The importance of data governance

Designing and implementing procedures to support the responsible and legally compliant dealing with data is one of the greatest challenges currently faced by boards of directors. 

The aim of this data governance study is to assist boards and senior management with implementing an effective data governance framework. 

The purpose of an effective data governance framework is to protect data assets and, by doing so, maintain the trust of stakeholders, including customers, suppliers, employees, investors, regulators and government.

As data is an increasingly valuable asset, it is critical that organisations design and introduce an effective data governance framework to maximise the commercial value and efficiency of data, while also minimising risk.

What is data governance?

Data governance is the exercise of authority, control and shared decision-making (planning, monitoring and enforcement) over the management of data assets. ‘Data assets’ include information systems, databases, web pages, application output files, metadata and other digital documents of an organisation*.

How is it implemented?

Data governance is implemented through policies and processes that describe the responsibilities that attach to different types of data creation and use. It requires identifying parties who have authority and control of data assets, outlining the procedures that should be followed when decisions are made in relation to data assets, and establishing clear lines of reporting, accountability and oversight.

Are there any specific data governance laws?

A variety of different laws and principles relate to data governance. They include:

• Privacy laws — impose responsibilities for the creation, use and sharing of personal information (PI), including with respect to third parties and international entities;
• Notifiable data breach laws— create a duty to report serious breaches of PI to impacted parties and public;
• Confidentiality laws — create a duty to maintain confidentiality of communications;
• Corporations laws — impose duties on directors to exercise reasonable skill and act with due diligence;
• Administrative laws — impose duties of officials to act reasonably when making decisions, not take into account irrelevant considerations and provide an opportunity for parties to be heard;
• Consumer laws — prohibit misleading or deceptive conduct and false representations;
• Sector-specific data laws — impose duties on government, health, finance and other sectors who deal with sensitive information and data;
• Indigenous data sovereignty — the Australian Institute of Aboriginal and Torres Strait Islander Studies outlines how Indigenous data should be ‘governed and owned by Indigenous from the very creation of data to its collection, access, analysis, interpretation, management, dissemination, potential future use and storage’ (AIATSIS 2019:51)**. 

What sort of expertise is necessary to design data governance procedures?

The design and evaluation of data governance policies and procedures requires a combination of technical, business and legal expertise. This cross disciplinary expertise is reflected in the composition of the authors of this White Paper.

* M. Brackett, S. Early and M. Mosley (eds). DAMA Guide to the Data Management Body of Knowledge, NJ Technics Publications LLS, 2017 (second edition). 

** Walter, M., Lovett, R., Maher, B.L., Williamson, B., Prehn, J., Bodkin-Andrews, G., and Lee, V. (2020). Indigenous data sovereignty in the era of big data and open
data. Aust. J. Soc. Issues 56: 1–14, link; Further reading - Legal Issues in Information Technology Law, Mark Perry, Michael Adams, Alpana Roy, Niloufer Selvadurai, Monique Cormier and Stephen Mchenzie, Thomson Legal Australia, 2022.

For any assistance with addressing the data governance needs of your organisation, do not hesitate to contact your local PKF Audit and data governance expert.