Data is an increasingly valuable corporate asset that must be managed com- petently, efficiently and responsibly in order for a company to be well- positioned to thrive in a connected and data driven economy. Governing of the organization’s data must be a priority for 2016. Organizations that don’t put proactive systems in place now may find themselves a distant memory from the dawn of the age of the Internet of Things (IoT) for a whole host of reasons. Data breaches, poor data security, cybercrime, regulatory scrutiny, plaintiffs’ lawyers, wholesale brand collapse, and loss of consumer trust and confidence surrounding data protection can all be material failures for a company, and 2015 has, again, confirmed that no one is safe for these risks.
The only hedge against cyberrisk is sound data governance, which requires a strong focus from the company’s management team, excellent communication and leadership within the organization, and cooperation among all participants. Estab- lishing a Data Governance Committee (DGC) is the first step to proactively address- ing these risks, and to carefully evaluate the impact and full scope of what a com- mitment to good data governance could mean to the company in the long term.
Establishing the Data Governance Committee’s Objectives and Responsibilities
The DGC’s primary duty is to ensure responsibility, accountability, defensibility and sustainability of data practices. The framework for effective data governance planning contemplates the personnel, technology, processes, policies and proce- dures necessary to ensure the preservation, availability, security, confidentiality and usability of the company’s data.
Furthermore, a DGC encourages strategic thinking and the creation of opportu- nities surrounding the appropriate use of data within the company.
Key steps are establishing roles and objectives for the DGC. These should be clearly articulated in the form of a governance charter, and clearly explained to the DGC members.
The group should focus on estab- lishing data standards for privacy and information security, records man- agement, employee data, trade secret and intellectual property protection, e-discovery and litigation readiness, and vendor management. Such poli- cies must include a comprehensive set of rules, policies and procedures governing the proper use, and dis- posal of the company’s data.
The DGC will be the decision-mak- ing body when issues arise related to data use. The group will consider the appropriate level of risk allocation, assuring that insurance and contrac- tual risk transfer in connection with data risks.
Finally, the DGC can be a power- ful tool for setting the tone within the company, establishing the inter- nal top-down support for helping to ensure that employees are properly educated and trained about their re- sponsibilities related to data, and in- stitutionally appropriate practices in the collection, use and disposal of data. The DGC should also develop appropriate channels through which employees can express concerns and identify potential risks.
Composition of the Committe
Choosing members of the DGC is crucial to ensuring the ultimate suc- cess of the committee. Members must comprise a cross-functional team, in- cluding representatives of executive management who can appreciate the role of data in the long-term objec- tives of the organization.
The DGC should include members of the company’s leadership and representatives from the informa- tion technology, communications/ marketing and legal departments, as each of these departments have con- trol over areas of the company that are most likely to be affected by a data governance strategy.
Through participation in the DGC, representatives can closely coordi- nate to accomplish the established objectives and goals of the company in the context of data governance. Each of the team members has a cru- cial role in ensuring their respective department is properly represented in the data governance process.
Roles and Responsibilities Of the DG
The roles and responsibilities of the DGC are to:
- Establish direct reporting to the most senior corporate governance tier of the company, as there should be oversight of data gov- ernance from the highest levels of the company.
- Evaluate and respond to internal proposals relating to the use of data and information in connec- tion with data mining, behavioral targeting and data analysis.
- Monitor implementation and com- pliance of processes, and, when appropriate, propose revisions to policies and procedures adopted by the company.
- Provide oversight to senior man- agement, the chief technology of- ficer, and company employees in their efforts to reinforce good busi- ness practices and maintain legal compliance.
- Be frequently and timely informed of compliance activities, training activities, communications pro- grams, compliance audit reports, and reports of alleged violations of the company’s data governance policies.
- Conduct annual evaluations of the company’s data governance prac- tices.
- Consult with any advisors they deem necessary to ensure that the company conducts its business activities in compliance with the law.
Establishing a data governance committee can be a very effective tool for a companies that seek to establish accountability and control over their data. Creating effective institutional infrastructure in the form of a data governance committee in order to for- malize the necessary communication, cooperation and ownership surround- ing the challenges presented by data management, has the potential to bring long term rewards to the com- pany. As the legal and regulatory envi- ronment continues to remain volatile regarding data security, data use and data transfers domestically and in Eu- rope, companies should be focusing on how to best position themselves to stay ahead of the curve regarding the use of their data assets. Developing a strategy and operationalizing good data governance will provide compa- nies the ability to maximize the value of their data assets and increase the long term value of the company.