The Misconception of Data Governance

Poor data governance is ultimately responsible for data breaches


John Shafran

1/1/20251 min read

When I first began working in the IT industry the office where I worked had no form of security – no cameras, no access cards, no security guards, not even a receptionist, I simply entered the building and took a lift to the floor I worked and walked to my desk. There were shared computers, which were always on and open for anyone to use and for those systems that did require a login, ‘cat’, followed by the month number, was used. The entire process was documented and included the password.

Today, wherever I work, I expect to undertake some site security training - what to do in the event of a physical threat and how to keep their business information secure. In recent years, the importance of data governance has grown exponentially, mostly attributed to security breaches or the threat of one. There are so many incidents of identity theft and other scams that one can never be too careful.

As a contractor, continuously undertaking various data awareness and security training, I see it for what it is and strongly adhere to these practices, even when they are not explicitly defined for the organisation. Being close to the data I see security breaches occurring continuously, which tells me that data governance, as a whole, is either lacking or simply misunderstood. More often than not it is confused with data management.

Data governance is the authority that determines how organisational data assets may be used. It enhances accuracy, quality and security through the establishment of policies, procedures, roles and responsibilities for those who work with and consume the data. It’s not data management, which is concerned with the physicality of the data itself, but the two certainly complement each another and one should not be considered without the other.

For data governance to be successful a clear sense of ownership and accountability is required and everyone in the organisation must go along with it, including the highest level of management. The data steward, the person ultimately responsible for data governance, must ensure that processes are clearly defined and ingrained into staff of all levels with continuous, on-going training.

More to come...