Data governance continues to be an area of concern in many enterprises. This year's Data Governance Annual Conference organized by Wilshire Conferences and DebTech International saw roughly the same level of attendance as 2008 - quite an achievement in the recession. Perhaps the interest in data governance is because of the economic downturn, but there are other straws in the wind. My friends at the Enterprise Data Management Council tell me that financial industry regulators, both here and in Europe, have suddenly taken a great interest in data governance after years of paying little attention to the topic.

As encouraging as all this is, my experience is rather different. I find that enterprises understand the need for data governance but are unwilling to implement an additional layer of bureaucracy to achieve it. There is no doubt that the current problems in the financial industry are partially to blame for this. All of the culprits in the financial meltdown had long-established, well-developed and strongly funded risk management. In the years since the NASDAQ bubble, Enron's bankruptcy, Sarbanes-Oxley and so on, the governance, risk and compliance functions have grown large and ever more intrusive. Apparently, they did not work too well. Trying to sell data governance has become more difficult just as the need for it has become generally more accepted.Does implementing a data governance program always have to mean establishing a burdensome set of rules and a bureaucracy to administer it? I would submit that there is an alternative way to implement data governance based on principles rather than policies and rules.

The term "principles" is often ambiguous. We can get a definition from metaphysics. Metaphysics is the study of pure being. It is not that popular today, but it has a long history and a well-established body of knowledge. Principles are one of the things it has sought to investigate. According to metaphysics, principles are "absolute presuppositions," which means they have to be accepted as true or false because we do not have any way of analyzing them. Like it or not, we all operate according to sets of principles in every department of human action. However, we very rarely formally state what these principles are. Indeed, we are usually not even aware of them.

On some occasions, principles are stated. For instance, the U.S. Declaration of Independence contains the phrase, "We hold these truths to be self-evident." It then goes on to list a set of propositions, such as: "Every person has an unalienable right to liberty." The Declaration is saying that this proposition is a principle. You can agree with the principle or you can disagree with it, but you cannot use deduction or induction to determine through logic if it is true or not. It is an absolute presupposition. The temptation to argue about an absolute presupposition is irresistible, but it cannot lead anywhere, because we will never be able to prove one.

In contrast to principles, we can try to use rules. A rules-based approach will be one in which an authority creates policies and then designs and implements rules for each policy. Everyone then only needs to follow the rules, and the goals of data governance will be achieved. At least that is the theory. The problems with a rules-based approach are obvious. Policies and rules will be needed in every possible area of data governance. A high level of resources will need to be devoted to such an effort. Implementation of the policies and rules will likely impact operational efficiency, although this should be countered by improvement in data quality and risk mitigation. This scenario is probably not very appealing to senior management, which explains some of their reluctance to get too deep into data governance, while at the same time acknowledging the need for it. Senior management may also be asking itself if a rules-based approach to data governance would even be effective. As others have noted, the rules-based models used for GRC in the finance industry did not prevent an economic catastrophe.

A principles-based approach to data governance will not have to anticipate how to deal with data in every possible situation, which is what a rules-based approach will have to do. Principles provide a guide to the individual in every situation, but the individual has to work out how to take action in accordance with the principles. Rules, by contrast, tell the individual how to do something, and there is no scope for individual initiative. It is well-known that rules cannot match every situation, and so following them blindly can lead to perverse outcomes. It might be objected that rules can be based on principles. This is true, but my experience in data governance is that the absolute presuppositions that exist for data management remain broadly unexamined. The principles invoked as the basis for rules are often poorly articulated and may not be understood at all.

A principles-based approach to data governance deserves a more serious appraisal than it often receives. Work must be dedicated to risks that have to be overcome. I will look at those in a future column.


Malcolm Chisholm is an independent consultant on metadata engineering and data management . You can contact him at

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access