In the face of new legislation, South African companies would do well to assess their practices in regard to the gathering, storage, dissemination and use of personal information so as to ensure that it is used only for the purpose for which it was collected.
This is the view of Sean Paine, COO of information systems specialist, EnterpriseWorx. “New legislation is placing governance at the heart of organisations’ data management and business processes,” he says.
“The good news is that organisations don’t need to reinvent the wheel. Instead they can borrow some of the structures and processes from data quality management and apply them to data governance.
“The Consumer Protection Act (CPA), which came into force on 1 April 2011, and the Protection of Private Information Bill (PPI Bill), which comes into effect in September, change the IT game. Both pieces of legislation are intended to protect the individual, and both place onerous data management and governance demands on organisations.”
The CPA makes provision for rigorous record-keeping so that products can be tracked through the supply chain from supplier to consumer. Among others, it protects consumers’ rights to privacy and confidentiality in respect of unwanted or unsolicited ‘spam’ e-mails or SMSs. The PPI Bill reinforces this by providing for protection of personal details and establishes minimum requirements for the processing of personal information, in line with international standards.
“In addition,” says Paine, “the King Code of Governance (King III), which became effective in March 2010, made the way in which information is collected, stored and secured a critical IT governance requirement.
“Today, most organisations know they need to institute a data governance programme of some kind to instil quality control measures and address risk and compliance issues. However, data governance need not be tackled in a vacuum. Barriers to data governance are minimised when an organisation adapts existing data quality processes.”
In fact, The Data Warehouse Institute (TDWI) makes a strong case for applying data quality techniques and best practices of stewardship as a way of kick-starting and sustaining data governance. This minimises the risks and decreases the time-to-use of data governance.
According to the TDWI, the business-to-IT collaboration established by quality and stewardship practices is also required of data governance. In fact, quality and governance practices are similar, except that the needs of governance are broader, encompassing both enterprise data standards and business issues regarding data, such as compliance, risk, and privacy.
The TDWI puts forward an eight-step process for using data quality for data governance:
Learn data quality techniques and apply them to data governance.
Profile data early and often as you govern it.
Build a business glossary as you govern data.
Extend data quality metrics to measure the governance of data.
Correct data that is not compliant.
Govern data in real time via validation and verification.
Use stewardship techniques to align data governance with business goals.
Adopt collaborative practices with a cross-functional team of technology and business people.
“Because it has an ethical foundation, stemming from its custodial role in ensuring responsible business practices, data governance – perhaps more than any other IT initiative – depends for its success on the commitment of the people involved,” says Paine. “For this reason, it should be entrusted to a multi-disciplinary team of technology and business people, who have the full support of top management. This is the only way to facilitate the necessary change management process and generate support throughout the organisation.”