Data governance: The people factor
- Data governance is about managing people as much as data
- Institutions should consider how users interact with data
- Data quality, stewardship, access, and security matter most
In the first blog in this series, I talked about the four components of data governance—ownership, access, quality, and security. All are critical to building an analytics-powered campus.
Technology plays a significant role in helping institutions manage all of these components. But at the end of the day, it’s the behaviour of the people using the technology that determines whether data is being used to drive institutional success.
Data governance is about controlling the way people behave with regard to data and data technology.
- identifies the appropriate people to steward and govern various types of data;
- sets policies outlining appropriate rules of behaviour;
- and embeds those rules into everyday processes across the institution.
Here’s a brief look at how effective management of people, policies, and processes supports each of the four components of data governance:
Supporting data stewardship
Assigning individual stewards or owners for each type of data is the key to clarity and accountability.
Each owner should be intimately familiar with where their data lives, how it’s defined, and whether it’s being interpreted consistently across the institution.
Of course, there may be multiple people with a stake in how specific data is governed. For example, the registrar may own one type of student data and the admissions office another. That’s why roles should be clearly documented. Policies should dictate who can make decisions about what. And if the decision one stakeholder makes can impact another (for example, changing a single code can have unintended ripple effects), there should be processes in place to resolve—or better yet, prevent—the inevitable conflicts.
Supporting data access
There are three good reasons to control who can see what:
- Failure to comply with federal privacy regulations (such as HIPAA or FERPA) can result in both financial and reputational penalties.
- When staff don’t trust that access and privacy are tightly controlled, they are reluctant to share information that could benefit institutional decision making. Silos deepen, insights stay buried.
- Ensuring that people are accessing information most relevant to their jobs just makes good sense.
Governing data access starts by asking who is allowed by law to access sensitive data—including faculty, staff, students, family, and the public (careful what you put on your Web site). The next step is to map who needs access to which data in order to make decisions that impact every area of the business. Set policies around how credentials are assigned, and develop processes to ensure credentials are revoked when people leave or change roles.
Supporting data quality
Everyone knows the frustration of dealing with “bad data.” It’s missing, it’s out of date, it doesn’t match, or you know from past experience that you just can’t trust it.
More data than ever before is flowing into institutions. But directing it to the right system, giving it the right name, and keeping it up to date is harder than ever. That’s where rigorous governance comes in.
When it comes to bad data, the culprit is usually data entry errors or changes to codes or terminology that are not communicated to all stakeholders. Individual data owners—as well as cross-functional governing bodies—should establish standard data definitions, rules for data usage, policies to maintain regulatory compliance, and processes for quality control.
Supporting data security
Data privacy and security is consistently ranked as one of the top challenges facing higher education today. While it’s often IT leading the charge, security is as much about people as technology.
Most institutions lack comprehensive policies governing how people display data (like sharing spreadsheets with social security numbers); ensure compliance with regulatory requirements (like those governing student privacy or financial transactions); or share data internally and with third parties. It’s a daunting task to map which policies are missing or outdated and how they impact various people and functions across the institution. It’s even more work to refine systems and processes to enforce the new policies you put in place. But considering what it could save the institution in financial and reputational damage, this is an area of governance with a potentially huge return on investment.
Putting it all together
The graphic below provides a quick snapshot of the elements of data governance I’ve covered in the first two blogs.
In my next blog in this series, I’ll talk about how to ensure the ongoing success and sustainability of your data governance programme.
And for more insights and resources about becoming an analytics-driven campus, check out our analytics-driven campus resource page.
Other blogs of interest