Data governance: The people factor

Data governance: The people factor

By Henry DeVries on Thursday, March 1, 2018

In the first blog in this series, I talked about the four components of data governance—ownership, access, quality, and security. All are critical to building an analytics-powered campus.

Technology plays a significant role in helping institutions manage all of these components. But at the end of the day, it’s the behavior of the people using the technology that determines whether data is being used to drive institutional success.

Data governance is about controlling the way people behave with regard to data and data technology.

Specifically, it:

  • identifies the appropriate people to steward and govern various types of data;
  • sets policies outlining appropriate rules of behavior;
  • and embeds those rules into everyday processes across the institution.

Here’s a brief look at how effective management of people, policies, and processes supports each of the four components of data governance:

Supporting data stewardship

Assigning individual stewards or owners for each type of data is the key to clarity and accountability.

Each owner should be intimately familiar with where their data lives, how it’s defined, and whether it’s being interpreted consistently across the institution.

Of course, there may be multiple people with a stake in how specific data is governed. For example, the registrar may own one type of student data and the admissions office another. That’s why roles should be clearly documented. Policies should dictate who can make decisions about what. And if the decision one stakeholder makes can impact another (for example, changing a single code can have unintended ripple effects), there should be processes in place to resolve—or better yet, prevent—the inevitable conflicts.

Supporting data access

There are three good reasons to control who can see what:

  1. Failure to comply with federal privacy regulations (such as HIPAA or FERPA) can result in both financial and reputational penalties.
  2. When staff don’t trust that access and privacy are tightly controlled, they are reluctant to share information that could benefit institutional decision making. Silos deepen, insights stay buried.
  3. Ensuring that people are accessing information most relevant to their jobs just makes good sense.

Governing data access starts by asking who is allowed by law to access sensitive data—including faculty, staff, students, family, and the public (careful what you put on your Web site). The next step is to map who needs access to which data in order to make decisions that impact every area of the business. Set policies around how credentials are assigned, and develop processes to ensure credentials are revoked when people leave or change roles.

Supporting data quality

Everyone knows the frustration of dealing with “bad data.” It’s missing, it’s out of date, it doesn’t match, or you know from past experience that you just can’t trust it.

More data than ever before is flowing into institutions. But directing it to the right system, giving it the right name, and keeping it up to date is harder than ever. That’s where rigorous governance comes in.

When it comes to bad data, the culprit is usually data entry errors or changes to codes or terminology that are not communicated to all stakeholders. Individual data owners—as well as cross-functional governing bodies—should establish standard data definitions, rules for data usage, policies to maintain regulatory compliance, and processes for quality control.

Supporting data security

Data privacy and security is consistently ranked as one of the top challenges facing higher education today. While it’s often IT leading the charge, security is as much about people as technology.

Most institutions lack comprehensive policies governing how people display data (like sharing spreadsheets with social security numbers); ensure compliance with regulatory requirements (like those governing student privacy or financial transactions); or share data internally and with third parties. It’s a daunting task to map which policies are missing or outdated and how they impact various people and functions across the institution. It’s even more work to refine systems and processes to enforce the new policies you put in place. But considering what it could save the institution in financial and reputational damage, this is an area of governance with a potentially huge return on investment.

Putting it all together

The graphic below provides a quick snapshot of the elements of data governance I’ve covered in the first two blogs.

Data governance the human factor-image

Next up

In my next blog in this series, I’ll talk about how to ensure the ongoing success and sustainability of your data governance program.

Other blogs of interest

Data governance: How to get started 

Setting ground rules in the cloud

Permanent link

Add to conversation

* Required. DO NOT include HTML code.
* Comments are subject to moderation.

About the Author

Henry DeVries

Dr. Henry DeVries

Management Consultant at Ellucian

Henry DeVries serves as management consultant, principal, and leads the business intelligence services in Ellucian’s management consulting group. Dr. DeVries has more than 35 years of experience in higher education as a faculty member, researcher, and administrator.