Robust and ethical data governance critical to growth in digital age
With increasing digitalisation, and companies collecting an ever-increasing amount of their customer and business data, organisations have to become more accountable to stakeholders such as regulators, customers and investors on the issue of data.
Observers say expectations are also increasing, with incidents of data breaches capturing much media attention.
Just as corporate governance encompasses more than just compliance, experts say data governance is more than just data protection and security but also about creating value.
"Data governance is all about ensuring there is quality of thought, handling and safeguarding of data every step of the way, beyond just complying with regulations," said Ling Su Min, Head of Clients, Markets and Innovation at KPMG in Singapore.
But with a surge in high-profile digital hacking incidents, regulators and organisations are training their focus on data security and privacy, along with other related concerns.
This creates a fine balancing act across the ecosystem for all parties.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
In their role, regulators will set the appropriate rules on data security for compliance.
But in working within the rules, organisations will have to ensure that innovation can continue to flourish to give them a competitive edge and bring value to their business.
"Security should safeguard but not hold back the forward push of innovation efforts," said Ms Ling.
Ethical and governance considerations
There are ethical and governance considerations for building robust data governance policies in organisations.
"The key ethical value is responsible data handling (while) protecting data privacy and building trust," said Philip Chong, Global Leader, Digital Controls, at Deloitte Risk Advisory.
"Fairness, transparency and accountability play a critical role in developing a robust data governance policy. Data must be used fairly for the purpose for which it was collected and it should not be used in ways that result in biased decision making," he added.
KPMG's Ms Ling said, "Data governance policy should guide organisations in uplifting professional ethics for data-driven innovation, while blending data privacy, data sharing and data storytelling to truly unlock the economic value of data."
Developments in international standards and legal factors must also be considered.
"For the organisation, the cost of investing in these considerations will have to be balanced against the benefits of adherence to national and global standards, as well as to avoid risk of penalties for non-compliance with legal requirements," said Associate Professor Warren Chik, Deputy Director, Centre for AI and Data Governance, Singapore Management University (SMU).
The value of transparency is very important to build trust but explaining complex policies to stakeholders while maintaining accuracy is a challenge.
"The extent of human involvement and oversight in Artificial Intelligence (AI)-augmented decision-making is also challenging. Too much oversight may drive up costs and manpower and defeat the use of AI; but too little may lead to legal liability or unethical outcomes," said Assoc Prof Chik, who is also from the SMU Yong Pung How School of Law.
Data governance councils could help
Organisations may also consider setting up data governance councils to drive stronger data governance.
The council sets the strategic direction for what the data governance programme needs to accomplish, its priorities and targets, and when they need to be accomplished.
"(Such a council) oversees the data governance programme at a strategic level, provides resolution to data-related issues, as well as identification of data risks to be monitored and managed, hence serving as a communication fabric between various departments and functional areas in an organisation," said Ms Ling.
In essence, the data governance council serves as the foundation for data governance, balancing central oversight and consistency and ensuring wider visibility into the programme. It also ensures that the people creating and using data are the ones leading its management.
But for a data governance programme to succeed, the buy-in and ownership of data governance processes by all business stakeholders is crucial, said Deloitte's Mr Chong.
"This must be enterprise-wide and not be perceived as a standalone silo endeavour by the IT department. The strategy has to be embedded in all lines of the business, all applications and all functional areas. Not having this enterprise-wide approach is a recipe for failure and usually results in sub-optimal implementation of data governance," said Mr Chong.
He added that the tone from the topic is critical, where C-suite executives must recognise the value-creation potential of data governance.
Key building blocks
While there is no one-size-fits-all solutions to better data governance, there are some key building blocks that can help.
For KPMG, the foundation of a robust data governance system comprises three elements: Strategy (What), People (Who), and Framework (How).
"The data strategy provides a clear direction and vision on the short and long-term state of data, with guiding principles and policies to ensure its proper governance," said Ms Ling of KPMG.
A senior executive could be appointed to have accountability for an organisation's data, working alongside the board of directors and various management levels, including the technology department.
Finally, a well-defined data governance framework connects everything by defining how policies, processes, organisational structures and technologies are put in place as part of a governance programme, so as to achieve the organisation's objectives.
Deloitte's Mr Chong said the key to better data governance is to embed it strategically into the way the organisation works every day as opposed to simply pursuing frameworks and policies.
Organisations could start by developing a comprehensive data strategy to guide actions in data governance.
"This strategy will provide a vision and roadmap that defines how data is collected, used, stored, protected, shared, retained and archived within the organisation. Without an overarching strategy, data governance become fragmented and gaps between policies result in implementation problems," said Mr Chong.
Copyright SPH Media. All rights reserved.
