Data, an organization asset, requires strong and consistent management. Therefore, you need to have data-related policies created, updated, and known. These policies should be accessible by all staff members of the organization. This blog post will discuss the goals of data policies, some recommendations, and suggestions for data policies that you should have. And we recommend that these policies be in the data governance (data intelligence) area or in a solution such as the Data Cookbook.
The goals of having data-related policies are:
- To help the staff members
- To protect the organization
- To improve the quality and trust in the data
- To help with audits and compliance (GDPR and CCA)
Data-related policies should be written internally and be part of an approval process. This approval process is one of the reasons why policies should be in a solution like the Data Cookbook. The policies should be reviewed on a regular basis so that they reflect the current needs of the organization and staff members. When you draft a policy, make sure you ask stakeholders to review it and endorse it. The initial version of the specific policy does not have to be perfect. You can always change it as you get feedback. Data stewards need to be involved in the creation of data-related policies and they need to know what is in these policies.
The communication of these policies can be done through various sources but having them be part of the data governance content will make it easier to find and use. Communicate the value of data governance and data policies internally to business users and leadership so that they will be read and followed.
Some organizations have another location (maybe an employee handbook) for non-data-related policies such as social media postings, travel requests, and use of logos. Determine if data-related policies should be placed here as well (or maybe already is). To be able to monitor data-related policies you need to have data policy attributes in place and the fields linked to these policy attributes such as which ones are PII (maybe you have 3000 data fields and say 35 are identified as PII). Which means to be truly effective you need the data policies to be in your data governance solution.
Here are some data policies that should be in place at your organization (depending on the structure of the organization and size):
- Data Records Management – includes how records should be created, maintained, backed up, and deleted
- Data Access – includes who has access to what systems
- Data Security – includes how staff members should protect the organization’s data (such as not having critical data on flash drives)
- Data Usage – includes how Personally Identifiable Information (PII) is handled
- Data Sharing – includes how information can be shared with external sources and the use of data sharing agreements. With a solution like the Data Cookbook, the reports that require data sharing agreements are known
Remember that all organizations need to have data-related policies in place. And we strongly suggest they be in your data governance solution like the Data Cookbook. That way they can be linked to data, you have workflows for approval, and are easily accessible. It is important to review these policies on a regular basis, communicate them to staff and improve on them over time. Take a few minutes and discuss what you have now in place, how these data-related policies can be improved, where they are located, and what new ones you need to create. We hope that this blog post was of some benefit to you and your organization.
IData has a solution, the Data Cookbook, that can aid the employees and the organization in its data governance, data intelligence, data stewardship and data quality initiatives. IData also has experts that can assist with data governance, reporting, integration and other technology services on an as needed basis. Feel free to contact us and let us know how we can assist.
Photo Credit:StockSnap_AV4ZODHVT6_ManReadingPolicy_BP #B1162