Data Governance

This content was originally featured in the October 25, 2023 newsletter found here: https://www.trustinsights.ai/blog/2023/10/inbox-insights-october-25-2023-data-governance-hot-ones-text-analysis/.

In case you weren’t aware, there were 11,038 Martech solutions available to you as of May 2023. We know that as of now, Q4 2023 there are a lot more to add to that list. Of those, many that are AI-powered tools.

Many of us, me included, are working on annual plans, budgets, and overall “what the heck happened” summaries for the end of the year. As we’re planning, we’re looking at replacing older tech with new tech, experimenting with AI solutions, and skilling up for the new year.

With that, this is your data governance public service announcement.

Data governance, according to Google’s definition, is setting internal standards—data policies—that apply to how data is gathered, stored, processed, and disposed of. It governs who can access what kinds of data and what kinds of data are under governance. Data governance also involves complying with external standards set by industry associations, government agencies, and other stakeholders.

In simple terms, who has access to your data and where do you find it when you need it?

Part of your annual planning should be a data governance audit.

Who owns your data?

If I had a nickel for every time I heard, “That person who set that up doesn’t work here anymore” I might have…three dollars? That’s a lot of nickels. With 11,038 (and growing!) technology solutions, there is a good chance that you don’t know all the usernames and passwords to each account you use. I was working with a client recently that asked me to help them reclaim their accounts because the person that set them up left with little warning. How do you fix this? You can’t prevent people from leaving an organization. Sometimes you have notice and sometimes you don’t. A best practice you can start implementing, even on older systems, is to have a general email address that is not tied to one specific person. For example, we use [email protected] when we request access to systems for our clients and trial new software for ourselves. This account doesn’t belong to either me or Chris, but we both have access to it. With this email, we have a process in place for access. When we bring on contractors we change the password and give them access. When we offboard contractors, we change the password. We don’t have to worry about who owns the systems or who has access. The caveat here is that we’re a small company and can have this level of control over things. Sometimes Chris will sign up with it with his personal email account to test it out. Once he’s evaluated it and we decide it’s right for the company we’ll set up an account through [email protected].

What if you can’t set up a general account?

This is more common than not. Individuals own accounts and then grant access to agencies, contractors, and other employees. In this instance, you should be auditing your software at least quarterly to see who owns your systems. Outside of that quarterly audit, you should develop a process for employee and agency turnover. Because you’re auditing your systems and you know who owns them, you can have protocols in place for hand-offs. This could include something as simple as a password reset and more complex solutions such as migrating data to new setups. Before you get to that, you first need to know who owns your data.

How do I get my data out of an account I don’t own?

Great question. Sometimes you can’t. This is why it’s important to know who owns the data and how you can regain ownership of your software. In the event you need your data and you don’t have access you might need to stand up a new system, which is the last possible option you want to consider. This is a pain and you lose access to historical data. The upside, if you are someone who chooses to see them, is that setting up a new system is an opportunity to do it the right way. Again, not a great option but sometimes it’s your only one.

In less regulated industries and companies, we don’t give a lot of thought to the accounts tied to our systems. We bring on companies (like Trust Insights [trustinsights.ai/services]) to set up our systems, analyze our data, and report it back to us. And then we forget that we gave up access to our data to anyone because we’re focused on marketing tactics, revenue generation, and growth.

So, if you do nothing else to protect your data moving into 2024, make sure you know who owns it and who has access. Remove people that no longer work with it. Make sure the right people have ownership and level of access. Set up protocols for inevitable turn over. Create process for trialing and setting up new systems.