Data Governance Is Key to Managing Security, Privacy and Risk
Security, privacy and risk do not have to be scary, but with GDPR, CCPA and organizations moving to a risk-based approach to security– rather than focusing only on compliance—they have become daunting challenges. What is typically at the heart of organizations? Data and information. The common denominator that makes security, privacy and risk more effective and–dare I say it– easier? Data governance.
What Is Data Governance?
Data governance is the capability within an organization to help provide for and protect high-quality data throughout the lifecycle of that data. This includes data integrity, security, availability and consistency. Data governance includes people, processes and technology that help enable appropriate handling of the data across the organization.
- Data governance program policies include:
- Delineating accountability for those responsible for data and data assets
- Assigning responsibility to appropriate levels in the organization for managing and protecting the data
- Determining who can take what actions, with what data, under what circumstances, using what methods (See Data Governance Institute for details.)
- Identifying safeguards to protect data
- Providing integrity controls to provide for the quality and accuracy of data
How Does Data Governance Help with Privacy Management?
You have to know what data you have, where it is, how it is used and whom it is shared with to comply with applicable privacy regulations. You also need to have the processes to obtain appropriate consents to access and delete it.
Privacy regulations are basically a business case for data governance. Imagine if organizations had already done extensive data mapping exercises prior to GDPR? Imagine if they knew where, why, what and how about the data prior to GDPR being passed? The transition to GDPR would have been far less painful.
How Does Data Governance Help Cybersecurity?
To protect against threats, organizations need to know what data to protect and how to help keep it protected. Information protection is at the core of security, but how can you protect it if you do not know what data you have, where your data is, how it is used, whom it is shared with and how it is shared? Businesses can no longer have perimeter protections in place and call it a day–the perimeter has expanded to suppliers, cloud vendors, partners, and so on. So, managing your data in a structured, responsible and law-abiding way will make it more efficient for security professionals to protect it.
How Does Data Governance Help an Organization Manage Information Risk?
You need to know the most sensitive and critical data to your organization–your most valuable information–so that you can allocate more resources to protecting that data. No organization will be 100% secure, and very few organizations have unlimited resources–people and financial–to implement, operate and improve cybersecurity measures. Therefore, businesses must take a risk-based approach and focus on the most sensitive data assets.
Times are changing. Is it easy to design and implement a data governance program? No, or organizations would have them in place today. However, given privacy regulations, the evolving threat landscape, the age of digitization and the expanding organizational boundaries, data governance is no longer a choice for organizations that need quality data, protected from cybercriminals, and in compliance with data protection laws.
Carisa Brockman has worked as part of the AT&T family for over 18 years (through acquisitions). She is well-versed in business management practices and has focused on strategic planning, information risk management, compliance management, enterprise policy management, cross-functional process design and management, consolidation and integration of enterprise security functions, and organizational effectiveness.
This blog is part of a Channel Futures sponsorship.