Is effective data governance a possibility for organizations today?
Data governance is about governing data in business systems based on internal data standards and data usage policies. All businesses must comply with data governance, but the problem today is that there is simply too much data to manage.
Effective data governance normally ensures that data is not misused. As such, regulators continue to keep tabs on how organizations manage and store their data, especially with cybercriminals continuing to target corporate data.
Today, data governance policies cover a wide range of areas. Companies ensure that they have sufficient standards and plans to also meet local compliance and regulatory requirements. This includes having a data governance framework in place to implement the procedures that are performed by data stewards.
For more on data governance, specifically data protection, David Corrigan, general manager of data governance for quality and privacy at Informatica, shares his insights with Tech Wire Asia.
Should the APAC region work together on a global data governance policy such as GDPR?
The proliferation of data today only means that cross-border data flows are more crucial than ever, especially for businesses looking to fully exploit the power and efficiency of cloud solutions. As companies ensure their data is well integrated with cloud solutions, data protection and privacy can never be overlooked. The GDPR imposes a high level of security and transparency on companies in the processing of personal data, maintaining the integrity and confidentiality of the data collected while protecting it from threats. This is particularly crucial in Asia, as it is one of the the most advanced digital societies in the world.
We have seen countries in the APAC region come together to discuss and agree on digital commitments, and one example is the ASEAN Digital Economic Framework Agreement (DEFA). The agreement aims to standardize the rules and functions of digital commerce such as cross-border data flows, which will allow companies to generate more efficient, regulated and secure data flows. Much remains to be done in terms of regulatory rules on data governance and privacy, and this is an opportunity for nations in this region to get it right to ensure the sustainability of their businesses and seize the opportunities and the growth.
How can businesses be more empowered or incentivized to be more proactive in protecting privacy and protecting customer data?
Brand trust goes a long way. 86% of customers expect brands to go beyond their businessand will not defend the brand once the trust is lost. 80% of the APEJ organizations also plan to increase investments in security compliance automation by 15% by 2023 – to prove to customers that they are taking extra steps to protect their data.
Businesses should also be more proactive in enforcing a data governance framework – creating a strict set of rules and processes for collecting, storing and using data. The framework ensures that policies and rules apply to all data in the organization, streamlining and scaling core governance processes while maintaining compliance no matter how fast data volumes grow.
Trying to drive modern data governance without having the right policies, frameworks, and technology in place is risky business. Modern, technology-driven data governance protects and mitigates personal and sensitive data risks through the establishment of key compliance actions such as:
- define regulated data,
- determine how, why and where your business uses regulated data,
- manage consent and usage rights, as well as
- assess risk exposure on an ongoing basis so that data can be protected and purged accordingly
With a holistic data governance framework, companies will ensure they comply with regulatory mandates such as GDPR, protecting and mitigating the risks of mishandling sensitive data. Having a data governance program also prevents any cracks from forming in our data privacy practices, and trust can then be established and maintained between the organization and customers.
For this, organizations need to be one step ahead – ensuring that personal and sensitive data is fully protected – with a comprehensive governance framework covering data cataloging, identity mapping, risk analysis and protection.
What is the overall business value of data governance and privacy, and how can it be reflected in value streams?
Good data governance ensures that data is always readily available, of high quality, secure and relevant to the organization – enabling value creation, while ensuring data protection. Today, CDOs are tasked with driving business value by providing quick and easy access to high-quality data to accelerate decision-making.
A data governance framework allows the business to define and document standards, accountability, and ownership. With a unified view of data created across the enterprise, data relationships and lineage, classification and collaboration naturally follow suit. This helps companies create a strong and secure data marketplace where people across the organization trust that shared data is usable. To map it to value streams, organizations need to populate their data marketplace shelves with data that would help support both business and stakeholder goals. Based on this knowledge, your data market would then possess useful information, accelerating the time to value, enabling informed decisions to be made.
Data itself is a currency in today’s digital world. If you manage and govern it the right way, you are protecting an incredibly valuable asset that will increase in value if the right decisions are made.
How can companies develop impact assessments for data collection, use, disclosure, and processing, while supporting privacy and compliance efforts?
The key to ensuring the accuracy of impact assessments while supporting privacy and compliance efforts is to ensure there is ongoing review of four critical data management activities:
- Data gathering
- Preservation and archiving
- Data usage
- Create and update disclosure policies and practices
Companies with a robust and scalable data governance program will have an advantage when developing impact assessments, as they will be equipped to accurately assess data risks and benefits in less time and take more decisive action based on reliable data. Stepping back, organizations need to set and manage data governance policies to clarify what data is critical and why, who owns critical data, and how it can be used responsibly.
Organizations will then be able to identify and understand sensitive data across all data platforms and use this information to develop and implement data protection and remediation plans and policies. The data can then be managed with fast and efficient data protection capabilities at scale, including dynamic masking, encryption, and persistent data masking.
Overall, ongoing monitoring of data collection, use, disclosure and processing will be essential to tracking success and impact, while protecting sensitive information, supporting privacy efforts and compliance.