This does not mean that data ingestion will be free from governance. Guiding principles and rules are put in place to ensure broad risks are mitigated, such as: Was the data collected legally and ethically? If the data was purchased or obtained from another company, was it from a trusted partner? If not from a trusted partner, does the new source meet trusted partner criteria?
This level of governance is necessary, because when it comes to data privacy, certain regulations require that all data maintained by a company is subject to compliance even if it is not in use. Data ingestion cannot be a free-for-all, but once high-profile risks and compliance requirements are addressed, the more data that can be brought in and evaluated, the more business value and possibilities can be generated. Encourage curiosity, creativity, and the ability to bring in more data to support the innovation-sparking questions of, “What if?”
As ingestion requirements are lessened, retention rules should be tightened. Once a new data source is added, it should be given a specified evaluation period during which risks should be identified and mitigated, trust increased, business uses determined, potential value demonstrated, and business ownership designated. These criteria may be on different timelines but before data can be promoted to production, risk, trust and value must be fully evaluated, and ownership documented.
Establish Governance Checkpoints
Governance is not a one-size-fits-all program, especially when it comes to emerging technologies. Rules, policies, and procedures vary based on many factors such as scope, audience, and data use case. The landscape of IoT is always changing, and AI/ML models are always evolving. It is important to establish governance checkpoints to assess the validity and appropriateness of related policies and procedures to ensure that, as the technologies evolve, governance continues to effectively mitigate risks, protect assets, and maximize business opportunities. These checkpoints are not in lieu of ongoing monitoring but rather points to evaluate the effectiveness of the program within a specific business context. The checkpoints may be inserted at different points in a data or analytic lifecycle or at designated points in time.
Generate, Delegate, and Enforce Accountability
Trust in enterprise data is built on many factors including, but not limited to, quality, relevance, accuracy, reliability, and credibility. To maintain these facets of data management at scale, accountability cannot rest in the hands of the governance council or IT. The expectations and measurements for these criteria are determined by the governance program, but the accountability must be managed and maintained by assigned business data owners.
While some governance workflows will have built-in accountability enforcement, continuous enforcement of accountability can be achieved through scoring systems that allow data users to rate data sources as they are used. Lower-rated sources create peer-based accountability enforcement where data owners are compelled to appropriately manage and maintain the data sources for which they are responsible. Businesses may also use social-style, collaborative environments that allow users to comment on how data sources could be improved.
In IoT and in environments with the data volumes appropriate for AI and ML processing, a data governance program cannot scale fast enough to monitor and maintain all data sources, mitigate all risks, and maximize all value, nor should it. The governance program puts the rules and measures in place, delegates the accountability to business owners, and allows the self-governing measures of rating and collaboration systems to enforce the accountability.
Increase Stewardship
Stewardship is the on-the-ground connection between data governance and the tactical execution of data management within a specific business or technical context. Stewards are the arm of responsibility in governing and managing data assets. As data volumes grow and multiple uses of data sources become evident, it is important to avoid over-managing, cleansing, and preparing a data source for a particular business use case as it may negate the ability to use it in other areas. As additional business uses are identified, additional data stewards should be designated. Data stewards should represent each business use case and champion appropriately. This allows for varying business needs to be met and managed using a single, centralized data source rather than creating redundant data sources for every new business case.
Modifying your data governance program to exploit opportunities from emerging technologies does not require a complete overhaul. It does require a fundamental change in approach from tight management and control to openness and increased business accountability. With this shift and a few additions and tweaks, governance will no longer lag behind advancements in technology but rather enable them.