As data governance becomes increasingly part of the business (rather than an offshoot of IT), it must proactively seek to build links with other areas of the enterprise.

Two paradigms dominate the IT mindset: the drive to build and maintain a technical environment; and reacting to requirements provided by business users.  Neither of those paradigms involve proactively engaging with other areas of the business, and to the extent that data governance was conceived in IT, it must discard these paradigms. Instead, data governance must actively seek out partnerships with other areas of the business, and present a vision of synergies that can benefit the enterprise as a whole. One of the most important of these business areas is the legal department.

What Can Data Governance Do for Legal?

Before data governance approaches the legal department to establish a mutually beneficial partnership, data governance should have a clear idea of what it can bring to the table, and some understanding of how Legal Departments function in general. Let us consider some of the ways in which Data Governance can support Legal.

Operationalizing Data-Related Laws and Regulations

Legal is, or should be, the source of regulations about data privacy and protection in the jurisdictions within which the enterprise stores, manages, or accesses data. However, legal typically cannot translate these rules into operationalized practices that ensure the enterprise is truly in compliance with the law.

Data governance can bridge that gap. It can provide an understanding of the situation in the environments that manage data, and help to identify potential gaps with respect to laws and regulations. Jointly, with legal, data governance can help to determine what solutions have to be put in place to deal with these gaps. These solutions will often be changes to business practices rather than changes to the underlying systems. Put another way, anything data governance can do to help solve these problems without involving IT will be greatly appreciated.

Ensuring Contractual Compliance

Besides laws and regulations, another great concern of legal is ensuring that data acquired under some form of contract is managed in compliance with such contracts. Unfortunately, the business in general often thinks that any data inside the firewalls of the enterprise is fair game and can be used for any purpose whatsoever. 

While legal can sign off on a contract, it is typically not going to be involved with monitoring the enterprise environment to detect if the data is being misused. It will likely only get involved if the counterparty in the contract suspects potential misuse and seeks a legal remedy, such as threatening to sue the enterprise. 

Data governance can assist in this area by acting as a gatekeeper to prevent illicit reuse of data. For instance, data governance can establish a presence on the Architectural Review Board (ARB) that many enterprises have. There are a number of other reasons for data governance being on an ARB, such as enforcement of data standards, but detecting contractual data concerns is a major one.

In order to carry out this work, data governance must understand what is implied in the contracts that exist about data. Such contracts may be with data providers, who sell data to the enterprise, or with customers who give their data to the enterprise. 

How Legal Works

Having discussed a few of the needs that have to be jointly addressed by data governance and legal, data governance needs to understand how it can approach Legal. Data governance has to potentially interact with all the operational units of the enterprise. It can only do so successfully if it understands the subcultures of these units. So what is special about legal?

Legal is conservative. Lawyers want their clients to avoid problems, and tend to give advice that points out the safest course of action. One of the consequences of this is that lawyers rarely are put in leadership positions in enterprises as they are not inclined to try anything new without an ironclad guarantee of success.  Data governance must listen to Legal, but will inevitably have to participate in discussions in which a business decision is made that weighs risks described by Legal with the potential benefits of a new business undertaking. This is not like the IT mindset of just accepting requirements from users -- data governance will have to help in the making of informed business decisions.

Legal is slow. Data governance must generally allow long lead times in dealing with legal. This is not always true, and Legal can sometimes be very agile. However, lawyers do not like being railroaded, especially if they feel they have not got an adequate understanding of a particular situation. Data governance needs to work to gain the confidence of Legal. This means that data governance must strategize about the way in which it is going to engage with Legal. Establishing formal recurrent meetings is something that can be helpful, as legal will feel data governance is not coming to it only when there is some kind of urgent issue. Such formal meetings can also help both sides identify risks before they turn into issues.

Legal is detailed. This also means that legal is verbose. Legal will generally generate a high volume of documents about a particular topic. Data governance will have to read and understand these documents, and should reserve time to do this. This will mean that data governance has to become familiar with legal jargon to some extent, and this may require one or more members of data governance being dedicated to the interface with Legal.

Legal is specialized. Lawyers tend to be rather narrowly specialized in areas where they are especially competent, and rather average in all other legal areas. This can mean that individual lawyers miss the implications of data-related issues and decisions. Data governance can help by ensuring that Legal understands the scope of a data-related issue, even if Data Governance does not adequately understand what has to be done from a legal perspective.

Opportunities and Risks

If data governance can establish a successful relationship with legal there can be enormous benefits to the enterprise. However, data governance also needs to be careful. It should not end up being perceived as the paralegals for the legal department in matters of data management. This will detract from data governance's independence, and its standing in data-related concerns that have nothing to do with Legal. 

Of all the organizations units that data governance can establish a partnership with, legal is one of the most important. In every enterprise, data governance should seek to build and maintain this partnership for the long term.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access