Data governance will matter even if you don’t have it formalised yet. It is not an optional preoccupation — especially not if you care about compliance since it’s a building block of good privacy practice. There is not going to be privacy compliance in your sensitive data unless you’re able to account who (or what) is accessing what data, why they are doing this, and how you can revoke these privileges.
That old slogan on late-night newscasts in America, “It’s 10 pm, do you know where your data is?”
Consider these findings from the Centre for Data Ethics and Innovation, a UK government body, which is mentioned in a recent report from the Ada Lovelace Institute: In the UK, only “31% of people agree that ‘the digital sector is regulated enough to protect my interests,’ compared with 30% who disagree.” The CDEI survey also notes that “few people express confidence that there are protections in place around digital technologies.”
This is important to keep in mind because there are two angles to good data governance:
How it protects us when or if we are ever the subject of a complaint from a country’s data protection government body. Your data governance is an important part of proving you have reliable, repeatable processes for the handling of data in your organisation.
How we can represent to our users the care we will take to insure their data is safe, judiciously handled, and protected including within our own organisation.
When we ask ourselves “how could we get more users to give us data about themselves so we can improve something for them?” we have to remember this level of distrust. Can we reassure them in these moments by being able to communicate how, exactly, we use our data and who, exactly, has access to it by what rules?
If you think this risk of distrust is not as mortal as it sounds, another statistic for you: The current rate of opt-in for tracking since Apple released its new App Tracking Transparency update is hovering around 25% per the analytics provider Flurry. Put another way, it means a full 75% of users basically do not trust us enough to believe the balance of what they stand to gain from allowing us to track them is worth the risk to their privacy.
But now, what does data governance look like for a smaller organisation?
Perhaps not so nailed down. And, to be clear, the fact that you don’t have formalised data governance doesn’t mean that you don’t have data governance at all. In fact, a small organisation or a young data organisation is probably doing some governance quite effectively, even if it isn’t enshrined in deep documentation.
The fact that the organisation is smaller can, in fact, give you the advantage of only a few stakeholders being the gatekeepers to your data. And where the gatekeepers are few, they tend to have good overall vision for how things are run. (You could tell someone how everything works in your house. There is probably some housemaster who is in charge of Buckingham Palace. Do you think they are able to give precise directions to locating a specific type of forks? And where is the electric outlet nearest to a particular window?)
Which is a paradox of good data governance: The best data governance is done with individuals who have a long vision for how the organisation runs and how your product is built. But the bigger the organisation, the less likely this vision is perfectly known to any one person. So while a larger organisation has more at stake in organising great governance, it certainly is harder to set up as you grow.
If you’d like to subscribe to my bi-weekly newsletter, INMA members can do so here.