Five things to do to Prepare for CCPA

Requirements for the California Consumer Privacy Act (CCPA) go into effect on January 1, 2020. Like GDPR, the CCPA is broad in its definition of “personal information.” It defines it as personal information that “could reasonably be linked, directly or indirectly, with a particular consumer or household.”

You won’t find the word “household” in GDPR. It implies that personal information doesn’t have to be tied to a specific name or individual (think home address, home devices, geolocation data, home network IP addresses, and the like).

GDPR lesson learned? Don’t do the same work twice.

Many companies started preparing for GDPR by hiring lawyers and consultants to do impact assessments, map out workflows, manually survey data sets, and introduce internal guidelines. This documentation is certainly important. But operationalizing GDPR and CCPA, such that compliance is automated, requires applying this work to a diverse set of data repositories—in addition to leveraging existing IT security tools, and other IT systems (e.g., SIEM, ticketing, data governance). Thus, it’s critical to get your CTO, CISO, data governance team, and chief privacy officer together to do it right the first time.

Five things to do to prepare for CCPA

  1. Establish a team, define responsibilities, and get your CxOs on the same page (business and technologists).
  2. Know which personal data you have and where it resides. Account for all data types—both at rest and in motion.
  3. Understand why and how you’re using your data, and be able to map it back to obligations such as CCPA and GDPR.
  4. Assess existing ticketing tools and other applications to help accelerate data subject access requests (DSAR).
  5. Operationalize and automate early. Use CCPA as an opportunity to apply data privacy automation to GDPR compliance, third-party data sharing agreements, and internal data use policies—on both personal information and intellectual property.

Highlights of CCPA compliance requirements, challenges, and how Integris responds

Using Integris Software, you can identify and tag personal data across any system, apply regulatory rules and contractual obligations, assess risk, and automate actions.

Summary Description
of Requirements for Sections 1798.100 and 1798.175
Data Privacy
Management Challenges
Integris
Responds
The Right to Access,
and Applicability Consumers have the right to request that a business that collects their personal information disclose the categories and specific pieces of personal information it has collected. Personal information isn’t limited to what’s collected electronically or over the internet; it also applies to the collection and sale of all personal information collected by a business about a consumer or household.
Not all personal data has an obvious tie back to a user ID (e.g., household data, GPS locations, voice to text, or follower lists on Instagram). Sensitive data has an  evolving nature. What’s considered a sensitive category or piece of data today may not be considered sensitive tomorrow, and vice versa.

Understanding derivative personal data is important, yet challenging. For example, food choices on an RSVP card can infer religion.

The number of sensitive data categories a business needs to track varies widely depending on its industry and specific business type.

Categories will often fall into different classifications and schemas (depending on the organization) and have different handling and access restrictions.

Companies may need to limit the sale or transfer of personal information based on its classification level.

Integris will never ask you to send us large customer data sets, because we assume all data is identifiable—even if it’s not directly tied to user IDs. By using a combination of contextual awareness, natural language processing, and machine learning, we map all sensitive data elements for complete and accurate results.Using machine learning, our deeper inspection identifies data down to the data element level so as to assess privacy, integrity, and handling violations.

Your data privacy landscape includes a detailed understanding of personal data categories, classifications, and individual data elements—including derivative personal data. You can even create your own definitions of sensitive data or let our machine learning make suggestions for you.

Integris’ ability to handle data in motion is key to helping you understand which data is entering or leaving your organization via data sharing agreements, and the streams and feeds your data scientists rely on for continuous innovation.

Summary Description
of Requirements for Sections 1798.110 and 1798.135
Data Privacy
Management Challenges
Integris
Responds
Right to Request Disclosure of Information Collected, and Compliance Obligations

A consumer shall have the right to request that a business that collects personal information disclose to the consumer the categories of third parties with which it shares personal information, and the specific pieces of personal information it has collected.

For consumers who exercise their right to opt out of the sale of their personal information, businesses must refrain from selling it.

There’s often a disconnect between what has been agreed to on paper by lawyers and what’s happening with the actual data. Often times, the people who negotiate the contract differ from those shipping the data, causing public embarrassment and loss of consumer trust.

Also, the way contracts are written is not necessarily the way data is represented. The word “location” might appear in a contract, but the data set contains latitude and longitude values. Therefore, businesses must account for how data elements might be combined to fit the legal terms on their data sharing agreements.

Integris continuously monitors your sensitive data against data sharing agreements, and ties relevant information back to contractual obligations.

We help you identify data and assign it to categories, giving it classifications such that you have granular control over the use and transfer of customer data.

Summary Description
of Requirements for Sections 1798.105, 1798.120 and 1798.130
Data Privacy
Management Challenges
Integris
Responds
Right to Deletion, Right to Opt Out, and Disclosure Obligations

Consumers have the right to request that a business delete any personal information it has collected about them.

Consumers can, at any time, direct a business that sells personal information to third parties to not sell their personal information. This is referred to as the right to opt out.

Businesses need to be able to associate information, provided by a consumer in a verifiable request,
to any personal information previously collected by the business about that consumer.

Not all personal data is tied to a user ID. Even without an ID the individual can still be identified in a data set. By simply mapping IDs to pre-existing metadata, businesses run the risk of creating a false sense of security about the data they have, which security parameters are being applied, and whether they’re in compliance with any regulatory mandate.   Integris operates at the data element level to inform you exactly what’s in your data set, not just what the metadata implies. The result? We’re able to support your DSAR effort and map data elements back to a specific consumer for complete and accurate results.

In addition, we can flag issues relating to data residency and retention, misclassification and mislabeling, and security issues, such as lack of encryption for highly sensitive data.

Integris makes it easy to respond to data subject access requests. Customer service reps can input data, find requested information, and share it back out with customers. They can preview DSAR reports, add private notes, and send them to the next step in your workflow.

Integris integrates with your existing ticketing system, and provides detailed logs for internal audits and compliance needs.

This second post of our two-part series provides an overview of the data governance market, vendors, and tools.  In part one, we provided an overview of the practice of data governance.

List and Online Reviews of Data Governance Vendors and Tools

The variety of vendors in the data governance market is quite wide. The list below narrows the selection down to some of the leading products on the market, recognized by industry experts such as the Forrester analyst group, the Gartner analyst group and Information Management magazine.

According to the report The Forrester Wave™: Data Governance Stewardship And Discovery Providers, Q2 2017, the main objectives of these solutions are to:

  • Manage data policies and rules centrally. Data stewards, including business and tech management stakeholders, use these tools to improve the quality, uniqueness, security, privacy, and life cycles of their data. Better data governance and reporting help improve process efficiency, reduce tech management and business risk, enforce compliance, and improve trust.
  • Discover and document data sources. Data stewards must do this for all internal and external data sources — both to meet regulatory requirements and to support the new usage of data within systems of insight.
  • Manage compliance with evolving regulations. New data projects must determine which policies and rules will affect them and how to manage these requirements.
  • Industrialize privacy management. This includes broader regulations like the European Union’s General Data Protection Regulation (GDPR), which affects many roles across the enterprise.

Gartner calls this market Metadata Management Solutions, citing data governance as one use case of those solutions. Gartner published a Magic Quadrant for Metadata Management Solutions in August 2018, and we’ve included the solutions from that report in the list of tools below.

Here, then, in alphabetical order (i.e., not ranked order) are some of the leading data governance/metadata management vendors with products on the market today.


Adaptive Inc.

Adaptive Metadata Manager

Founded in 2002, Adaptive is a global company headquartered in Aliso Viejo, California. The company has fewer than 100 employees.

Adaptive offers standards-based solutions that help organizations better align their valuable information by supporting specific management challenges including Data Governance, Data Quality, Metadata Management, Enterprise Architecture Management and IT Portfolio Management while ensuring Knowledge is retained as systems evolve. Adaptive is positioned in the Visionaries quadrant of the Gartner Magic Quadrant for Metadata Management Solutions.

The Adaptive Metadata Manager product comprises a number of highly configurable software components that provide an organization with the eight core capabilities required to govern and improve virtually any data-driven business capability. These capabilities are: Data Lineage, Data Quality, Impact Analysis, Business Terminology, Business to Technical Traceability, Version Management, Change Approval Workflow, Stewardship, and Automated Harvesting & Stitching.

Adaptive Inc. Reviews:


Alation Inc.

Alation Data Catalog

Alation is headquartered in Redwood City, CA, USA with major offices in London and India. The company was founded in late 2012 and is currently in late-stage venture funding with 10 investors. Alation has between 100 and 250 employees. Alation falls into the Leaders quadrant of the Gartner Magic Quadrant for Metadata Management Solutions.

Alation offers a metadata catalog focused on supporting analytics. Its product features customizable dashboards and alerts for data stewards and non-technical business. “We believe that enterprise data catalogs are core to building a data culture. Data catalogs will fundamentally change the way data consumers, data creators, and decision-makers find, understand and trust data.”

Use cases for this solution include collaborative analytics, governance for insight, Hadoop search and discovery, Redshift search and discovery, and Tableau data catalog.

The solution can be deployed on-premise or in the cloud.

Alation Data Catalog Reviews:


ALEX Solutions

ALEX

Alex Solutions is a start-up company based in Melbourne, Australia. It was founded in January of 2016 and has approximately 65 employees at this writing. Despite its start-up status, ALEX Solutions finds itself in the Leaders quadrant of the Gartner Magic Quadrant for Metadata Management Solutions.

This cloud-based data governance solution is designed to support business and technical users. Its key features are structured and unstructured data scanners, profiling, data usage tracking, and simple value and impact ratings. The solution is able to automatically classify sensitive information and determine which users can access it based on their predefined roles. The product strategy is focused on establishing an enterprise data marketplace, a collaborative platform through which enterprise data can be managed and shared with stakeholders to leverage the business value of enterprise data assets.

Use cases for this solution include privacy, governance risk and compliance, risk portfolio simplification, data risk management, data governance and strategy, and asset simplification.

ALEX Solutions Reviews:


ASG Technologies

Enterprise Information Management Suite

Founded in 1986, the company is headquartered in Naples, Florida. The company has more than 1,000 employees.

ASG’s Enterprise Information Management portfolio of products help customers become Information Companies in this era of digital transformation. They manage a high volume of information, create understanding and trust, and deliver this information into processes and applications that are transforming businesses. The solution suite is in the Leaders quadrant of the Gartner Magic Quadrant for Metadata Management Solutions.

ASG Technologies Reviews:


BackOffice Associates

Data Stewardship Platform

This company was founded in 1996, but a majority stake was sold to Bridge Growth Partners in 2017. It is headquartered in Hyannis, Massachusetts with offices throughout the U.S., Europe, Asia Pacific and the Middle East. The company has approximately 1300 employees.

BackOffice Associates is an enterprise information data governance and data stewardship solution provider that supports the data management journey from migration, archival, data quality, and analytics to data governance and master data management. It provides data scanners, data profiling, data quality, and collaboration, and a basic but useful data valuation approach. Backoffice Associates is addressing new domains for data governance, including complex privacy governance as required by GDPR.

The solution can be deployed on-premise or in the cloud.

In September 2018, BackOffice Associates was named to Big Data Quarterly’s 2018 Big Data 50. The list honors forward-thinking companies that are working to expand the possibilities in collecting, storing, protecting, and deriving value from data.

BackOffice Associates Review:


Collibra Inc.

Collibra Data Governance Center

Collibra was founded in mid-2008 as a spin-off from STARLab at the VUB University of Brussels. It’s currently in late-stage venture funding including the Brussels Imagination, Innovation and Incubation Fund, Brustart (GIMB), and business angels. Collibra is headquartered in the greater New York City area. The company has local offices in North America and Europe, and via partners in Asia, the Middle East, and South America. Collibra has between 251- and 500 employees. The solution is in the Leaders quadrant of the Gartner Magic Quadrant for Metadata Management Solutions.

A provider of data governance and catalog software, Collibra helps organizations across the world gain competitive advantage by maximizing the value of their data across the enterprise. The Collibra solution is purpose-built to address the gamut of data stewardship, governance, and management needs of the most complex, data-intensive industries. The flexible and configurable cloud-based or on-premises solution puts people and processes first – empowering every data citizen to find, understand and trust the data to unlock business value.

Among the many use cases are data lake management, data distribution (search/shop), and report certification. The solution can be deployed on-premise or in the cloud.

Collibra Reviews:


DATUM LLC (an Infogix company)

DATUM Information Value Management

The company was founded in March of 2009. Its main contact office is outside Chicago, Illinois. There are between 51and 100 employees. Gartner places DATUM in the Leaders quadrant of the Gartner Magic Quadrant for Metadata Management Solutions.

DATUM offers a metrics-focused, SaaS-based platform for enterprise-wide “system of record” governance and digital transformation. The product integrates with existing data quality and MDM tools with data automation, workflow and metadata. It makes “data shopping” possible by making data assets findable, understandable and accessible through automated data discovery search.

Use cases include analytical insights, reporting and compliance, and operational excellence. The solution can be deployed on premise or used as a SaaS offering.

DATUM Reviews:


erwin Inc.

erwin DG

Parallax Capital did a leveraged buyout of the company in March 2016. erwin is headquartered in the greater New York City area and has between 101 and 250 employees. erwin has been named to CRN’s 2019 Big Data 100 list for Big Data management and integration, recognizing them as a ground-breaking technology supplier.

erwin DG is a SaaS product that uses a role-based UI. It provides an integrated business glossary, data dictionary and catalog. It integrates via a common metadata repository with Erwin data modeling, enterprise architecture and business processes. Among the use cases are regulatory compliance, analytics and Big Data, decision making, reputation management, and customer satisfaction.

erwin DG is a SaaS offering that is sold through a global partner network.

Erwin Reviews:


Global Data Excellence

DEMS (Data Excellence Management System)

This privately owned company was founded in 2007. It is headquartered in Geneva, Switzerland and has fewer than 50 employees.

This solution uses artificial intelligence and semantics to automate data governance, business excellence, and analytics. The company leverages advanced university research in semantic models and AI to automate numerous, currently painful manual tasks for data governance.

Global Data Excellence earned the excellence prize from the European Commission’s Horizon H2020 research and innovation Programme with the corresponding grant. DEMS scored 13.88 out of 15 whereas the excellence threshold is 13. DEMS is considered by the EU as an alternative future technology for the creation of a new society of excellence governed by value as a response to the Artificial Intelligence and governance technologies coming from the US.

The product can be deployed on-premise or in the cloud.

DEMS Reviews:


Global IDs

Data Governance Solution Suite (DGSS)

Founded in 2001, Global IDs is a privately funded company with between 100 and 250 employees. It is headquartered in Princeton, New Jersey.

DGSS is a comprehensive suite of applications that allows organizations to govern their core data assets in a systematic way. In order to create a foundation for data governance, DGSS performs four core activities: Data Discovery, Data Profiling, Data Quality, Master Data Integration. Among the use cases are metadata governance, master data governance, reference data governance, and Big Data Governance.

Global IDs appears in the Visionaries quadrant of the Gartner Magic Quadrant for Metadata Management Solutions.

Global IDs Data Governance Solution Suite (DGSS) Reviews:


IBM

IBM Stewardship Center and Information Governance Catalog

This venerable company was founded in 1911 and is headquartered in Armonk, New York, with operations in over 170 countries. IBM has more than 366,000 employees worldwide.

This product offers a common data governance layer across standard and enterprise MDM server editions. It enables an organization to create diverse policies defined in natural business language. Stewardship Center provides data stewards, data steward managers, and data source owners with a central browser-based interface where they can collaborate on and manage data quality issues. Information Governance Catalog (IGC) is a web-based tool that enables exploring, understanding and analyzing information. This solution can be deployed on-premise or in the cloud.

IBM appears in the Leaders quadrant of the Gartner Magic Quadrant for Metadata Management Solutions.

IBM Stewardship Center and Information Governance Catalog Reviews:


Informatica

Axon Data Governance

Informatica was founded in February 1993 and is headquartered in Redwood City, CA, with offices around the world. The company has more than 3600 employees. Informatica appears in the Leaders quadrant of the Gartner Magic Quadrant for Metadata Management Solutions as well as in the Gartner Magic Quadrant for Data Quality Tools.

This product is the collaboration hub for successful data governance programs. It uses the power of AI and machine learning to automate today’s most challenging data governance tasks: finding data, measuring its quality, and locating the right people to help govern it. Data stewards everywhere have access to trusted data and the ability to access it, act on it, and implement governance processes. The product can be deployed on-premise or in the cloud.

Informatica Data Governance Reviews:


TIBCO Software (formerly Orchestra Networks)

TIBCO EBX

Orchestra Networks was founded in 2000 and acquired by TIBCO Software in December 2018.

TIBCO/Orchestra Networks offers an integrated master data management/master data governance/reference data management product. EBX lets users manage, govern and share any and all data assets, including master data, reference data and meta data, because effective data management often requires more than a point solution. It features linkages between conceptual and physical data; has standalone data governance or can be integrated with Master Data Management. It can be deployed on-premise or in the cloud.

For the third consecutive time, Gartner has named TIBCO EBX a Leader in the Magic Quadrant for Master Data Management Solutions.

Tibco EBX Reviews:


SAP SE

SAP Master Data Governance

SAP was founded in June 1972. The company is headquartered in Walldorf, Baden-Württemberg, Germany with regional offices in 180 countries. It has nearly 90,000 employees worldwide.

This product offers ready-to-use governance applications integrated with SAP ERP. It has a predefined and extensible data model; prebuilt and flexible workflows; and multi-mode data replications. It is listed in the Visionaries quadrant of the Gartner Magic Quadrant for Metadata Management Solutions.

SAP SE Reviews:


Utopia Global Inc.

Utopia

This privately-owned company was founded in 2003. It is headquartered in the Greater Chicago area and has approximately 400 employees.

As SAP’s worldwide software partner for master data governance, Utopia is the exclusive developer of solution extensions for SAP Master Data Governance focused on enterprise asset management, retail and fashion. The company’s solutions help organizations migrate to SAP S/4HANA® leveraging MDG as the bridge, and maintain data integrity between digital twins, across multiple systems of record.

Stop relying on spreadsheets, manual surveys, and custom scripts to inventory your data sources, metadata, and classifications.

Identify and tag personal data across any system, apply regulatory rules and contractual obligations, assess risk, and automate actions.

Integris’ unique set of capabilities enable regulatory hygiene while maintaining the productivity of your Hadoop data lake.

Data privacy tools typically focus on either the technical control of data, or the coordination of human processes. Often the ‘missing link’ is direct remediation of sensitive data once it is identified. Integris Software is betting on the use of automation to fill this gap, in an approach it calls ‘data privacy automation.

Use Integris to discover and classify sensitive data across any system, apply data handling policies, assess risk, and automate actions

451 Research Analyst Report Says Integris Addresses the ‘Missing Link’: Automated Remediation and Control of Sensitive Data Once It Is Identified

As data privacy and data protection regulations around the world continue to proliferate – each with its own nuances and requirements – many enterprises are now struggling to identify data down to the data element level and create cohesive human processes to manage data and control workflow. Given escalating volumes of structured and unstructured data, the need for automation is a given.

No single software product can make an organization compliant with GDPR, CCPA or similar regulations, so the enterprise typically employs several solutions. However, there is often a gap in tooling when multiple products are in place: the step of automatically enacting appropriate policy on sensitive or personal data once it has been identified. This is the layer of control that Integris helps customers to implement, and it’s a critical one for continuous, defensible compliance. Integris makes extensive use of automation and machine learning, for both detection of sensitive data and assignment/execution of policy, which are necessary given escalating volumes of enterprise data that cannot be manually evaluated and assigned protective policies.

In a new report published in March 2019, the analyst firm 451 Research outlines how Integris Software helps companies achieve their comprehensive data control objectives through automation. We are pleased to make the full report, Integris Software leverages automation for continuous data privacy compliance, available for complimentary reading. Here are a few highlights from the report:

  • Integris Software is designed to help automatically detect sensitive and personal data, and importantly, automate remediation and policy execution once that data has been identified. The company calls its approach “data privacy automation”, and these capabilities ensure that data is automatically protected with appropriate measures once it has been identified.
  • At a high level, the Integris platform provides a data privacy hub for multiple stakeholders including CIOs, CTOs, CDOs, CISOs and CPOs, as well as various lower-level practitioners.
  • Tools for visibility into where sensitive data resides, and the ability to automate policy actions on that data, help ensure that data isn’t just discovered and documented, but that an appropriate control workflow is kicked off as well.
  • Integris’ capabilities can be leveraged as a data logic layer, so organizations can add and control any type of rule to any type of data, for any use case, not just regulatory mandates. Privacy is simply the ‘tip of the spear.’

Read more about what 451 Research has to say about Integris Software’s approach to data privacy automation here.

This first post in a two-part series provides an overview of the practice of data governance. In part two, we’ll review a list of top data governance vendors and tools.

Best Practices to Support an Enterprise Data Governance (aka Metadata Management) Program

Data is the lifeblood of every enterprise organization. Therefore, companies must ensure that the data used in their business processes is consistent and trustworthy. This is critical as more organizations rely on data to make business decisions, optimize operations, create new products and services, and improve profitability. The formalized process of caring for data is known as data governance (DG).

What is data governance?

The Data Governance Institute says data governance is “a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.” Here’s a more straightforward definition: “Data governance is the overall management of the availability, usability, integrity and security of data used in an enterprise.”

Data governance includes the people, processes and technologies needed to manage and protect the company’s data assets in order to guarantee generally understandable, correct, complete, trustworthy, secure and discoverable corporate data. Typically, DG includes a governing body, well-defined procedures and a plan for implementing those procedures.

What does a data governance program include?

A solid DG program establishes internal policies for data use in order to minimize risk and to better position the organization to implement and meet compliance requirements, such as for HIPAA, CCPA or GDPR. A good program can increase the value of the data by defining how and when it can be used for different business purposes, and by making it available to the appropriate users. For example, digital transformation and data readiness are top priorities for large enterprises striving to deliver more agile business models based on data transparency, data standardization, predictive analytics and high-quality data sets.

What is data stewardship and what are data stewards accountable for?

A major objective of data governance is to assure data quality in terms of accuracy, accessibility, consistency, completeness and updating. Thus, a DG program necessitates the appointment of one or more stewards who are accountable for various portions of the data. Large enterprises often appoint teams of data stewards to guide the data governance implementation. Data stewards work with individuals throughout the organization to help ensure data use conforms to a company’s data governance policies.

What are data governance goals and best practices?

One of the goals of data governance is to ensure that data meets the needs of the organization. Other goals include resolving issues related to data, reducing the costs of managing it, and positioning data as a highly valued asset within the organization. There is much work to be done by everyone involved. While each company may take its own approach to data governance, here are a few best practices from the consulting firm, Consolidated Technologies that have helped many organizations through the process over the years.

  • Identify Benefits and Opportunities – Focusing on the benefits that data governance provides can help you in creating your data governance strategy and help motivate people within the organization to improve how they manage data. When beginning to develop your data policies, take a look at your current practices and opportunities that improving them could provide. You can then develop your strategy around taking advantage of those opportunities. Implementing a significant change within an organization is challenging, and having buy-in from others in the company is critical for success. Identifying the potential benefits of data governance can help get buy-in from upper-level management, which is necessary for launching such an initiative. You also need buy-in from others who handle data at all levels of the organization. When people understand the reason for implementing a change, they may be more motivated to do the work needed to make it. Some of the benefits of data governance include improved data quality, better decision-making, enhanced operational efficiency, regulatory compliance and increased revenue.
  • Start Small – Data governance requires participation across your entire organization and can involve complex systems, numerous groups of people or large amounts of information. Getting started with data governance can be intimidating. Starting small can help and may, in the end, lead to better results. Although your overall goal in your data governance is large, it’s advisable to start with just one business area or data issue and expand from there. Break your larger overall program down into smaller steps for a better chance at success. Starting with one area makes the organizational change more manageable. It allows you to test out ideas and processes to determine what works best. When you move to the next area after your initial roll-out, your process will be more refined and therefore more efficient and cost-effective.
  • Measure Progress – Measuring the success of your data governance framework through the use of metrics is critical for meeting your data goals. It helps you to ensure that you’re on the right path with your data management and helps you determine what parts of your strategy are working well and what parts you should change. Metrics are also essential for demonstrating the benefits that a data governance framework has for a company. The kinds of metrics you should measure depends on your goals. Choose metrics that help you determine if your framework is fulfilling its objectives.
What Data Governance Goals Should You Measure?
Data Governance Metric Definition
Data quality scores You can measure the quality of your data according to its completeness, accuracy and timeliness. Measuring data quality in the same way across the organization will make your data quality metrics more useful.
Adoption rates For a data management strategy to be successful, you need people to implement it. The rates at which people within your organization are complying with your standards and procedures can help you determine if your system is working.
Number of risk events Bad data management can result in inaccurate decisions, lost clients and fines from regulators. Data loss and cybersecurity incidents can be especially costly. In fact, downtime caused by data losses can cost many thousands of dollars each day. Data governance aims to reduce the frequency and severity of these events. Analyzing these events over time will tell you if your system is succeeding in this.
Data rectification costs Data governance aims to fix bad data as early in the process as possible or prevent it altogether. Fixing bad data comes with costs, especially when the problem has existed for longer. Data governance should reduce data rectification costs over time.
  • Communicate – Data governance is about data, but it’s also about people. You need strong internal communication for a data governance plan to work. Communication plays a role in every stage of creating and implementing a data governance strategy. As part of creating your data governance framework, you should also establish a strategy for communicating about it. Early in the process, you need to convey the benefits of data governance to get buy-in. Communicating the successes of the strategy through the use of metrics can help cement buy-in and keep people motivated to participate. It’s also essential that the group in charge of the implementation clearly communicates what the roles of each participant in the data management strategy will be. Each participant should have a clear understanding of what their goal is and the guidelines they should follow in accomplishing their goal. As you assess your strategy, you’ll also need to communicate about any changes you have to make to it. Those affected by the changes should understand why they’re making them and how to do so.Without proper communication, misunderstandings and lack of buy-in can cause problems in implementing a data strategy. With strong communication, however, you have a much higher chance of success.
  • Make It Continual – An essential aspect of data governance is that it’s a practice, not a project that you set aside once it’s finished. Data governance doesn’t have an end date like a typical project does. Instead, it requires fundamental changes to the way a business operates. People within the organization will need to incorporate the standards and procedures into the way they do their jobs for data governance to be successful. You’ll also need to make decisions about how to handle data as needs change, data volume increases or you start gathering new types of data. Your standards and policies can guide these decisions, but you’ll need to make them in real time. It’s also critical to periodically review your data management policies and strategies, evaluate their effectiveness and make any changes needed to improve them. This requires keeping track of metrics to determine what works well and what does not for your organization.

Source: Consolidated Technologies, Inc.

In part two of this blog post, we’ll dive into the data governance market and provide a list of top data governance vendors and tools.

Government mandates, data sharing agreements and spreadsheets sow confusion amid an avalanche of private data

Companies are inundated with data. A single bank transaction might get replicated across a hundred data repositories. Companies are constantly purchasing data from third parties to build better customer profiles. In addition, as companies consolidate through mergers and acquisitions, they acquire completely unknown datasets and data transfer agreements between business partners. In this environment, it’s no wonder that respondents’ data privacy programs scored much lower on technical maturity than on organizational maturity.

Survey Demographics and Firmographics

258 respondents completed the survey, each of whom had to meet the following minimum criteria:

  • Reside in the USA
  • At least “Somewhat Knowledgeable” on how data privacy and data security are managed at their current company
  • Mid to senior level professionals and executives
  • 500 employees or more (62.4% had over 5,000 employees)
  • $25 million or more in annual revenue (69.38% had over $1 billion in annual revenue)
  • Functional roles/areas had to be in IT, general management, or risk and compliance

Key Findings:

Data privacy management overconfidence: 40% were Very or Extremely Confident in knowing exactly where sensitive data resides despite only taking inventory once a year or less, and; a mere 17%  of respondents are able to access sensitive data across five common data source types.

Data privacy impacts much more than regulatory compliance: Enforcing internal data handling policies like classification and retention was cited 69% of the time. Proving compliance with business obligations like data sharing agreements was cited by 63% of respondents. About one third of respondents cited the impact on M&A due diligence (34%) and data lake hygiene (32%). About a quarter of respondents (24%) viewed data privacy as impacting the delivery of AI / ML projects.

The proliferation of data sharing agreements: In the wake of the misuse of data sharing agreements like the one between Facebook and Cambridge Analytica, enterprises seem to be more aware of such agreements. 40% of respondents had 50 or more of these data sharing agreements in place. However, respondents reported being 43 percent more confident in their ability to be compliant compared to how they perceived their partners.

Data privacy management budgets reside in IT departments: About 50% of data privacy budgets are concentrated in IT departments.

Technology leaders are increasingly being tasked with operationalizing their companies’ data privacy management program. Why? At its core, data privacy is a data issue, and privacy is an outcome of a comprehensive data protection strategy.

Download the full report here