Data beyond boundaries: Reexamining the role of the data-governance council


sb10066015tThe theme on the Data Roundtable this month is managing data beyond boundaries.

You'll get no argument from me on the import of this subject, especially today. After all, we long ago entered the era of big data. As such, it's imperative to look anew at traditional data-related concepts, roles and rules. Which are still relevant? Which need to adapt or die?

I can think of no entity that should take a harder look in the mirror than the conventional data-governance council.Before going too far, a proper definition of the term is in order. A data-governance council (or committee) is defined here as:

"A cross-functional group with representatives from business and technical data stakeholder functional groups. In some organizations, this group may be labeled a data stewardship council. Members may be called data governors, lead data stewards, executive stewards or council members.
These councils make high-level decisions about how organizations use data."

If this description seems kind of bureaucratic and top-down, you're right. I can imagine a monthly or quarterly meeting in which near-retirement senior execs debate in a vacuum what should specifically be done and how. Not exactly agile and/or lean. I can just imagine many ambitious employees wanting to take advantage of burgeoning opportunities, only to be told that the council needs to vote on the idea next quarter. (Lest you think I'm being unnecessarily contrarian, I'm hardly alone in believing that there's a great deal of room for improvement here.)

I've argued before that much of big data is inherently ungovernable because it "lives" outside of the enterprise. That is, it is born on third-party sites, often accessible by APIs that may or may not remain open. To boot, not all APIs are created equal. Let's say that LinkedIn restricts or closes its API to developers, something that it has done more than once. What's a DG council to do? Those high-level decisions that it used to make in relative isolation about who can do what are now often made for it.

Is a DG council even necessary today?

The answer appears to be "it depends." Google's data-governance program aims to "create, maintain and promote radically stronger and more efficient protections around sensitive data." As of this writing, no one at Uber appears to work in a data-governance capacity. This is potentially disturbing given the company's well-publicized gaffes over its God view, or is it? Perhaps another department handles these critical responsibilities – maybe even its new chief security officer?

Data governance paper
Data governance paper

The elephant in the room is the CDO. Has the chief data officer usurped the duties of a data-governance council in many organizations? Put differently, is the use of data so important today that it can't be relegated to some type of "council" anymore? Is its misuse so potentially damning that it's high time to appoint a "data person" in the C-suite? These are all fair questions and I don't purport to know all of the answers.

Simon Says

I will say the following three things about traditional data governance councils. First, react quickly. Second, think guidelines, not rules. Finally, data security, privacy and general protection matter as much as – if not much more than – traditional data governance.


What say you?


About Author

Phil Simon

Author, Speaker, and Professor

Phil Simon is a keynote speaker and recognized technology expert. He is the award-winning author of eight management books, most recently Analytics: The Agile Way. His ninth will be Slack For Dummies (April, 2020, Wiley) He consults organizations on matters related to strategy, data, analytics, and technology. His contributions have appeared in The Harvard Business Review, CNN, Wired, The New York Times, and many other sites. He teaches information systems and analytics at Arizona State University's W. P. Carey School of Business.

Related Posts

1 Comment

  1. A couple of things -

    - I agree completely on the external sources. Anyone that uses them needs to acknowledge the potential vulnerability and have mitigation plans should things change.

    - I think you're describing a structure that's too flat. Any good DG structure needs to address Strategic, Tactical, and Operational issues. The Council you're describing appears to be a combination of all three. If they are to keep this structure, they need to compartmentalize their activities so they are addressing all three needs - if they can't (or won't), there needs to be new levels introduced to make sure all the bases are covered.

    - YPB (Your Prog Bro)

Leave A Reply

Back to Top