Data governance has become a code word for preparing your databases for regulatory compliance. When you utter those two words together - data governance - what usually pops into people's heads is thoughts of Sarbanes-Oxley and HIPAA and government regulations. But what is the true definition of data governance? According to BitPipe: Data governance refers to the overall management of the availability, usability, integrity, and security of the data employed in an enterprise. A sound data governance program includes a governing body or council, a defined set of procedures, and a plan to execute those procedures.
So, does this imply that organizations that are already managing the availability, usability, integrity, and security of their data are ahead of the game when it comes to regulatory compliance? Yes, I believe it does. This is probably why the term "data governance" has been conflated with "regulatory compliance." So how prepared is your organization in terms of gata governance?
A recent article in eWeek Magazine titled Data Governance Rises to Top of Compliance Efforts raises some interesting issues. The lead sentence of this article states "Analysts in the field of regulatory compliance say enterprises should increasingly build their IT auditing processes around database governance efforts." That just about says it all, doesn't it? If you are building a proper data governance practice then you will have a better chance of passing a potential audit for regulatory compliance. This is another way of saying something that I've been saying for awhile now - these regulations are basically just a way to get companies to start doing what they should have been doing all along!
That same article later discusses data governance saying this about it: "Loosely defined, data governance involves work to improve the quality of information stored on databases and typically includes the creation of a team of IT professionals whose sole job is to boost the reliability of the data and improve access to the content."
- Does your company have a team of IT professionals focused on data governance?
- Or do you just have the DBA group, with anything even remotely relating to data getting foisted upon them?
- Is IT aligned with business so that each data element gets the proper treatment it requires for the business as well as in terms of governmental regulations?
- Or do you hobble along with IT and business interacting only when necessary to gather program and database specs?
What I am getting at here is that organizations who change their practices to truly being treating data as a corporate asset will be better positioned for regulatory compliance. If you instill within the organization not just words that say "data is a corporate asset" but actions that prove "data is a corporate asset" (such as setting up a data governance team and funding it appropriately) then being able to pass a compliance audit is a great by-product of actually doing things properly in the first place.