Data Governance Insights

Over the past 10+ years, I’ve had the opportunity to author or contribute to over 100 #datagovernance strategies and frameworks across all kinds of industries and organizations. Every one of them had its own challenges, but I started to notice something: there’s actually a consistent way to approach #data governance that seems to work as a starting point, no matter the region or the sector. I’ve put that into a single framework I now reuse and adapt again and again. Why does it matter? Getting this framework in place early is one of the most important things you can do. It helps people understand what data governance is (and what it isn’t), sets clear expectations, and makes it way easier to drive adoption across teams. A well-structured framework provides a simple, repeatable visual that you can use over and over again to explain data governance and how you plan to implement it across the organization. You’ll find the visual attached. I broke it down into five core components: 🔹 #Strategy – This is the foundation. It defines why data governance matters in your org and what you’re trying to achieve. Without it, governance will be or become reactive and fragmented. 🔹 #Capability areas – These are the core disciplines like policies & standards, data quality, metadata, architecture, and more. They serve as the building blocks of governance, making sure that all the essential topics are covered in a clear and structured way. 🔹 #Implementation – This one is a bit unique because most high-level frameworks leave it out. It’s where things actually come to life. It’s about defining who’s doing what (roles) and where they’re doing it (domains), so governance is actually embedded in the business, not just talked about. This is where your key levers of adoption sit. 🔹 #Technology enablement – The tools and platforms that bring governance to life. From catalogs to stewardship platforms, these help you scale governance across teams, systems, and geographies. 🔹 #Governance of governance – Sounds meta, but it’s essential. This is how you make sure the rest of the framework is actually covered and tracked — with the right coordination, forums, metrics, and accountability to keep things moving and keep each other honest. In next weeks, I’ll go a bit deeper into one or two of these. For the full article ➡️ https://lnkd.in/ek5Yue_H

Data governance is hitting a critical tipping point - and there are three big problems (and solutions) you can’t ignore: 1️⃣ Governance is Always an Afterthought: Often, governance only becomes important once it's too late. Fix: Embed governance from the start. Show quick wins so it's viewed as an enabler, not just cleanup. 2️⃣ AI Exposes - and Amplifies - Flaws: AI governance introduces exponential complexity. Fix: Proactively manage risks such as bias and black-box decisions. Automate data lineage and compliance checks. 3️⃣ Nobody Wants to ‘Do’ Governance: Mention "governance" and expect resistance. Fix: Make it invisible. Leverage AI to auto-document metadata and embed policies directly into everyday workflows, allowing teams to confidently consume data without friction. Bottom Line: → Plan governance early - late-stage fixes cost significantly more. → Use AI to do the heavy lifting - ditch manual spreadsheets. → Tie governance clearly to business outcomes like revenue growth and risk mitigation so it’s championed by leaders. Governance done right isn’t just compliance; it’s your strategic advantage in the AI era.

Data privacy and ethics must be a part of data strategies to set up for AI. Alignment and transparency are the most effective solutions. Both must be part of product design from day 1. Myths: Customers won’t share data if we’re transparent about how we gather it, and aligning with customer intent means less revenue. Instacart customers search for milk and see an ad for milk. Ads are more effective when they are closer to a customer’s intent to buy. Instacart charges more, so the app isn’t flooded with ads. SAP added a data gathering opt-in clause to its contracts. Over 25,000 customers opted in. The anonymized data trained models that improved the platform’s features. Customers benefit, and SAP attracts new customers with AI-supported features. I’ve seen the benefits first-hand working on data and AI products. I use a recruiting app project as an example in my courses. We gathered data about the resumes recruiters selected for phone interviews and those they rejected. Rerunning the matching after 5 select/reject examples made immediate improvements to the candidate ranking results. They asked for more transparency into the terms used for matching, and we showed them everything. We introduced the ability to reject terms or add their own. The 2nd pass matches improved dramatically. We got training data to make the models better out of the box, and they were able to find high-quality candidates faster. Alignment and transparency are core tenets of data strategy and are the foundations of an ethical AI strategy. #DataStrategy #AIStrategy #DataScience #Ethics #DataEngineering

A single IT contract could have cost my friend’s company millions in compliance fines. Let’s talk about someone today. Let’s call him David. David once shared how his company nearly signed a deal for new IT software. And at first, it seemed like the perfect solution! It promised: ✅ Increased efficiency with automated workflows ✅ Cost savings compared to competitors ✅ Seamless integration with existing systems ✅ An impressive demo that checked all the right boxes But before signing, they took one crucial step that exposed major risks hiding beneath the surface. They ran the software through their records management checklist—and what they found was alarming. 🚨 The system failed to meet their data retention standards. 🚨 The contract didn’t clearly define who owned the data created in the software. 🚨 There was no guarantee of secure data disposal after use. Long story short, they dodged a massive bullet. That one checklist helped them avoid a contract that could have exposed them to compliance risks and data governance nightmares. Flashy IT solutions mean nothing if they don’t align with governance and compliance standards. If you don’t have a checklist for incoming IT requests and contracts, start with the basics: ✔️ Data retention policies – Ensure compliance with legal and industry standards. ✔️ Privacy and security measures – Verify encryption, access controls, and secure storage. ✔️ Regulatory compliance – Confirm the software aligns with local and international regulations. A checklist isn’t a formality—it’s your best defense against IT disasters. What’s one red flag you’ve seen in an IT deal? Let’s discuss in the comments! #datagovernance #compliance #recordsmanagement -------------------------------------------------------------- Opinions are my own and not the views of my employer. -------------------------------------------------------------- 👋 Chris Hockey | Manager at Alvarez & Marsal 📌 Expert in Information and AI Governance, Risk, and Compliance 🔍 Reducing compliance and data breach risks by managing data volume and relevance 🔍 Aligning AI initiatives with the evolving AI regulatory landscape ✨ Insights on: • AI Governance • Information Governance • Data Risk • Information Management • Privacy Regulations & Compliance 🔔 Follow for strategic insights on advancing information and AI governance 🤝 Connect to explore tailored solutions that drive resilience and impact

Last month I moderated a discussion on ERP data—how to get it accurate and keep it clean into the future. Question 1: What have you found to be the top causes of bad direct spend data in an ERP? From Peyton Whitehorn: As a data nerd, I start at the higher level, which is poor master data governance. -Lack of approval processes -Misspellings and duplicates due to unassigned roles and responsibilities -Lack of uniform data entry processes -Outdated pricing -Materials grouped improperly -Spend categories are inaccurate -Delivery dates not captured against the actual promise date From Mathieu Pappalardo: At our company, the delivery data is almost always wrong, prices change every quarter, and POs we cut are very fluid. So the essence of the data is that it’s wrong to begin with, so the question is, “How do you make sure it’s correct and gets updated when it needs to be?” Unless you have a tool that does that for you, you need a process. You need a way to have that data constantly updated to reflect reality. Then the problem becomes, “Who owns the process?” For example, if we book 5,000 tons of a specific puree out of South America, we negotiate a deal and let the plants cut the POs as needed for production. Now, what if the PO is wrong on the price or the delivery dates? Who wants that? Is it the plan people because they’re cutting the POs? Or is it procurement because they own the relationship with the supplier? So process is key, but ownership is also key. If you don’t have all of that, then you have bad data. From Susan Walsh: Many times I work with companies and find that their data has been bad for 10 years and is continuously bad. There’s a little bit of laziness, no willingness to actually do what needs to be done. The other problem is that you might have multiple people on your team all inputting that data and they’re all doing it slightly differently. It’s hard to motivate people sometimes to do it properly because it takes extra work and it’s time consuming. How can you get ownership for master data like inventory items that are entered and managed by multiple teams when no one wants to own the data set? From Juliette S.: You must have an item master owner, and it’s important for everybody in the business to know who that is. And as items are getting added, you don’t add it just because you have a PO and you’ve got to do it today, which most people do. And then you add partial information and it messes up your entire workflow because you can’t identify [things like] transportation needs and inventory needs unless you go through the item master process. We have devised a process called an item data upload form. Anytime new data comes in, we ask the product manager to fill out an item setup form which then gets uploaded to the ERP. The information is not uploaded until all of the parameters are filled in. And you must get sign off from marketing, sales, and finance.

Data quality is a big theme here at CDOIQ. Chief data officers recognize that analytics initiatives will fail without the solid foundation of accurate and mastered data. In his excellent keynote Kayvaun Rowshankish of McKinsey & Company observed that companies spend 30% of their time on non-value added work thanks to poor data quality and availability. So at Eckerson Group we're excited to publish the second article in our series, sponsored by Semarchy, on the ROI of master data management. Would love your thoughts on the excerpts below and the full article here: https://lnkd.in/gUcjUrQE "While members of the United Nations speak hundreds of languages, they manage to conduct official business with just six. This proved the best way for them to streamline time, resources, and risk while keeping everyone on the same page. "In a similar way, companies invest in MDM to help different teams conduct their official business. There is no perfect formula: rather, each organization must decide how MDM can deliver the right return on investment given its situation. "Master data management (MDM) comprises practices and tools that aim for a single source of truth with consistent, trusted records for key business entities. "MDM tools match and merge data from various source systems to create standard attributes and terms that describe entities such as products, customers, and partners. The resulting “golden records” strengthen data governance programs by reducing duplicates and resolving discrepancies. "Master data management (MDM) delivers value by reducing the risk, time, and resources required to process data for analytics and operational workloads. Given the inherent complexity of the endeavor, MDM projects tend to make things worse during implementation but improve them afterwards. "As with any technology project, messy details tend to get in the way and threaten ROI. Let’s consider how data teams can meet or exceed ROI goals by selecting the right architectural approach and measuring the right key performance indicators. "The architectural approach has a big impact on data management processes and therefore the ROI of an MDM project. The primary approaches are registry, consolidation, coexistence, and centralization. "Data leaders should assess each architectural approache by estimating its aggregate impact on risk, time, and resource requirements over time. By answering this question as it applies to their environment and priorities, they can select the right approach to achieve their target ROI. "Data teams also must measure project performance by tracking eight KPIs: data quality, project execution time, project cost, process impact, user adoption, team productivity, customer satisfaction, and compliance standing." Wayne Eckerson Daniel O'Brien Sumit P. Jeff Smith #cdoiq #chiefdataofficer #masterdatamanagement #mdm Steven Lin, PMM Samantha Orszulak

One of the craziest things about data governance is that nobody is willing to admit that humans respond to incentives. In 99% of organizations where data is a mess it is that way because the incentives aren’t in place to take care of data. Virtually every person in every organization is incentivized to take shortcuts, to skip documentation, and deliver their work regardless of what it means for the data habitat. Want people to change their behavior? Create an incentive. Here’s how: 1. Run a random acts of data governance competition: Winner gets $1000, 2nd place $500, 3rd $250, and anybody who does at least 20 traceable governance acts is put in a drawing for $1000 2. Repeat for 3 months (refine rules if necessary$ 3. Have a retro, and figure out what can be automated or built into existing processes 4. Build the automations, document the processes, and hold teams accountable to them. 5. Continue to have competitions and quarterly retros to improve continually. Alternatively, build a CI/CD pipeline that blocks code from deploying unless there is a metadata tag

𝐖𝐡𝐚𝐭 𝐝𝐨 𝐲𝐨𝐮 𝐮𝐧𝐝𝐞𝐫𝐬𝐭𝐚𝐧𝐝 𝐛𝐲 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞? Often, we've come across different versions of Governance - some see it as security and access, while some see it as management, and most often, granular factors of availability and quality like timeliness, native access, correctness, and discoverability are completely sidelined in governance conversations. 𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞𝐥𝐲, 𝐠𝐨𝐨𝐝 𝐠𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞 𝐛𝐨𝐢𝐥𝐬 𝐝𝐨𝐰𝐧 𝐭𝐨 𝐡𝐚𝐩𝐩𝐲 𝐝𝐚𝐭𝐚 𝐜𝐢𝐭𝐢𝐳𝐞𝐧𝐬 𝐰𝐡𝐞𝐫𝐞 𝐠𝐨𝐯𝐞𝐫𝐧𝐨𝐫𝐬 𝐞𝐧𝐬𝐮𝐫𝐞: 𝐀𝐫𝐞 𝐦𝐲 𝐝𝐚𝐭𝐚 𝐜𝐢𝐭𝐢𝐳𝐞𝐧𝐬 𝐚𝐛𝐥𝐞 𝐭𝐨 𝐮𝐬𝐞 𝐭𝐡𝐞 𝐝𝐚𝐭𝐚 𝐚𝐥𝐨𝐧𝐠 𝐭𝐡𝐞 𝐬𝐞𝐭 𝐠𝐮𝐢𝐝𝐞𝐥𝐢𝐧𝐞𝐬? 🎭 Governing data citizens and territories is very close to governing actual human ecosystems, as both involve people, processes, and resources. This strong analogy or bridge to actual human ecosystems should never be forgotten when drafting governance strategies. And keeping citizens happy involves much more than just security and access protocols. We understand Governance as a huge Umbrella term instead of simply a capability that one tool or integration could provide. 🔐 Security: All things policies, compliances, and SLOs 🔐 Access: User-based access, as well as less considered elements like 1. Addressability: Are data citizens able to easily address assets and use them? 2. Understandability: Without understanding the data, you cannot use (access) 3. Similarly, lot of other elements fall under addressability, like 𝐝𝐢𝐬𝐜𝐨𝐯𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 of the data, 𝐧𝐚𝐭𝐢𝐯𝐞 𝐚𝐜𝐜𝐞𝐬𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐲, and 𝐢𝐧𝐭𝐞𝐫𝐨𝐩𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲. The data citizen's experience is also the responsibility of good governance, and thus, it involves the pillars of data quality (so naturally, data observability) and data availability come into the picture. 𝐓𝐡𝐞𝐬𝐞 𝐟𝐚𝐜𝐭𝐨𝐫𝐬 𝐞𝐧𝐬𝐮𝐫𝐞 𝐭𝐡𝐚𝐭 𝐝𝐚𝐭𝐚 𝐢𝐬 𝐧𝐨𝐭 𝐣𝐮𝐬𝐭 𝐬𝐞𝐜𝐮𝐫𝐞 𝐟𝐨𝐫 𝐮𝐬𝐞 𝐚𝐧𝐝 𝐚𝐜𝐜𝐞𝐬𝐬𝐢𝐛𝐥𝐞 𝐛𝐲 𝐭𝐡𝐞 𝐫𝐢𝐠𝐡𝐭 𝐚𝐠𝐞𝐧𝐭𝐬, 𝐛𝐮𝐭 𝐚𝐥𝐬𝐨 𝐢𝐬 𝐚𝐜𝐭𝐮𝐚𝐥𝐥𝐲 𝐔𝐒𝐀𝐁𝐋𝐄 𝐚𝐧𝐝 𝐞𝐯𝐞𝐧 𝐛𝐞𝐟𝐨𝐫𝐞 𝐭𝐡𝐚𝐭, 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐟𝐨𝐫 𝐮𝐬𝐞. 🧬 𝐈𝐧𝐭𝐞𝐫𝐞𝐬𝐭𝐢𝐧𝐠𝐥𝐲, 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞, 𝐢𝐟 𝐲𝐨𝐮 𝐫𝐞𝐚𝐥𝐥𝐲 𝐬𝐭𝐚𝐫𝐭 𝐜𝐨𝐧𝐬𝐢𝐝𝐞𝐫𝐢𝐧𝐠 𝐭𝐡𝐞 𝐜𝐨𝐦𝐦𝐨𝐧𝐚𝐥𝐢𝐭𝐢𝐞𝐬, 𝐢𝐬 𝐚 𝐬𝐮𝐛𝐬𝐞𝐭 𝐨𝐟 𝐭𝐡𝐞 𝐃𝐚𝐭𝐚 𝐏𝐫𝐨𝐝𝐮𝐜𝐭 𝐒𝐭𝐫𝐚𝐭𝐞𝐠𝐲. The Data Product Strategy comes with an additional business-purpose alignment layer, and the entire construct helps satisfy governance building blocks such as native accessibility, discoverability, security protocols, interoperability, and so on. Given we deploy data products as a core business, our stress on good governance and its understanding is extremely critical since it forms a huge subset of the data product strategy. Have you considered how Governance strategies and Data Product initiatives at your org could bloom into a powerful intersection? #datagovernance #datastrategy #datamanagement

𝗧𝗵𝗲 𝗘𝘁𝗵𝗶𝗰𝗮𝗹 𝗜𝗺𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗼𝗳 𝗘𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 𝗔𝗜: 𝗪𝗵𝗮𝘁 𝗘𝘃𝗲𝗿𝘆 𝗕𝗼𝗮𝗿𝗱 𝗦𝗵𝗼𝘂𝗹𝗱 𝗖𝗼𝗻𝘀𝗶𝗱𝗲𝗿 "𝘞𝘦 𝘯𝘦𝘦𝘥 𝘵𝘰 𝘱𝘢𝘶𝘴𝘦 𝘵𝘩𝘪𝘴 𝘥𝘦𝘱𝘭𝘰𝘺𝘮𝘦𝘯𝘵 𝘪𝘮𝘮𝘦𝘥𝘪𝘢𝘵𝘦𝘭𝘺." Our ethics review identified a potentially disastrous blind spot 48 hours before a major AI launch. The system had been developed with technical excellence but without addressing critical ethical dimensions that created material business risk. After a decade guiding AI implementations and serving on technology oversight committees, I've observed that ethical considerations remain the most systematically underestimated dimension of enterprise AI strategy — and increasingly, the most consequential from a governance perspective. 𝗧𝗵𝗲 𝗚𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲 𝗜𝗺𝗽𝗲𝗿𝗮𝘁𝗶𝘃𝗲 Boards traditionally approach technology oversight through risk and compliance frameworks. But AI ethics transcends these models, creating unprecedented governance challenges at the intersection of business strategy, societal impact, and competitive advantage. 𝗔𝗹𝗴𝗼𝗿𝗶𝘁𝗵𝗺𝗶𝗰 𝗔𝗰𝗰𝗼𝘂𝗻𝘁𝗮𝗯𝗶𝗹𝗶𝘁𝘆: Beyond explainability, boards must ensure mechanisms exist to identify and address bias, establish appropriate human oversight, and maintain meaningful control over algorithmic decision systems. One healthcare organization established a quarterly "algorithmic audit" reviewed by the board's technology committee, revealing critical intervention points preventing regulatory exposure. 𝗗𝗮𝘁𝗮 𝗦𝗼𝘃𝗲𝗿𝗲𝗶𝗴𝗻𝘁𝘆: As AI systems become more complex, data governance becomes inseparable from ethical governance. Leading boards establish clear principles around data provenance, consent frameworks, and value distribution that go beyond compliance to create a sustainable competitive advantage. 𝗦𝘁𝗮𝗸𝗲𝗵𝗼𝗹𝗱𝗲𝗿 𝗜𝗺𝗽𝗮𝗰𝘁 𝗠𝗼𝗱𝗲𝗹𝗶𝗻𝗴: Sophisticated boards require systematically analyzing how AI systems affect all stakeholders—employees, customers, communities, and shareholders. This holistic view prevents costly blind spots and creates opportunities for market differentiation. 𝗧𝗵𝗲 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆-𝗘𝘁𝗵𝗶𝗰𝘀 𝗖𝗼𝗻𝘃𝗲𝗿𝗴𝗲𝗻𝗰𝗲 Organizations that treat ethics as separate from strategy inevitably underperform. When one financial services firm integrated ethical considerations directly into its AI development process, it not only mitigated risks but discovered entirely new market opportunities its competitors missed. 𝘋𝘪𝘴𝘤𝘭𝘢𝘪𝘮𝘦𝘳: 𝘛𝘩𝘦 𝘷𝘪𝘦𝘸𝘴 𝘦𝘹𝘱𝘳𝘦𝘴𝘴𝘦𝘥 𝘢𝘳𝘦 𝘮𝘺 𝘱𝘦𝘳𝘴𝘰𝘯𝘢𝘭 𝘪𝘯𝘴𝘪𝘨𝘩𝘵𝘴 𝘢𝘯𝘥 𝘥𝘰𝘯'𝘵 𝘳𝘦𝘱𝘳𝘦𝘴𝘦𝘯𝘵 𝘵𝘩𝘰𝘴𝘦 𝘰𝘧 𝘮𝘺 𝘤𝘶𝘳𝘳𝘦𝘯𝘵 𝘰𝘳 𝘱𝘢𝘴𝘵 𝘦𝘮𝘱𝘭𝘰𝘺𝘦𝘳𝘴 𝘰𝘳 𝘳𝘦𝘭𝘢𝘵𝘦𝘥 𝘦𝘯𝘵𝘪𝘵𝘪𝘦𝘴. 𝘌𝘹𝘢𝘮𝘱𝘭𝘦𝘴 𝘥𝘳𝘢𝘸𝘯 𝘧𝘳𝘰𝘮 𝘮𝘺 𝘦𝘹𝘱𝘦𝘳𝘪𝘦𝘯𝘤𝘦 𝘩𝘢𝘷𝘦 𝘣𝘦𝘦𝘯 𝘢𝘯𝘰𝘯𝘺𝘮𝘪𝘻𝘦𝘥 𝘢𝘯𝘥 𝘨𝘦𝘯𝘦𝘳𝘢𝘭𝘪𝘻𝘦𝘥 𝘵𝘰 𝘱𝘳𝘰𝘵𝘦𝘤𝘵 𝘤𝘰𝘯𝘧𝘪𝘥𝘦𝘯𝘵𝘪𝘢𝘭 𝘪𝘯𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯.

What Does Data Governance Actually Do? Ask this question across different organizations and you’ll receive a range of answers. And that’s not a flaw — it reflects a fundamental truth: data governance is context-dependent. Its function and effectiveness are shaped by an organization’s size, culture, data maturity, operating model, tech stack, and strategic priorities. There is no universal blueprint. Can a Data Governance team simply join a company, roll out a familiar framework—like SCRUM applied to the Software Development Lifecycle—and immediately begin delivering measurable business value, such as cost savings or new revenue? In theory, perhaps. In reality, rarely. Yes, governance teams can author policies and define standards. But in decentralized organizations with fragmented ownership, expecting distributed data teams to read, interpret, and update their workflows and code to comply is overly optimistic. Without deeper alignment, most policies remain shelfware. So what actually works? Trust. Influence. Embedded engagement. Most governance teams don’t have armies of full-time stewards across the enterprise. Success requires embedding governance into existing roles. It must become a shared responsibility—adopted by teams who see it not as a burden, but as a business enabler. To get there, you must clearly articulate value: What does it unlock for them? How does it mitigate risk? Does it improve efficiency, accuracy, or trust in their data? Laying that foundation requires often-unseen work: Identifying and cultivating data champions and allies Launching internal communications and storytelling campaigns Establishing cross-functional governance working groups Creating learning paths to elevate data literacy and alignment These may seem “non-technical,” but they are foundational. Trying to implement governance without cultural awareness, feedback loops, or business justification leads to superficial compliance—or worse, disengagement. Building the Foundation Is a Surgical Process Standing up a governance function is not a checklist—it’s a diagnostic process. It requires listening before acting, and understanding before prescribing. You must assess what will work in your organization before defining where to focus. And what to focus on? That’s a topic of its own. Governance is often expected to solve everything—access, retention, quality, lineage, metrics, metadata, privacy, compliance, and more. But most teams are lean. Success depends on cross-functional adoption, not siloed ownership. The Best Governance Teams Are Multidisciplinary by Nature They wear many hats—spanning product management, program delivery, quality engineering, BI, and change management. They don’t just write standards—they influence behavior, broker alignment, and elevate operational clarity.