At one time Big Data was a term that only applied to the largest businesses and corporations. Not only were they the only ones with access to mountains of available information, but they were also the only ones with budgets large enough to conduct the types of analysis that made the mountains of hard data actually useful. Similarly, only the largest businesses had vast files of financial information that made them prime targets for hackers and cybercriminals. Today, however, even the smallest of businesses can access an overwhelming amount of data and also has data that needs to be protected. A good example is employee monitoring software data, which you can learn more about if you click here. In addition, smaller and smaller businesses also have access to ever more personal data that may or may not even be ethical to use. This is why it is becoming more important than ever for businesses to create firm policies around data governance.
WHAT IS DATA GOVERNANCE?
Data governance is a set of principles that guide how your business uses, stores and protects data. In the digital age, data has become a business asset in and of itself. Like all assets, it needs to be managed carefully. Data has a cycle that runs from the collection of data to the proper storage of data to the usage and dissemination of data. A good data governance framework includes policies and procedures that address storage, security and usage throughout the entire cycle.
HOW TO BUILD A DATA GOVERNANCE FRAMEWORK
A good framework will address the full gamut of the who, what, how, when, where and why of data.
- Who: The more parties that have access to data, the higher the risk of breaches and inappropriate usage. Facebook did not in and of itself do anything illegal, yet was highly implicated in the Cambridage Analytica scandal, which forced Facebook to rethink their position on the sharing of data. The Target data breach was actually carried out by stealing login credentials from a third party contractor site that had access to Target’s main database. Therefore, it is more important than ever for businesses to think very carefully about who should have access to their data.
- What: One of the biggest challenges of data security is the decision on what to link and what to compartmentalize. Obviously, the more you link various databases, the more streamlined your processes can be, yet the more data that is linked together the less secure each individual database is.
- How: How information is accessed will also have a direct impact on security. Some files should always need approval before accessing and certain logs should be checked regularly. Once you grant access to certain individuals, doesn’t mean they should just have the keys to the kingdom without accountability. Having proper protocols in place to ensure data is accessed appropriately will help limit breaches and abuses.
- When: There are always going to be situations in which certain parties need access to data that they would not otherwise need. For instance, a junior employee may not need access to information until a crisis hits and a senior employee is not available. That means you also need to have a plan in place to grant access to certain employees under certain emergency situations.
- Where: Remote access will always be more convenient, but it is also less secure. Thankfully, cloud security is drastically improving, which can help you have the best of both worlds, but it still needs to be carefully monitored.
- Why: It is important for each employee to understand the why of every protocol put in place. If they understand why certain protocols are put in place, they are more likely to follow them.