What You Need to Know about Data Governance from Chief Data Officers
Data is a hot topic right now. It seems like everywhere we turn, there’s a data breach or new data privacy law rolling out, and it can be hard to keep track of everything. At the 2022 Information Systems Audit and Control Association (ISACA) Chicago conference, a group of Chief Data Officers gathered to talk about data priorities and what the future of data will look like. Before we dive into the panel Q & A, let’s remind ourselves of some of the important aspects of data governance:
- Data governance is the policies, practices, and procedures that allow a business to realize the full benefits of data.
- Data governance is different than data management. While very similar, data management focuses on logistics, whereas data governance focuses on policy and strategy.
- Implementing a data governance strategy is key to the management of an organization’s critical data.
Data governance should be a top initiative for your organization. Let’s turn to the Chief Data Officers to learn the best practices your organization should be prioritizing.
Note: These answers were compiled from the panel discussions and summarized for readability. The answers below are not direct quotes.
Q: How do you approach and prioritize data governance?
A: Top-down data ownership is essential. Getting the board to understand the importance of dedicated resources for data governance, like the personnel to make it happen, is integral to an organization prioritizing data governance and management.
Data governance is a big job and adding these job responsibilities onto the workload of an existing employee may not be the best way to achieve your security goals. Consider bringing on a data protection officer (DPO) whose main responsibility is data governance and management, so these tasks remain a priority and your organization doesn’t fall behind. Data protection personnel can help you know your data. It’s important to know what your data means, how it’s being processed, and how it’s being shared.
Q: What are a couple of data priorities to keep in mind?
A: A couple of priorities to keep in mind are:
Avoid over-customization of data. There are some benefits to customizing data, but the complications that those customizations may cause can negate the benefits. Customizations can cause complicated updates, limit product knowledge, and slow other processes down. While some customization of data isn’t a bad thing, it’s best to partner with a business who can hold you accountable and make sure you’re doing what’s best for your organization.
Work to achieve data interoperability. By gathering diverse data into the same place, organizations will maximize the value of their data and eliminate complications of retrieving data from different locations.
Q: How do you get the board on board with hiring a DPO?
A: New data regulations are popping up every day. Security professionals need to emphasize the importance of organizations understanding and following these regulations. To get the board’s attention, consider highlighting the amount of sensitive data your organization is responsible for and what the repercussions of a breach could be. Analyzing well-known data breaches and what went wrong can become an eye-opening opportunity that might convince decision makers in your organization to take the steps to hire a DPO.
Threat actors can manipulate a small gap in your security to access very sensitive information that could end up costing your organization millions, so stay proactive and avoid disaster by bringing on data experts.
Q: How will audits evolve with a greater focus on data?
A: Auditors should be at the table when you’re building data security and risk assessment initiatives. Partner with an auditing firm who is willing to work through the details with you. A thorough audit will meticulously examine your policies and procedures to identify vulnerabilities instead of simply acknowledging that an organization has policy documents.
Q: What are the keys to your success as a data leader going forward?
A: The keys to success as a data leader include:
- Bring the necessary people on board. Make sure you have designated risk assessment and data governance roles along with people who support those initiatives.
- Make sure you’re communicating the value of the data your organization possesses.
- Successful data governance will drive better decision making, which can save your organization time. Data will be easier to access allowing quicker results.
Are You Managing Your Data Properly?
At KirkpatrickPrice, we are committed to more than just performing your annual SOC 1 or SOC 2 audits. We want to help you throughout your entire compliance journey.
We pride ourselves on being an auditing firm who is willing to work through the details with you. We’ll work with you to meticulously examine your policies and procedures to give you the assurance you deserve. Contact one of our data privacy or risk assessment experts today to answer any questions you have regarding data governance and risk management.