5.2 Digital governance and information security

Some organisations have separate departments to lead digital governance and information security activity. They normally ensure that legal responsibilities, professional and internal standards, processes and strategies are in place. This allows organisations and individuals to develop the behaviours which ensure a consistent approach to operating in a digital environment.

Digital governance and information security can include areas such as:

• GDPR (General Data Protection Regulations)
• information security
• data, information and digital knowledge management
• intellectual property and copyright
• accessibility and inclusion
• digital brands
• communication and content.

Many organisations use the Data Management Association (DAMA) international framework as an approach to data governance and understanding what needs to be considered.

Figure 6 The DAMA-DMBOK data governance wheel

Show description|Hide description

Image shows a circle split into segments around the phrase ‘Data Governance’. Segment labels from the top of the circle clockwise are: Data Modelling & Design, Data Storage & Operations, Data Security, Data Integration & Interoperability, Document & Content Management, Reference & Master Data, Data Warehousing & Business Intelligence, Metadata, Data Quality and Data Architecture.

Figure 6 The DAMA-DMBOK data governance wheel

In the video below, Nicola Askham, The Data Governance Coach, explains the framework and considerations for good data governance.

Download this video clip.Video player: hyb_5_2022_sept109_data_governance_and_dmbok_wheel_compressed.mp4

Show transcript | Hide transcript

Transcript

 

NICOLA ASKHAM

Data governance is obviously my favourite of the data management disciplines. It's most commonly thought of as quite boring. It just doesn't sound exciting, data governance. Other things sound like they're going to deliver something that people get and understand, like data quality. But data governance is actually at the centre of the DAMA-DMBOK Wheel for a reason because it actually provides the underlying foundation for you to do all these other data management disciplines to manage your data better.

So, data governance gives you the roles and responsibilities, the authority, and the processes, so that people make consistent decisions about your data, because you don't want somebody to decide to manage their data better and perhaps initiate a data quality cleansing initiative without understanding the full impact of that. So quite often, people do things tactically before they have data governance in place. And that starts you thinking both more holistically about your data in an organisation, but also thinking about the priorities of what you do. So, we fix things that are the most strategic for your organisation.

DAMA is the Data Management Association. And there is a DAMA International which is the overarching organisation. And then in many countries around the world, there is a local chapter. Now, DAMA International has created what they call the DAMA-DMBOK which is the body of knowledge. And in this body of knowledge, there is a chapter for every single one of the data management disciplines.

So, you have data governance, data quality, master data management, data security, data operations. I won't list them all, but, so they are all there in this book. Now, this is quite a lot to get your head around and to think of all the things that you might need to do to manage your data. So, DAMA actually have drawn a diagram. And it's a simple wheel. And it's often called the DAMA wheel or the DAMA-DMBOK wheel.

And you have a circle in the middle. You have a smaller circle where it says Data Governance. And then all around the circle, you have a number of segments. And, basically, every segment in that wheel represents one of the chapters in the body of knowledge. So, it's a good way for you to say, these are all the disciplines that you really ought to be doing if you're going to manage your data well.

And I think it's also worth considering that for every segment, plus the little circle in the middle for data governance, you probably need at least one if not a team of different experts. Now, if you looked at that wheel and compared your organisation's activities against it, there's probably some that you can immediately put a big tick against, because I don't think I know a single organisation that's not doing data security and cybersecurity these days.

But you might not be doing master data management or reference data management. So, it's a really good place to have a really good overarching view of these were all the activities that in an ideal world, we would be doing. And are we doing all of these? And in more importantly, are we doing enough?

So, the wheel itself doesn't answer all those questions. You'd need to go to the DMBOK and have a look. But the wheel is a really good summary of all the data management disciplines. It's really important to help people understand what data they have and then manage it correctly so it's good enough quality to support good decisions.

Data is an interesting term. And it's quite interesting how many people don't actually understand what it is when they're talking about it. And people, unfortunately, use the term data and information interchangeably. And that does cause a problem. So, I think the best way to think of it is data is the building blocks.

So, you could have me on your system. And you could have, perhaps, a date. And you don't know what this date is though because data on its own doesn't tell you anything. So, what you actually need is data in context when it becomes information. So, you could just have this date, and you have no idea what it is. But when you actually make it as part of a record, it turns into something useful. And you suddenly find out it's actually my date of birth. And it becomes something valuable.

So, data on it's own has to be managed because if it's wrong, we won't actually get the right answer. So, you'd have, perhaps, somebody else's date of birth, not mine. But yeah, so data is the building blocks. But you actually have to have it in context for it to become useful. I think it's fair to say that everything on that wheel represents ways that you can look after and manage your data better.

But they're all different areas of expertise. And you'd need different people in your organisation to support it. An example would be data security is a data management discipline. Everybody understands data security. That's who should access your data? What level of encryption should we put on it?

But you also have data management disciplines, like data quality. Is the data good enough to use? And perhaps even master data management, which is where we've got the same records on multiple different systems in an organisation. We quite often like to create a master or golden record. Some people call it a single version of the truth. Now, those are just three of, I think, it's ten different data management disciplines according to DAMA. And you need different areas of expertise to do all of those things for your data.

Data governance gives you a range of roles. And I think anybody that's done a quick Google of data governance will know the obvious. A data owner and a data steward of that data. But to be honest, they're going to be a relatively small number of people out of the total number of people working in your organisation. And then I had the lightbulb moment and realised that I had to get everybody in the organisation involved in this because nearly everybody, I think, fairly safe to say, everybody in an organisation either produces or consumes data or probably a bit of both. And data governance could only deliver so much if we didn't address all of those people as well.

So, I started talking about two more roles, which I have continued to use to this day called a data producer and a data consumer. And, obviously, you're not accountable for the data in the same way that a data owner or a data steward would be. But you do have some responsibilities. So, if you're a producer of data, you're responsible for capturing it correctly in accordance with the requirements.

I use the two roles of owners and – of consumers and producers to start breaking down silos because I think every organisation I've ever worked with has told me that they're the most siloed organisation that I'm ever going to work with. And it's true. We all, it's what we do naturally. We like to work in our little tribes, the people that we know and that we understand. So, what we need to do is break those down by using these roles because quite often, the people who produce the data in the organisation are not the same people who consume that data. And we need to get them talking to each other and understanding what that data needs to be so the producers can do it correctly.

The data landscape is really rapidly changing these days. And I think if anything, it really makes the need for data governance more and more important because there are some amazing technologies out there. And artificial intelligence and machine learning, they can really help us analyse and use our data, get some amazing insights that perhaps we never would have noticed. But they're only as good as the underlying data that you point them at.

What we have to do first is make sure that we understand what data we have and where it is. Then we can use these technologies to do the really clever stuff. And most of the clever things come around the analytics of that data and understanding and getting some insights from it that perhaps just we didn't realise before. But I think as we go forward, it's really important more so now than ever before that we put a good data governance foundation in place. And then we're going to do some – be able to do some really amazing things with our data.

End transcript

Download