What Makes for a Good Data Governance Policy?
2018 was a tumultuous year for data security and privacy with numerous data breach incidents making headlines worldwide. Hardly a month into the new year, things are looking even more serious. In Singapore, the Ministry of Health revealed that information about 14,200 HIV positive individuals and 2400 of their contacts was illegally revealed online. Personal information about 900,000 clients of Cebuana, Phillipines’s largest non-banking financial institution, was leaked. In Australia, work emails, job titles and even mobile phone numbers of 30,000 public servants were stolen.
It would be an understatement to say that organizations everywhere need a strong and effective data governance policy, now more than ever.

It’s about more than just compliance
With the GDPR kicking in last year and numerous other data privacy laws being debated or passed around the world, organizations are scrambling to protect their businesses and indeed, their way of working. But a ‘let’s get this done fast and cheap’ approach to data governance will only be detrimental in the long run.
Yes, there is a significant cost associated with becoming compliant to regulations like GDPR. But the advantages of having a solid data governance policy are too big to ignore. It strengthens the organization’s data strategy, brings structure, security and transparency, and empowers those in business roles to make better and more timely decisions.
As Apple CEO Tim Cook said in a privacy conference in Brussels, achieving great data governance standards is “not only a possibility, it is also a responsibility… Technology’s potential is, and always must be, rooted in the faith people have in it.”
Formulating and writing a strong data governance policy
Organizations—irrespective of size, industry or geography—often have a similar set of data governance goals: better data quality, accessibility, privacy, and security. But when it comes to actually
Understand policies, rules and guiding principles
To manage the basic operations of data governance, every organization needs a set of guiding principles, policies, and rules. Each of these terms has a different meaning. Guiding principles direct the organization in terms of the decision or approach to be taken during the course of its operation. Policies define the organization’s stand by function and action. And rules are the specific processes, procedures and frameworks that govern all data-related action.
Examples of data governance policy
Here are some essential foundational data policies that every organization must establish.
- Data Governance Structure Policy—defines the key members of the data governance program, from the data governance council (DGC) to the steering committee and various working groups. It also puts down who is responsible for what data and decisions, thus ensuring ownership and accountability.
- Data Access Policy—While data privacy and security are important, policies around these should not make it difficult or impossible for people within the organization to access and analyze data relevant to their business needs. This policy describes how to strike this balance.
- Data Usage Policy—sets down a code of conduct for the use of data to ensure that it is not misused or abused by any parties. It defines rights on every data element such as read-only,
create , edit/update, share, etc., making sure that only those with the right permissions undertake actions on the data. - Data Integrity Policy—has the objective of ensuring that all organizational data is accurate, valid and reliable. It defines how business processes across teams, projects
and functions are framed so as to ensure the integrity of the data that flows through it.
These are just four examples of policies that apply to most organizations irrespective of industry or business model. Uncover all the possibilities and requirements that pertain to your organization during your early brainstorming with stakeholders.
Prepare for conventional and Big Data governance
Most organizations today must factor in policies and processes for conventional data governance and for Big Data governance (and yes, there is a difference).
Conventional data governance usually deals with cleansed or processed data that is by nature, more structured. The thrust here is to build rules and definitions to ensure that this data conforms to certain standards. When it comes to Big Data, however, things are going to be a lot more chaotic and unstructured, with unknown sources, formats, structures, and even applications. The focus here will be much more on enabling exploration to discover applications and insights.
Overall, a systematic and collaborative approach right from the get-go will help you establish a data governance policy that works to your organization’s advantage. For more insights, read our series on the topic:
- Steps to create a winning data governance strategy
- Creating a project charter
- Building a data governance engine in 4 steps
- Charting the data governance roadmap
- Putting together the right team
- Championing the data governance program internally