In the first post of this two-part series, I introduced the concept of a simple "4F framework" for creating a solid start to your compliance initiative. I discussed the idea of discovering the Function and Flow of your data, as these requirements feature prominently in regulatory compliance demands.
In this post, I want to close out the series by talking about the remaining components of the 4F framework - Form and Foster.
Form
When you've understood the function and flow of your data, you need to go deeper and understand its form.A definition is useful here:
- Form: noun: a particular way in which a thing exists or appears.
- Synonyms: manifestation, appearance, embodiment, incarnation, semblance, shape, guise, character, description, expression.
In the simplest sense, we need to know the characteristics of the data, such as its data quality dimensions and data quality rules, its format and specification. We need to know if a personal data set is public, private or security sensitive, for example.
We also need to understand the retention cycle of the data. What happens after the retention period? Is the data archived – and if so, where?
The POSMAD framework by Danette McGilvray is particularly useful in this regard. You can research POSMAD at this link if you'd like to learn more.
Foster
Finally – and perhaps the most significant activity on your data compliance journey – who is fostering the data? Who is accountable based on the information location of the data and its function and flow? What are the fostering obligations for the data?
Assigning ownership to an asset that's on the move, flowing through business units and functions, is a real challenge. Keep it simple by spotting the touch points of data (where a function is performed).
It's essential to identify the command lines that underpin the fostering process so you can spot where the necessary leadership and accountability controls are lacking. Without adequate ownership and stewardship, it's virtually impossible to ensure an ongoing compliance commitment.
Summary
There’s no escaping the fact that data compliance is a headache. But the reason it’s a challenge is largely because of gaps in existing data management strategy and infrastructure.
When you know where your data is, how it flows, what functions are performed on it, and who fosters it along the way, data compliance becomes a whole lot easier.
Sadly, in many ways, we’ve lost the discipline of data management over the years. But hopefully, with the latest drive for regulatory compliance, we’ll start to see a renaissance of the techniques that many data practitioners were adopting 20+ years ago. While modern data management technology trends may indeed innovate and disrupt the enterprise, there's no escaping the fact that data compliance, at its core, is built on simple foundations.
Hopefully, this short series has provided an alternative viewpoint to a challenging topic.
Free download – The 5 Essential Components of a Data Strategy