Understanding Data Governance: Meaning, Compliance, and Security
When one of the largest global credit score providers was exposed by the Wall Street Journal for issuing millions of inaccurate data points to lenders in 2022, they blamed it on a coding error. Several categories of personal data were completely incorrect, leading to huge reputational damage, including a 5% drop in stock price.
Written by a human
Data governance does not just apply to companies that deal in data – it’s important for accurate financial reporting, marketing analytics, and even regulatory compliance. Avoid the negative consequences of poor data governance strategies by understanding exactly why and how to manage your company’s data.
What is Data Governance?
Data governance refers to the way that organizations approach how they collect, manage, store and use data. In particular, data governance strategies help to guide organizations on data quality, accessibility and security.
General data governance principles exist, and companies can use them to adhere to best practices and implement strong processes. They help organizations to secure their digital information, use it in the ‘right ways’, and promote trust.
But there are regulations and occasions where data managers must go above and beyond to fully protect the security and integrity of the data they collect or comply with the requirements.
Therefore, data governance frameworks may be prescribed in certain regulations, forcing businesses to manage their data in certain ways. For example, the EU’s GDPR asks that companies that collect data from customers, suppliers or third parties in this location:
- Get their consent
- Have a defined purpose for each bit of data they collect
- Present a customer’s personal information to them when they ask for it
- Edit and change the data when it is wrong
- Store the data according to certain security conditions
- Delete the data upon request by the person it relates to, or once the storage period has ended
It’s when multiple regulations apply that things can get confusing, especially when organizations are operating in more than one area.
Instead of building a reactive data governance strategy in order to check the compliance box, companies should instead be proactively determining how they can best manage the data to maintain its quality, integrity and security, while also considering the privacy of the individuals it relates to.
What is the relationship between data governance and compliance?
Data governance forms a key aspect of compliance in many regulations around the world. As mentioned, in some cases it’s prescribed, while in others, it’s up to compliance teams to define their own governance strategy, which meets the requirements at hand.
Let’s take HIPAA; the US’s primary healthcare data regulation, as an example. It was introduced to modernize the flow of healthcare information and stipulate how organizations should manage the personal data of patients.
HIPAA’s Privacy rule enforces that professionals cannot disclose sensitive patient health information without consent. This is a hard and fast rule with only a few exceptions and means that it’s integrated into the way that every doctor, nurse, and insurance professional interacts with others.
If a loved one calls up concerned about a patient in the hospital, the information that they would be able to obtain would be incredibly limited, in order to protect the privacy of the patient. Going against this data governance policy would directly violate the hospital’s compliance with HIPAA.
Alternatively, the Sarbanes Oxley Act (SOX Law) is a regulation that mandates strict financial controls and comprehensive audit trails, but leaves the methodology to meet these requirements up to businesses. It’s therefore up to organizations themselves to create policies and procedures that meet the informational needs of the business while remaining compliant.
What is Database Governance?
Database governance describes how organizations manage their approach to certain subsets of their information, which exist in databases. It means that certain rules can apply to one subset, which don’t apply to others.
One useful case for this is for confidential business data, which requires limited access, even internally in the company. The broader data governance policy at a company is that it’s accessible by all staff and any edits or changes are tracked, promoting data integrity and holding staff accountable if they edit the information.
But the governance approach for a sensitive database could be that the information is not editable at all, and that only employees of a certain seniority clearance level can even see the password-protected file.
Here are some other effective strategies for database governance:
| Technique | Purpose |
| Data stewardship | Establish ownership and data management roles for increased accountability |
| Data architecture | Arrange the data in the most efficient way, according to organizational need |
| Data security standards | Practices like 2FA and just-in-time access can limit the risk of data leaks and fraud |
Devising your own data governance policy
Data governance is an incredibly important part of an organization’s security.
In 2020, global financial institution Citibank, was fined $400 million after it was investigated by the Office of the Comptroller of the Currency (OCC) over longstanding deficiencies in enterprise-wide risk management, compliance risk management, data governance and internal controls.
One particular failure was the absence of clearly defined ownership roles, and other errors led to the bank mistakenly sending a payment of $900 million to a third party. The bank was fined again in 2024 for failing to make adequate changes to its data governance approach.
When determining your own data governance meaning and policy, there are a few questions to ask across your compliance, data, product, and customer service teams:
- What is the minimum amount of data that you need to collect in order to provide the product or service?
- Who is in charge of maintaining the data? (collecting, storing, transferring, editing and deleting)
- Which regulations apply to your business, and how must you adapt your data governance methodology to meet their requirements?
- How are you enforcing data security governance, especially for confidential data, and how well is it working?
- How are you collecting data and monitoring its quality?
- How are you tracking data changes, who is reviewing these edits for data quality and integrity purposes, and how often?
Once you have the answers to these questions, your data governance policy should come naturally. Data security and governance go hand in hand, and Global Relay is here to help. Our Archive supports you to collect, store, manage and investigate your organization’s data, with military-grade encryption and security tools to maintain data quality and integrity.