Data Governance Definition: Compliance and Best Practices

Data Governance Definition

This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Verisk Marketing Solutions‘ Head of Data Governance Christine Frohlich offers a data governance definition and detailed outlook on upcoming compliance legislation, and more.

SR Premium ContentToday’s consumers readily exchange personal information for timely online experiences such as instant auto quotes or access to multiple mortgage offers. The ability to reach consumers with targeted messaging at just the right time is remarkable. Yet marketers face a growing paradox: consumers want highly personalized online interactions but demand the highest standards for data security and privacy.

Businesses that manage data – particularly consumer data – must have data protection programs in place to avoid fines and litigation and maintain customer trust. The ever-growing volume of data and pressure marketers face to grow their business must not overshadow consumer data privacy needs. When done right, data protection programs increase consumer trust in brands which ultimately helps improved ROI.

Consumer Privacy Rights and Autonomy Should be Protected

Consumer privacy regulations at the state level are deeply fragmented. With no comprehensive U.S. federal policy to protect sensitive personal information, consumers throughout the country are at risk.

Whether driven by executive order or legislation, clear and concrete national policies for data privacy would alleviate confusion and simplify processes for data-driven companies juggling individual state level policies.

Data management teams should be thinking about mounting consumer concerns with data privacy. Despite preferring personalized digital experiences, most Americans say they are at least somewhat concerned about how their data is being used.

Responsible data-driven companies practice data minimization; or in other words, unless data is essential to business goals, companies do not want to collect it. Instead, the data companies collect is protected by clearly defined data governance policies and best practices including well-defined and strongly upheld data retention standards. This message should be shared with customers early and often. These policies protect consumers and build trust and transparency between customers and brands.

Companies that benefit from consumer data have a responsibility to protect consumer privacy. That holds true whether the risk is a data breach or government overreach.

Establishing Sound Data Governance Practices

Establishing data guidelines and cataloging data within a company typically falls into one of three departments: compliance, privacy, or data governance. Think of them as the three legs of the data protection stool.

Compliance efforts ensure the company adheres to state and federal laws and regulations. Privacy focuses on securing consumer data, which in turn, helps protect the brand’s reputation. Data governance ensures data is managed properly across all business units and that data policies are not only created but also operationally implemented.

The three legs of the data protection stool cannot work alone, each supports the other and plays a vital role within a business. While consumer privacy and compliance practices may be more visible, data governance tends to take place behind the scenes, with efforts that connect traditional compliance functions to business operations and ensuring policies are upheld.

In the past three years, implementing effective data governance practices has become more important than ever. With several new state privacy laws enacted and a federal law looming, companies are doubling down on privacy efforts to build strong relationships with consumers. Brands recognize even one data breach can harm consumer trust and cost an average of $4 million. Improving data governance helps maintain consumer trust, avoid fines and fees, and improve the consumer buying journey.

Defining Data Governance

Data governance is an ongoing responsibility with no beginning and no end. It is the hard work of managing, inventorying, and documenting data. While definitions vary, at its core data governance ensures the right people, processes, and technology are in place to achieve three specific goals:

  • Ensure company data is discoverable
  • Ensure procedures are in place to properly handle data
  • Ensure data is used appropriately and meets regulatory and contractual requirements

Good data governance uses an integrated approach that brings data-related policies to life with defined, repeatable controls and monitoring programs. Data is powerful and if used recklessly, can be dangerous. Ensuring the consumer is prioritized at every stage of the data lifecycle, adhering to the rules, and reporting those who fail to do so are good data governance practices. Written policies and procedures are important, but if no one follows them, they are meaningless.

The Impact of Upcoming Legislation

Current state privacy legislation requires marketers navigate a patchwork of individual laws. A federal bill is a hot topic across the industry, with marketers expressing strong support. Federal law would reduce the pain marketers feel navigating individual state laws, providing the details of a federal law are reasonable.

Ideally, federal privacy law would balance consumer rights and economic growth with an understanding of the data ecosystem and technologies that support our industry. A long-debated federal privacy bill was introduced in June and is gaining support in the U.S. House of

Representatives. While this is a step in the right direction, movement on such major legislation will take time.

At the state level, momentum for privacy legislation is at an all-time high. Comprehensive state privacy bills recently passed in Colorado, Connecticut, Virginia, and Utah. While a blueprint is beginning to emerge among state bills focused on similar consumer rights and business obligations, the specific requirements of each bill remain different.

How Businesses Can be Prepared

Every business should be prepared to address current data governance legislation and look ahead to what is ahead on the horizon. If your business is behind on 2023 adherence, there are steps to catch up. First, do not panic.

Depending on the size of your organization and how you approached CCPA, compliance to the new regulations could involve significant work. To be proactive, start extending your privacy program beyond state borders and know where your data is coming from, how you are managing it and how it is being used.

Along with regulatory requirements, ask two simple questions to vet your data practices: Would you be okay with your grandparent’s information being used or handled in this manner? Is my consumer getting value? I.e., is there an appropriate value exchange for the use of their data? If the answers are no, there is work to be done.

Comprehensive data governance programs require executive-level support and resources, engaging the C-suite is a critical first step. Once support is secured a good next step is to research technology tools that help keep information accurate and updated. Understand not all companies have the resources to manage emerging privacy regulations and data governance complexities on their own. It is okay to look for external support through trustworthy partners that understand your business and specialize in consumer privacy. However, data governance should be a meaningful focus in any organization, it is not a side-task, nor can it be relegated to a part-time job.

To help manage the mechanics of implementing a data governance policy, seek out step-by-step guides, available from trade associations or law firms specializing in privacy. The Interactive Advertising Bureau (IAB) and Association of National Advertisers (ANA) both provide excellent resources to data owners and data buyers.

The role of data governance is to protect consumers while keeping businesses safe. It will be a driving force in the evolution of the marketing services industry. At the end of the day, not managing data puts businesses at tremendous risk and ignores opportunities use data to improve ROI. Committing to a data governance program protects the best interests of the company and its customers while providing personalized online experiences.

Christine Frohlich
Follow
Latest posts by Christine Frohlich (see all)