Data governance takes a turn — And it’s a doozy
If you were to ask me a year ago what I would point to as a best practice for data governance, my response would be to look at what financial services firms do to meet their regulatory requirements. Fast-forward to the age of GDPR and the new privacy mandates coming out of California (CCPA), and not only do you have to take into account what your customer wants but you have to also be mindful of security pitfalls. On the surface, it seems that you could do for data governance what you always do: Stand up the people and processes, profile your data, classify it, and push down control services.
Now, we could go into all the points on how to address privacy, security, preferences, and regulatory compliance. I honestly find that academic next to the bigger picture we face. Data is too dynamic, federated, and ownership-complex to apply the same practices for compliance as the gold standard for data governance.
Yes, I’m saying it: Kill your data governance program immediately.
Before you all jump out of the stewardship shadows to tell me I’ve lost my mind and haven’t a clue what I’m talking about, hear me out.
What we never really addressed in our data governance programs — and data management, for that matter — is the real link between data intent and guardrails. We also assumed that you could ideate and identify all the scenarios in which data risk could occur and throw a blanket of stewardship over it to head off fines or firings. I’m here to say that this is absolute hogwash (I have better words, but Forrester would not appreciate my trucker mouth . . .).
I’ve talked a lot about the personalization of data, federated stewardship, and even embedding data governance requirements into DataOps delivery from the start in previous blog posts, reports, and webinars. That at least lets you pivot toward a strategic and agile approach to data governance. But that only gets you so far. What you really need to do is push data governance and policy execution into all the processes and automation that exist in your ecosystem. We call this ambient data governance.
When we need to take our customers and endpoints into account (as with GDPR and CCPA), we can no longer treat the lines between people, process, digital, analytics, and data separately. Preference capture needs to link to company policies and use of data. The ability to control, remove, or obfuscate data across channels, processes, and business units/divisions needs to be accounted for regardless of manual or automated ecosystems. Data security exists not as a separate function but rather an additional control mechanism to execute permissions and preferences as opposed to individually executing rules. If you need to meet your deadlines, data governance bureaucracy, rule coding, process design, and reporting will never let you meet your compliance obligations.
What we need to do is take our DataOps and agile development approach and translate data governance requirements into the intelligent digital solution it should be. Digital and artificial intelligence is the power to not only making data work more natural and intuitively for the business and customer but is also the adaptive engine to keep offensive and defensive objectives of governance in sync.
Just as we consider digital and artificial intelligence as transformative capabilities to run our business, these same capabilities are what will run our data. Digital is the window where we impart our intent for the data and insights. AI is the analytic assist to generate, execute, and adapt policies, rules, standards, and definitions based on that intent (explicitly and implicitly) in-stream of data interaction.
We do this today in a limited fashion. There are data governance services that help improve data quality, as employees working within business applications correct, update, and avoid record duplication. Data preparation and catalog tools use machine learning to assist and suggest ways to source, curate, munge, and use data. Data governance services run intelligently behind the scenes to autocorrect and govern data use.
Tomorrow, we need to extend this intelligence into our digital ecosystem to further our ability to de-friction data use due to data policies and edge responsibilities. Intelligence should be about to take advantage of insights between intent, usage, lineage, use cases, and policies and adapt approaches to control and enable data for value.
Ambient data governance is the strategy and approach that not only scales your data governance efforts but also acts as the solution to meeting the ambiguity that exists as we scale data for new use cases, regulations, and digital capabilities that are emerging. Ambient data governance is the intelligence behind your data.
(This post originally appeared on the Forrester Research blog, which can be viewed here).