I’ve been reflecting on the past year and one big focus area was data governance. Rolling out a data governance program along with an Information Security Management System (ISMS) is a big job for a large and complex organisation, and it is a multi-year project. We are in year two of the data governance program and over the past few years there have been a number of lessons learned.

It is all very easy to throw up one’s hands and say that it is all too hard, that data wants to be free, or that governing data is impossible. Yet to enable new ways of analysing data (and dare I say it, big data), and for effective cyber security management, we must work out how to do data governance.

Tips for getting a data governance program started

1. Clarify your mandate. Get your policies and procedures sorted out early. An official policy clarifies your mandate for running the data governance program and can assist in obtaining buy-in.  My starting point was a definition:
   

   “Data governance is the organization and implementation of policies, procedures, structure, roles, and responsibilities which outline an enforce rules of engagement, decision rights, and accountabilities for the effective management of information assets.”

   Source: John Ladley, Data Governance: How to Design, Deploy and Sustain an Effective Data Governance Program, 2012

2. Setup an effective governance structure. This seems like an obvious thing, but many organisations struggle with this. Getting the right structure setup and the right people involved is critical to success. I have setup a Data Governance Steering Committee (DGSC), which has oversight of the entire program, with cross-organisational executive involvement, and it has been very important in obtaining credibility. The DGSC is supported by another Committee, which takes a more hands-on day to day role in deciding how we manage data across the organisation. We also work closely with IT, Privacy, Procurement, and Legal  to ensure that they are involved in the data governance program.
3. Make a start. Typically in a large organisation it can be daunting to consider data governance and to know where to start. Find an area of the organisation that has some willing people and just get started. This lets you demonstrate success and leverage that success to get the next area of the organisation involved.
4. Take inspiration from other organisations. Don’t feel the need to invent data governance from scratch. Talk to other practitioners – they’re usually delighted to find a fellow traveler. Find groups where data and information governance folks hang out, like The Data Governance Institute: The DGI, Information Governance ANZ or the Data Management Association Australia (DAMA). The kind folks at DG @ Stanford University were particularly helpful to me in the early days. Of course check out my Data Governance website at UNSW Sydney, where we have shared our policies, processes and practices.
5. Ignore the vendors. there are a plethora of vendors who say they have solutions for data governance. Ignore them. It is not about the tools, it is about practice and culture.