Craig S. Mullins

Return to Home Page

March 2007





The DBA Corner
by Craig S. Mullins

Data Governance is More than Regulatory Compliance


Data governance has become a code word for preparing your databases for regulatory compliance. When you utter those two words together - data governance - what usually pops into people's heads is thoughts of Sarbanes-Oxley and HIPAA and government regulations. But what is the true definition of data governance? According to BitPipe: Data governance refers to the overall management of the availability, usability, integrity, and security of the data employed in an enterprise. A sound data governance program includes a governing body or council, a defined set of procedures, and a plan to execute those procedures.

So, does this imply that organizations that are already managing the availability, usability, integrity, and security of their data are ahead of the game when it comes to regulatory compliance? Yes, I believe it does. This is probably why the term "data governance" has been conflated with "regulatory compliance."

But what, if anything, is the difference between data governance and data administration? After all, data administration has been around for a long time and data governance seems to focus on similar issues: the usability, integrity and security of enterprise data.

The difference is the word “governance” and all that it implies. Why do we govern anything? Basically, it is to balance human self-interest with the common good. This is why countries create a government, right? We, the people, create governments to govern such that the common good is ensured for everyone.

So we can view data governance as the management practice that balances the general impulse to create data indiscriminately and copy it all over the place, without any definition or control, against the common good of well-defined, high quality data.

The other implication of governance is that the whole organization should be involved. Governance is about organizational behavior. Contrast that with data administration which is usually controlled by a small group within IT that tries to involve business users, albeit with varying degrees of success.

Now let’s circle back to the regulatory compliance issue again. If you are building a proper data governance practice then you will have a better chance of passing a potential audit for regulatory compliance. In other words, assuring the proper governance of your data is what the regulations with which you must comply are “all about.” So how prepared is your organization in terms of data governance?

If you think about it, this is another way of saying something that I've been saying for awhile now - these regulations are basically just a way to get companies to start doing what they should have been doing all along!  There would be no need for governmental regulations if corporations had been paying attention to these issues from day one.

So, does your company have a team of IT professionals focused on data governance? Or do you just have the DBA group, with anything even remotely relating to data getting foisted upon them? And is your IT group aligned with your lines of business so that each data element gets the proper treatment it requires for the business, as well as in terms of governmental regulations? Or do you hobble along with IT and business interacting only when necessary to gather program and database specs?

Of course, regulatory compliance is not the only driver for adopting data governance. Other information trends also drive the increasing popularity of data governance programs. For example, CRM projects focus on sharing data – in this case customer data – across multiple organizational units.

Another driving factor: data is all over the place, easier to get to, and the technology to implement systems using it is ubiquitous and inexpensive. So any business unit can just roll in a cheap server and implement their own database structures. Or even worse, just shove data into Excel spreadsheets on every user’s desktop PC. Compare this to the “old days” when all the data was centralized on the mainframe and only a few developers could get access to the data. It was easier to control things back then.

By mean of an analogy, think about the automobile industry. When cars were new they were expensive and only the rich owned them. So only a few needed to know how to drive. As cars became cheaper, more people owned them, so more people drove. And we needed to implement strict traffic laws.

Similarly, as more people have access to more data, we need more details about and controls upon our data. And that translates to needing a data governance practice. Make sense?




From Database Trends and Applications, February 2007.

2007 Craig S. Mullins,  All rights reserved.