(US and Canada) Cathy Doss, CDO, Federal Reserve Bank of Richmond, talks to Susan Wilson, VP Data Governance and Privacy Segment Leader, Informatica.
Doss shares that good organizational and program design are critical for good governance, and good governance means good business outcomes for an organization. She believes she lives in two timeframes — what they have done today and what they will do differently going forward, and Doss loves to think about governance and privacy from this day-forward perspective.
She says it's essential to consider how one builds governance and privacy into the fabric of how people are doing their jobs. So, for example, as they're moving data to the cloud, moving applications to the cloud, if they are re-platforming things, can they use that opportunity to make the data better as they take it over? But she emphasizes, "Don't just lift and shift yucky data. We have an opportunity here to standardize it, and one of the things that I've seen as effective is good data handling." For example, is there good data handling practices in the system development life cycle? How does one ensure that everyone involved, whether business folks, technology folks, or operational folks, are doing something different? That's being thoughtful about the data so that it does serve the business when you get to that point.
For Doss, governance is about monitoring data to make it work, and when it’s not working, figuring out why and fixing it. Tt's all about measurement. It's all about the data. If we’re not getting quality data, what’s going wrong? How do we go back and fix that? That’s why monitoring is essential from a data governance perspective, she says.
Doss further shares that when one intends to free all data and self-service, there are pros and cons to be considered. Let’s say Doss and Wilson produce reports on the same data, but they're conflicting. Wilson might know something that Doss didn't know … she took out a population of people others didn't. And the data says that it's the same thing, but in reality, it is not. And then senior leadership gets involved because Doss and Wilson are creating conflicting information. That’s just one example of one extreme of ‘freeing all the data.’ And that doesn't consider security and privacy.
The other extreme, then, is when data is locked down, Doss continues. Nobody shares the data, and you only learn who as it and what it means through the telephone game. That is a world that exists for many people, Doss notes. It limits what the business could get out of the data because the business may not know it’s there. Or, if they know it’s there, they may not be able to convince someone to grant them access to it.
So, she advises, “Let's make sure that we bring in the data. Then we catalog it to know what it is and where it is, what it means, and whether or not it's sensitive.” How do people get access to it, and who do you call when you have a question? Be able to cross communicate, Doss notes.
Doss explains that you want to pay for the well-managed data, not just free the data, so making data connections is critically important.
She suggests starting small to avoid governance becoming cumbersome and complicated. It’s a marathon, not a sprint. She advises making data governance relevant to where you're at.
It’s practical versus perfect. You really are trying to ensure that you're instituting good practices every time. “We want people to build these good behaviors into the fabric of the way they do their jobs,” Doss says.