Implementing Compliance and Governance
Privacy regulations are increasingly rigorous, and organizations can’t ignore them. Leading the way are Europe’s GDPR, the United States’ Health Insurance Portability and Accountability Act (HIPAA), and the CCPA, which PwC considers to be “the beginning of America’s GDPR.”
Data governance ensures data is properly classified, accessed, protected, and used. It also involves establishing strategies and policies to ensure the data storage and processing environments comply with necessary regulatory requirements. Such policies also verify data quality and standardization to ensure the data is properly prepared to meet the needs of an organization. For example, data governance policies define access and control of personal identifiable information (PII). In the US, the types of information that fall under these specific guidelines include credit card information, Social Security numbers, names, date of birth, and other such data.
Implementing effective governance early in your data storage planning process will help you avoid potential pitfalls, such as poor access control and metadata management, unacceptable data quality, and insufficient data security.
Data governance isn’t a technology issue, it’s an organizational commitment that involves people, processes, and tools.
There are Five Basic Steps to Formulating a Strong Data Governance Practice:
- Establish a core team of stakeholders and data owners to create a data governance framework. This begins with an audit to identify issues with current data management policies and areas needing improvement.
- Define the problems you’re hoping to solve, such as better regulatory compliance, increased data security, and improved data quality. Then determine what you need to change, such as fine tuning access rights, protecting sensitive data, or consolidating data silos.
- Assess what tools and skills you will need to execute the data governance program. This may include people with skills in data modeling, data cataloging, data quality, and reporting.
- Inventory your data to see what you have, how it’s classified, where it resides, who can access it, and how it is used.
- Identify capabilities and gaps. Then figure out how to fill those gaps by hiring in-house specialists or by using partner tools and services.
Cloud storage achieves effective governance by following proven data management principles, including adding context to metadata to make it easier to track where data is coming from, who touched that data, and how various data sets relate to one another; ensuring quality data is delivered across business processes; and providing a means to catalog enterprise data.