Why Data Governance Policies Are Critical to Solution Success

<< back Page 2 of 3 next >>

Bookmark and Share

A few years after implementing the technology, many companies realized that while they were doing things with new, expensive tools, nothing had improved because they had not actually evaluated and altered their procedures. In response to this conundrum, the American Institute of Architects coined the phrase Integrated Project Delivery (IPD) that recognized that having the tools without having a strong process would not yield a beneficial result. Once this occurred, companies truly saw benefits from being BIM-enabled because these IPD processes complemented their BIM tools.

Why Isn't Technology Enough?

Companies might ask themselves why, if a technology is supposedly outstanding and truly effective, can’t it simply work without needing well-thought out processes in place first. Unfortunately, this is simply not the case. One of the best indicators of whether a newly implemented technology will be successful is executive sponsorship and user adoption. Low sponsorship and adoption rates generally mean low success rates. A surefire way to secure both is through process definition.  Executives and users have to buy in to new processes before the technology is implemented.  If they have accepted a new process, they will accept the new technology tool as a way to enable that process, making it much more likely that the project will succeed.

A perfect example of the need for data governance process before tools occurred with archiving and eDiscovery technologies when particularly litigious industries such as banking, healthcare and legal started to quickly adopt these tools to keep up with the proliferation of data-driven lawsuits. The premise of these technology solutions is to introduce limitations on the length of time data is retained, and to audit, search and produce necessary data. Many companies failed to consult all business stakeholders as to what these limitations would be and instead implemented the new tools without a plan in place. Consequently, many of the tools failed, not because of poor technology, but because companies neglected to involve all stakeholders in the creation of their processes, making the new tools incompatible with what users were doing and therefore leading to low user adoption rates. Despite best intentions and perfectly good tools, the technology could not influence the user community processes. Had the industries worked with their executives and user bases before adopting new tools, they would have seen much higher success rates for the archiving and eDiscovery components of their data governance programs.

Areas Present Major Data Governance Policy Challenges

While the types of policies companies should have in place before committing to software varies greatly by industry, there are a few areas that that present major data governance policy challenges for most industries.  BYOD programs are a huge area where policies need to be established in advance of putting data governance tools to work. BYOD programs are double edged swords for organizations and can be quite contentious. While fantastic for the business itself in terms of productivity, BYOD can, without question, become a major source of stress for IT. Employees will want to use everything from an iPhone, iPad, tablet and Android devices for their work, quite often asking to access work on their personal devices. In terms of policies, companies must decide what mobile platforms they will support, what security models will be defined etc. Additionally, separating company owned data that is subject to data governance from employees personal information is challenging as well.  Companies need to determine how they will manage these conflicts before diving headfirst into BYOD.

Another top of mind area for companies when it comes to policies is whether they will allow employees to use commercial, publicly available file sharing technologies like Dropbox. The headlines are filled with the consequences of unclear data governance policies related to them. The C-Suite and IT are terrified of these open platforms where employees could be uploading confidential corporate information, but whether they know it or not, they probably have employees utilizing them.  It is therefore essential that they define and then clearly spell out the file sharing policies (and consequences for disregarding them) to employees. Allowing file sharing usage has major implications in terms of security tools and not allowing it leaves companies with decisions to make in terms of viable alternatives for employees.

PST file corporate policies are another challenging area right now for all industries.  PST files enable users to take emails and save them locally when they have reached their email storage capacity. Despite their popularity and users’ reliance on them, most users have no idea how to manage these files and the IT helpdesk is often inundated with requests involving them, costing companies time and money. Of more concern is that critical email data is now being stored in locations that are not easily searchable by, or under the control of, the central organization.  Organizations therefore need to weigh the benefits and disadvantages of allowing employees to create PST files and create policies around these decisions.

Data governance policies around the use of external hard drives must also be created prior to implementing software. From USB sticks to larger external hard drives, saving items to these devices is a common practice so employees can back up their work. This raises a number of policy issues for companies. If an 

<< back Page 2 of 3 next >>

Related Articles

Big data can be a Siren, whose beautiful call lures unsuspecting sailors to a rocky destruction. The potential value of big data analysis to increase income (or lower expenses) for the company tends to drown out the calls for risk oversight. Understanding the legal and regulatory consequences will help keep your company safe from those dangerous rocks.

Posted December 17, 2013

Much of the information contained in databases is sensitive and can be sold for cash or, such as in cases of theft by a disgruntled employee or by a hacker with political motivations, to cause the organization loss of business or reputation, especially if the organization is found to be in breach of regulations or industry standards that demand high levels of data security. However, there are 5 key steps that can be taken to ensure database security.

Posted March 11, 2014