Data governance is an integral part of any overall corporate governance programme, and is also essential for ensuring that data management and data use are aligned with the business and its policies.
In today’s digitally-driven environment, where data is arguably the most valuable asset of the business, effective management is critical. Without proper data management, organisations open themselves up to risk, something that is very much a board-level concern. In addition, legislation such as the Protection of Personal Information (PoPI) Act, the National Credit Act (NCA) and the Consumer Protection Act (CPA) have created very strict regulations for the collection, processing and use of customer information. Data is valuable and its misuse can have catastrophic consequences for business. It must therefore be governed at board level in order to minimise risk and ensure alignment with business needs.
Essentially, data governance is a programme to prioritise data according to the financial benefit it delivers, as well as mitigate the risk of poor data practices and poor data quality. As mentioned, it forms part of an overall corporate governance strategy.
Both King III and a variety of legislation work to enforce more stringent governance principles across various areas, in particular data governance, which has become both a strategic and legal imperative today. Aside from generally applicable laws such as the NCA, the CPA and PoPI, certain highly regulated industries also need to apply a host of other local and international laws around data collection and use. The penalties for non-compliance can be severe, and without adequate information governance compliance can prove difficult to achieve and to prove.
Aside from being essential to actually achieving compliance, information governance can also prove to be beneficial in other ways. For example, it can actually reduce the overall cost of compliance by providing a framework that can be quickly applied when new regulations are put into effect. In addition, having clear data governance policies in place reassures customers of the ethical use of their data, and ensures the organisation can trust the quality of their own data internally as well. While data governance, IT governance and data management are not the same thing, they are all intrinsically related, as both data governance and IT governance are essential for data management. Data governance also lays the foundation for other forms of governance, include risk and financial, by ensuring that clean, quality, accurate and valid data is available.
The King III framework states: “the board should ensure that information assets are managed effectively” and responsibility for the assets lies with the respective business owner. However, since data assets are frequently shared by multiple stakeholders, it is essential to view data governance from an enterprise perspective. Ultimately the board should be responsible for the governance of risk as well as for IT governance, which needs to support data governance. Data governance is therefore a board-level concern and needs to be taken up at the highest levels of the organisation.
Gary Allemann is the Managing Director at Master Data Management.