When creating data governance policies, three important stakeholders can end up working at odds with each other even though they each may be focused on what’s best for the company. Users like unrestricted access to all their data. Legal and compliance teams want to store as little data as possible in a highly managed way that mitigates risk and limits exposure of their data. Information technology professionals are left trying to meet the needs of both groups with tight budgets and ballooning volumes of data.
Before your data governance project turns into a nightmare, you have the opportunity to create a data governance team to help people understand and manage the entire big data challenge, not just their respective pieces. First, let’s dig a little deeper into each group’s primary motivators.
No matter the industry, a typical business user spends a great deal of time creating and consuming data, interacting with the data of their peers, and working with legacy data inside the organization. Users are expected to create high quality electronic data, leveraging the knowledge of the past, while under tremendous time constraints. Users want easy access to all data, regardless of who created the data, and they want it from a single source of search. Essentially, users want unlimited access to any relevant data for an unlimited time to be able to do their work most effectively.
Legal and Compliance Teams
The legal and compliance world is continuously evolving, and every industry must understand how laws and regulations apply to them. Often regulations force companies to maintain data for a set period of time and, most importantly, search and produce this data when needed. To reduce litigation risk, legal generally reduces the amount of time that a company keeps data to the bare minimum. At the same time, there is also an increased burden for legal discovery (e-discovery). Companies are now required to be able to produce data related to a case in a reasonable amount of time. With terabytes of data to search through, even routine regulatory requests can be arduous if no clear data classification and retention policies exist. Legal and compliance teams are looking for a well-defined and limited data governance policy restricting user data while providing a way to search and produce data easily.
With data volumes skyrocketing, IT has the difficult task of balancing budgets, allowing quick access to massive volumes of data, meeting compliance objectives, and supplying legal with e-discovery capabilities - and all with a limited number of staff. As previously mentioned, users typically want to maintain an unlimited set of data, and the burden of storing, managing, organizing, backing up and retrieving this data falls to the hands of the IT team. If a user can’t find something, IT is forced to put aside their daily work and help the user find what he or she is looking for.
Additionally, IT feels pressure from legal and compliance. As requests for data emerge, often it is the IT group responsible for gathering and holding this data. As governance matures it will be the IT team that is responsible for adhering to these policies.
IT has to face these dynamics, making sure the needs of the users are met or it will be burdened with an ever increasing amount of support requests while understanding that the restriction of data is necessary to control big data and comply with governance standards.
Avoiding the Conflict Triangle
With three competing goals, it is no wonder that defining which data to store, for how long, in what form, and who can gain access to it makes for a difficult discussion. When data governance projects fail, it is often because an organization failed to involve all of the significant stakeholders. The way to avoid this problem is to form a joint data governance committee as a first step. This means finding the right people in your organization who are willing to take a broad view of the problem.
Data Governance Committee
The three main roles within your governance team include a leader from each of the three groups discussed above, along with any team members who will be responsible for day-to-day activities associated with data governance. This team should be permanent and should meet on a regular quarterly basis since data governance policies need to respond to changing legal, regulatory and business requirements. By establishing a data governance committee, you are not just setting and declaring a policy, but can also establish buy-in through working with all stakeholders, which will ultimately lead to greater success.
Once your team has been established, its first task is to develop draft governance policies.
Decide What to Keep for How Long
The price of storage has been decreasing steadily over the past few years. This has motivated many organizations to save all their electronically stored information rather than to establish policies to determine which data is saved and for how long. Huge volumes of organizational information whether in transactional databases or archives mean that e-discovery can take a long time, translating into increased legal costs. At the same time, that data is valuable.
One way to start is to look at any regulatory compliance rules that relate to your industry. If, for example, you work in the financial industry, transaction records are a top priority, and you are required to preserve them. If you work in the health care industry, patient records are number one on the list. Work down the list of all your data and assign a percentage likelihood that it may be necessary to preserve for compliance, business performance and legal reasons. Look at the percentages and you’ll see which data needs retention and which might just be nice to keep.
When it comes to email, make some real decisions. Do you really want to retain every employee’s emails for 10 years? How about five years? Do you need to keep everyone’s communications?
Remember that data governance policies should apply to all data sources. That means structured and unstructured data data associated with mobile apps, Facebook, Twitter and other social media, video and audio, as well as information stored in the cloud.
At the end of this process, you should have a comprehensive information governance document. You will understand why you are retaining information, how long you would like to keep it, and for what purpose.
Benefits Beyond What You May Have Originally Envisioned
Once you have a data governance policy in place, and the technology that implements it, you’ll be surprised to learn there are benefits to your organization that go beyond what you may have conceived.
The first benefit people in your organization will realize is that you improved search capabilities. Because archives aggregate documents and files across type, you should be able to search from a single application across all your stored data. In-document searches allow you to search for a particular word or phrase.
A complete data governance solution based on the pillars of archiving, backup and e-discovery also ensures business continuity by providing data restoration in the case of disaster over typical backup and storage strategies.
Finally, by law companies must demonstrate that their systems allow them to comply with regulations and that they are being honest with regard to data retention, compliance and e-discovery. If your company is asked to produce all the ESI available regarding a particular transaction, for example, you need to prove that the information you turn over to authorities is complete and that you didn’t pre-filter information prior to conducting your search.
Ensuring comprehensive data governance through policies and technology can improve corporate performance, protect your business against continuity risks, and demonstrate e-discovery compliance. Start today by forming a permanent data governance committee.