By Frank Cerwin
While attending a data conference session, I heard it said that it’s not appropriate to refer to a “government” for data governance. Why not?! Data Governance requires a governing body with many supporting bodies constituting a form of government. It’s not just about forming a Data Governance Council. Data governance must be inclusive of all involved parties and must be sustainable over many years with evolving business needs, technology advancements, and staff turnover. What’s needed is an easy to understand and proven data government model for data governance? [Full disclosure: My first IT job was in government].
There are always some data people who tell me that their organization has not implemented data governance when I survey my conference session attendees. My response to them is that every organization practice data governance. Ever since the first application was deployed in the organization, someone created the rules for the data and someone implemented the rules in a COBOL, RPG, or BASIC program. And this same approach continued as the organization’s application portfolio grew larger and larger. The problem is that this approach is what’s known as the ‘Direct Democratic’ form of government. In this form of government, everyone governs themselves. This obviously doesn’t work well when multiple business applications across multiple business units need to share and use the same data. There are also organizations that are proud to tell me they have a “Data Czar” – which is actually a form of government known as a ‘monarchy’. What happens when the ‘Czar’ departs the organization? They typically don’t have a succession plan and the government collapses and governance becomes chaotic.
The DAMA Data Management Book of Knowledge (DMBOK) defines Data Governance as “the exercise of authority and control (planning, implementation, monitoring, and enforcement) over the management of data assets”. In other words, the creation of rules, the execution of rules, and the action when rules are broken.
So, what form of data government should you strive to implement? The answer is a ‘Democratic Republic’. A ‘Democratic Republic’ is comprised of representatives nominated and chosen by their constituents to represent their interests, concerns, and well-being. In the case of data governance, this role is referred to as a “Data Steward”. Merriam Webster defines “stewardship” as the “careful and responsible management of something entrusted to one’s care”. Notice that the definition does not include the word “ownership”. That’s a topic for another article. Your local government may call this role a “Trustee”. Does this form of government sound familiar? It should because it’s the form that’s been used in our country for 247 years. And just like all responsibilities of government don’t fall under a single level, data has similar characteristics. Some data attributes are shared across several enterprise business functions and require a high-level broad level of oversight. Other attributes are shared only within a market or product line. While other attributes are used only within a business function’s application suite. Data attributes can be assigned to levels similar to federal, state, county, and municipal. There are over 30,000 cities, 3,143 counties, 50 states. Each upper level has jurisdiction and executive authority over the next level below it. Each of these government levels has three branches with assigned responsibilities: Legislative, Executive, and Judicial. The Legislative Branch makes the rules (think congress, state house of representative, county board, and municipal board of trustees), the Executive Branch executes the rules (think Dept. of Defense, Dept. of Transportation, Homeland Security, Police Dept., Community Development, and Social Services), and the Judicial Branch adjudicates violations of the rules (think Supreme Court, Dept. of Justice, State Court, and Circuit Court). Data governance requires the same branches to manage the lifecycle of data.
Government agencies inspect and issue permits to build (e.g., Municipal Community Development), certify quality (e.g., USDA), protect property and users (e.g., police and TSA), identify and authorize (e.g., Secretary of State), validate ownership (e.g., County Recorder of Deeds), and control movement (e.g., Police and Dept. of Transportation). Do all of these services sound vaguely familiar? They should. They’re the same services required to govern data.
Understanding and including all of the roles and responsibilities that people must play is required to implement an effective and sustainable Data Government. What roles align to the Data Government branches? Data Stewards, Legal Counsel, senior management, industry standards organizations, and a country’s and state’s legislative branch comprise the Legislative Branch of your data government. The data analysis, MDM development, application development, DBA, and data integration engineering teams comprise the Executive level. Finally, audit (both internal and external) and Information Security make up the Judicial branch. I include Information Security in this group because they typically not only assess but also grant variances or require immediate remediation of a rule violation.
Finally, just like lobbyists representing their own self-interests in all levels of government, the data government is no exception. You will have to deal with these folks who will attempt to influence and control policies, standards, implementation, and adjudication. It’s all part of running a government over the many years, staff changes, organizational M&As, and restructuring.