The Importance of Identifying the Best Data Governance Program for your Industry
The implementation of governance programs to safeguard your data presents different challenges for different industries. Each industry faces varying levels of risk in the event that their efforts fail. The Ad Age article that was released last week, addressing the costs associated with safeguarding data, generalizes the needs for data protection across industries. It leads the reader to believe that the risks, efforts for remediation, and therefore costs for safeguarding are linear across industries. This is not necessarily correct, especially in the advertising industry.
While highly regulated industries such as Healthcare do face daunting challenges in their efforts to cope with HIPAA regulations for safeguarding Personally Identifiable Information (PII) and Personal Health Information (PHI) through de-identification and the prevention of re-identification, healthcare is the exception, not the norm.
In our efforts to produce analytics for our clients, we ingest mass amounts of data provided by our clients and 3rd party sources, all working toward the development of spectacular visualizations and analyses that assist our clients in understanding everything from effective ad spend to competitive positioning. Not to mention assisting them to better understand and make sense of what social data means to their brand, campaign, and company as a whole. But with the massive amounts of data that we are ingesting, are we and our clients focused on the behaviors of an individual, or aren’t we in our efforts to apply science to the data more concerned with the universe in aggregate? Then from the aggregate, we are able to create unique subsegments. If we accept this truth, then our efforts and costs associated with the governance necessary to safeguard our data are less related to the protections necessary by industries that live under the scrutiny of more hardened regulatory guidelines and more an issue of implementing the necessary steps to assure that the appropriate data categorization and semantic frameworks are in place. As well as the supported technologies responsible for the identification of data needing safeguard are also put in place, monitored, and continually reviewed.
The goal of this approach is the implementation of a Risk Driven Framework:
This type of approach is key to the implementation of a data governance that:
• Understands the risks of managing various classifications of data
• Defines the categories of risk associated with the result of not safeguarding that classification of data
• Analyzes the likelihood that a particular risk category will occur
• Understands the implication of an occurrence from a cost perspective
• Defines the remediation necessary to reduce the risk to manageable levels
• Develops the costs associated with the remediation
• Compares those costs to the implication of risk not being remediated
This type of approach can best be depicted by the term “Risk Attenuation.” That is, the reduction to manageable levels of the likelihood that a specific risk category will occur. In short, we pay attention and safeguard against the low hanging risk fruit first, equating the cost of management and remediation relative to the cost of the implication of an occurrence. Through this approach, we can better regulate the costs associated with the safeguarding effort and develop a plan that will cost less to implement.