Do you remember the show The Mythbusters that premiered in the early 2000s? A creative duo would scientifically evaluate and challenge myths to “bust” them. I consider myself a bit of a myth-buster for the data industry, so much so that I use that term in my LinkedIn profile

There’s something very satisfying about challenging long-held conventions. Now if I could just figure out how to actually blow things up as part of my day job, I’d really be on to something. In this article I’d like to look at three long-standing and recurring myths for data governance and recommend some alternative methods to help you jump-start your data governance practices.

Myth #1
Data Governance can be a proxy for Data Privacy and Information Security

Of all the myths that exist for data governance this might be the most dangerous. I don’t mean that in a fear-mongering way, either. There are some real consequences for getting this part wrong. I’m talking about the relationship between data governance and your data privacy and information security teams. 

Back when we didn’t have a choice, many data governance professionals had to take on aspects of data privacy and InfoSec functions because there were no other resources. Data governance staff were close to the data and seemed to understand the implications so, boom – data governance became a proxy for these teams.

For a while this arrangement wasn’t so bad. But as regulations increased and became more complicated, and as the tools around information security became more accessible and convoluted, the reality of data governance operating in this space was no longer viable. It took a few years, but pretty soon it went from not viable to a bad idea. Yet I still see it all the time: data governance teams writing policies, granting access requests, creating active directory groups, and vetting requests for data. 

Here’s why it’s problematic: You, my data governance friend, are not a lawyer, expert in privacy regulations, or an InfoSec professional. If you are then you should have those jobs, not data governance. While it does have the word “governance” in it, our function is to increase the use of data in a systematic way. When you approach data governance work with a privacy or security lens you end up with everything locked down. While that may seem like a great way to prevent people from doing things you don’t want them to, it creates the opposite effect: shadow functions that parade as full-fledged programs but lack the follow through causing potential breaches, inconsistent procedures, and actually increases the risk for the organization. 

So stop writing policies. It’s not your job. Do not grant access to systems or data, because that’s not your job either. Rather, create a “happy alliance” with your peers in Privacy and InfoSec (or Risk & Compliance, depending on your organization and industry). Partner with them to ensure that you’re following the rules and laws, but remember there should be layers between you and what is accessed, granted, and seen. These layers are critically important to create safety mechanisms for your data. Most data governance professionals are not experts in these mechanisms. The good news is your peers in Infosec and privacy are. 

Myth #2
Data governance committees and councils make decision-making more efficient

You want to know how to make sure nothing gets done? Put together a giant committee (or even a mid-sized committee). Yes, there are some perks to committees. They help communication get done in a group with less likelihood of misunderstandings because everyone hears it the same way at the same time. 

But with the proliferation of video tools available, the ability to share information broadly and consistently is much improved. If you’re challenged with a decision or haven’t been given the autonomy to make decisions committees can help, but I would suggest that you have a bigger problem if that’s your situation.

Historically, data governance operated with committees because we thought that decisions had to happen in committees. We would meet frequently and ask them to make decisions about things that they often didn’t understand. But these choices shouldn’t be made in a large group once a month. That slows down progress and limits the autonomy and authority of a data governance leader.

We don’t need to completely get rid of committees and councils. There is some value to them, but we also need to be realistic about what that value is. They can’t do the daily job, but they also shouldn’t be let off the hook in a monthly meeting. If data is that important to your company, a more active approach to supporting data governance is required. Decisions should always be made closest to the problem versus in a disengaged team of distant leaders. Certainly, there are scenarios where the decisions are big and you need back-up, and there’s nothing wrong with a little CYA. But that should be the exception rather than the rule. 

Myth #3
Data Governance can serve other Data Operation needs

This is less a myth and more a problem of scope. It becomes a myth only when organizations buy into the idea that data governance is anything that can’t be put into another category neatly. I see this play out when organizations can’t tell me with any precision what data governance can do for them. They will define it in general terms and often loosely, using words like “consistency” or “single source of truth” or “access.” 

When I started the research for the book Disrupting Data Governance, I did a search to find out how data governance was commonly defined. In early 2019 the most common definition was a page long. It shocked me. Data governance was the proverbial other bucket for data operations in any organization. Not sure what to do with training? Put it in data governance! Don’t know if people know how to use the data? Put it in data governance! Where do we track what data people use? Put it in data governance! Thankfully, the definitions are a bit better today, but I would submit that data governance still has a scope problem and there is a lack of clarity around the work. 

The faster you as a data leader can be clear about what data governance means to your organization and how people interact with it as a group, the better off you will be. Data governance should increase usage, improve data quality, create (or manage) lineage, and ensure protection. No more, no less. And no myths required.
--------

Continue reading Laura's data governance myths (part 2) here.