Making sure your assets are well covered

With data being viewed as a strategic asset, data governance programmes are essential to make sure it is protected, managed and used in a compliant way, discovers David Reed

Data is a strategic asset. If you are reading this, you certainly agree with that statement. Among those companies with a data governance programme in place, all but one views the information it holds in this way. And that one company was just not sure, which is a reasonable answer if your company is using data tactically

Given the extent to which the concept of the data asset has been promoted in recent years, it is not surprising to find high levels of agreement. What is more remarkable is the extent to which data governance programmes themselves have been adopted, with 43 per cent of companies have this structure in place.

In a relatively short period of time, data has moved from being viewed as a commodity to be exploited freely into a valued resource that needs to be protected and nurtured. Permissive data usage has turned into permissioned information strategies.

Even so, the picture of data governance programmes is diverse, ranging from the fully strategic down to the localised. The centrally-run data governance function is in place in just over one quarter (26.5 per cent) of companies with some form of governance, while a similar proportion leave it to IT to run centrally.

A slightly smaller number (20.4 per cent) have individually-managed data governance programmes in line with the corporate governance, reporting and compliance strategy. The same number have standalone projects run by individual functions. While all data governance is good, not all data governance programmes are equal.

One of the main reasons for the universal acknowledgement of data’s strategic asset value is the extent to which data has penetrated the enterprise. Think of a business function and it is hard to imagine how it would operate without data of some sort.

This is reflected in the involvement of various functions in both managing and funding data governance. As holders of personal information, it is only to be expected that 90 per cent of companies with a data governance programme have marketing involved. It might be assumed that lT would be engaged in more than 60 per cent of cases and legal having a stake in just 41 per cent of DG projects seems low.

Other key departments are sales and customer service (55 per cent each), while finance (31 per cent) and the board (24 per cent) are probably more advisory than managerial in their input. The biggest exposure is around the fact that Dot.com functions are only involved in 18 per cent of DG programmes – a high potential risk given the data-richness and high visibility of this channel.

Another reflection of the enterprise-wide requirements of a true data governance programme is the range of different job titles involved. In just under half of programmes, the MD, marketing director or operations director is on board, while the database manager is the most commonly found job title. Data quality managers and database analysts are also regularly involved. But only 10 per cent of DG programmes have data stewards, suggesting this function is still in its very early stages of development.

As the nature of many DG programmes reveals, there is a maturity curve which companies are progressing up in their moves to protect the strategic data asset. Further evidence of this is to be found in the core components of programmes and what they reflect about how governance is viewed.

Prime among the elements being addressed is data protection. As the most high profile issue facing any data controller, this is encouraging, especially as it forms the heart of 84 per cent of programmes. There is a gap to the level of awareness and training being practiced, which stands at 64 per cent, but this could also reflect the limited number of options for this currently available.

Data security has also had a high profile thanks to the continued efforts of hackers, spammers and phishers, and this is reflected in the 64 per cent who have processes for this in place. Data quality is also very visible internally and this can be seen in the 62 per cent addressing DQ as part of DG.

More sophisticated dimensions are still emerging, but are nearly all minority pursuits. Notably, there is a long way to go before supporting technologies – whether for data quality, data security or master data management – are fully implemented.

While all data governance is good, not all data governance programmes are equal.

Although data protection in its compliance sense is the most widely-addressed aspect of data governance, the most commonly-implemented solution is for on-premise data security (58 per cent). This undoubtedly reflects an IT-driven mindset of what governance should entail, while the deployment of in-house legal counsel by 44 per cent reflects the compliance-driven view. Data quality solutions have been introduced by 42 per cent.

Whether these technology aspects of data governance are meeting the expectations of data governance professionals is less clear. Only 13 per cent say they are extremely satisfied with their current data quality technology, whereas one third say they are merely quite satisfied. A further 22 per cent are neutral about their solutions, but one in five are somewhat dissatisfied and 4 per cent very dissatisfied. Whether this reflects limitations in the technology itself or the fact that technology is only part of the data governance process is not clear.

Among those companies who have yet to embark on a data governance programme, 22 per cent say they have no intention to. More positively, 17 per cent are currently considering it, while 22 per cent will be within six months and 14 per cent in 12 months. The remaining one quarter of current non-users expect to look at a DG project in the next one to three years.

The primary obstacles to doing so immediately are the lack of dedicated resource (36 per cent) and absence of a specific budget (31 per cent). One quarter say they lack specialist skills. Interestingly, 28 per cent say there is no clear business case for a DG programme. This will not be helped by the 22 per cent saying data governance is not part of their company culture and 14 per cent who say there is no executive support. Only six per cent just see the whole thing as too complicated.

Holding off has its perils, given the widespread use of business critical, personal or sensitive information, especially in marketing (75 per cent), finance (58 per cent), human resources (53 per cent), customer service (50 per cent) and sales (42 per cent). On top of this, data is being held by legal (33 per cent), operations (28 per cent) and Dot.com (17 per cent).

With so much important data across the business, but no process or technology to protect it and ensure it is used compliantly, the risk is that companies will experience a data security breach or data loss and not have any process in place to deal with it.