digital information. At the same time, next-generation data lakes and warehouses are providing unprecedented visibility into this information across a range of functions and departments. Some see these novel datasets as opportunities for monetization. Others want to use them to create new products, improve processes or perform predictive analytics. Whatever the ultimate business objective, adherence to compliance and legal restrictions is a must, as is minimizing the reputational and legal risk from data breaches. But what’s the best way to do that in these complex environments? Where should IT organizations focus to ensure that their companies remain compliant while taking full advantage of one of their most valuable assets—data?
Here’s what your organization can do to improve data governance and ensure that new datasets are used not only optimally, but also responsibly and securely.
Prioritize Data Governance as a Strategic Business Initiative
Data governance is not solely an IT or a business function; rather, it is a cross-functional concern requiring close cooperation between IT and business stakeholders. Business leaders tend to view data governance as a purely technical paradigm. But in assigning IT all that responsibility, they are neglecting to recognize that data has become a fundamental business resource with invaluable impacts throughout every aspect of the business. IT must remedy this disconnect and stress how critical it is for IT and the business to collaborate on issues of data governance and privacy. One of the first steps in this journey is making sure there is agreement on the basic terminology and frameworks being used. Make it a point to verify that IT and business leaders are on the same page when discussing “platforms,” “systems,” regulations governing privacy (such as GDPR and CCPA), etc. Then, continue to find common ground as you proceed to work together on data governance issues.
Develop Access and Creation Processes
Organizations should establish well-defined processes and specific teams that are authorized to approve access requests to datasets and to authorize the creation of new ones. Data stewardship is the set of practices surrounding data governance in all phases of the data life cycle. When working with business leaders on matters regarding data stewardship, it is essential to delineate clear lines of accountability between teams. Typically, IT oversees safeguarding and giving access to data, while the business owns the data and assumes responsibility for its creation, preparation, cleansing and usage. Defining these parameters upfront minimizes confusion and creates lines of accountability that are straightforward and unambiguous. A best practice is for subject matter experts from different functions to work together with compliance and audit personnel to form a strong cross-functional team that can serve as a single authority on questions around data governance.
Understand How new Datasets are Being Transformed
IT is well-versed in managing security and auditing access to data. However, many IT organizations have not been focusing on how datasets are being transformed by the departments that use them. For example, anonymizing or aggregating data can introduce compliance and legal implications that are so subtle they are often overlooked. Be aware of these edge cases. Reach out to subject matter experts or data product managers for insights about how other departments are using the new information that’s available to them.
Consider Adding an Extra Dimension to Security Policies
With so many employees working remotely, data access is no longer simply a function of job responsibility or team membership. Instead, an employee’s physical location can actually impact which datasets they can use. For instance, some sensitive datasets may have strict requirements about which countries/locales they can be accessed from. To solve this, companies must educate their employees and enforce that their internal systems can only be accessed from authorized devices via a VPN solution. Then, they must create new policies to ensure that the VPN only allows access from authorized locations. Although VPNs have been in use for quite some time, it is all too common for knowledge of the compliance issues surrounding different datasets to be scattered across the company. Do not be surprised if your remote workforce needs multiple reminders and refreshers about VPN use. In addition, since the IT organization maintains the software systems that host data and writes code to process that data, IT is also responsible for developing the special tooling certain datasets require (e.g., regulations like GDPR and CCPA may require IT to support deleting or suppressing specific records).
Explain the Benefits in Detail
Change management is an integral part of all successful enterprise-wide data governance initiatives. Some leaders may not see the benefit of improved data governance to their department or team. Others may fear that modernizing data governance processes could instill a ‘culture of no’ within the firm. Still others may perceive their own roles as being diminished or changed. IT needs to help company leaders across the enterprise understand the real-world benefits of improved data governance policies for the novel datasets being used for new business objectives. Point out that there are advantages at the individual level—employees who use good data can do their jobs more quickly, accurately and reliably. Then add that beyond those kinds of personal benefits, good data governance is critical to achieving the desired business objectives. It saves time, enhances efficiencies and preserves reputations, while also—and perhaps most importantly—enables better strategic decisions.
Start Small, Iterate and Keep Going
Improving data governance won’t happen overnight. But that doesn’t mean it has to take forever, either. Many companies embrace a phased approach, starting with a certain subset of information (e.g., customer data, vendor contracts or finance) or a particular issue of concern (e.g., standards, data privacy and quality or business intelligence). Focus on the areas that need the most improvement first, starting small and then leveraging wins to keep pressing forward. The eventual goal is to build data governance into every dataset, novel or otherwise. Simply put, data governance cannot be an afterthought for IT. Data processing systems must be designed with governance requirements specified upfront for them to be effective.
Fueled by shifts in how we work, shop and live, data is going to continue to stream into companies from a variety of sources at ever-increasing rates. That means data governance will continue to be a top concern not only for IT but for the business as a whole. Take advantage of this heightened awareness to strengthen collaboration, reboot your data governance strategy and move forward in ways that are efficient, effective and truly data-driven. Clearly, the companies that take the time to create clear lines of communication and well-defined roles and responsibilities will be those that succeed at this new data game.
