Data governance policy is a collection of principles, frameworks, programs, roles, and responsibilities that help manage data collection, storage, access, usage, quality, and archival of data assets in its entire life cycle.
In addition, data governance policies also define best practices to ensure the privacy and security of data assets, and compliance with regulatory bodies.
A data governance policy helps your employees understand why your procedures are in place, who is responsible for them, and how they should be managed. Drafting this document in a clear, concise, and logical manner keeps all employees and teams across an organization on the same page so they understand what is expected of them.
Implementing data governance across an organization requires collaboration across teams to ensure that outlined processes are manageable and adoptable. An important way to ensure these standards and procedures are easy to adopt within your company is to build a data governance policy.
In this article, we’ll explore some examples of good data governance policies, review the anatomy of a data governance policy, and provide you with a format to help you get started on yours.
Data governance policy examples and templates
If your organization is in the early stages of establishing best practices and standards around data, it can be hard to know where to start with your data governance policy. But there’s a silver lining: there are a number of excellent publicly-available examples of data governance policies you can use as models for your own policy. For example:
- Oklahoma Office of Management & Enterprise Services - This example offers a very high-level coverage of policy and procedure, but gets very detailed when discussing the groups involved in data governance — and what the roles and responsibilities are of each.
- New Hampshire Department of Education - This policy identifies roles and responsibilities as well, but dives deeper into the specific job duties of key individuals. It also outlines the intended outcomes of the policy, which is important for determining the success of data governance as a whole.
- University of New South Wales (UNSW) Sydney - This university separated its data governance into two policies. They have a standard data governance policy and a research data governance & materials handling policy. Creating multiple policies is an effective approach if your organization manages large quantities of data in more than one category that have distinct roles and procedures attached to them.
- Brandeis University - The university created this data governance policy with a critical first step: identifying all the data sources in the organization. Later in the document, they tie each data source to a “data trustee.” This ensures there is custody of every single data source across their environment and also reduces the risk of shadow IT.
- University of Nevada Las Vegas (UNLV) - The UNLV data governance policy includes sections on data access, usage, and integrity. Incorporating similar language into your policy will establish standards and expectations that reduce the misuse of data and build data trust across your organization.
These are just a few examples of what a data governance policy can look like. Pick one that represents your goals most comprehensively, or piece together the strengths of several, to serve as your guide to build your own.
With a better understanding of what a data governance policy can look like, let’s dive deeper into what a data governance policy truly is.
What is a data governance policy?
A data governance policy is a document that outlines the data management expectations, responsibilities, procedures, and goals of individuals and teams across an organization.
A policy, as explained on Wikipedia, “is a statement of intent and is implemented as a procedure or protocol.” This is a good starting point to framing your understanding of a data governance policy as well.
A data governance policy documents the vision for data governance in your organization, and also goes a step beyond - to list the actionable steps, and do’s and don’ts imperative to realize that vision. Essentially, it should also include “guidelines for ensuring that an organization's data and information assets are managed consistently and used properly.”
Essential sections in data governance policies
“In data governance, several policies are essential to the effective operations of the program,” writes Dr. Anne Marie Smith, Ph.D. and VP of Education and Chief Methodologist at EWSolutions, Inc. As an internationally-recognized expert in data governance, she believes that four foundational data governance policies are necessary to address the structure of a data governance program.
- Data governance structure policy
- Data access policy
- Data usage policy
- Data integrity and integration policy
Because data governance as a principle includes directives across people, processes, and technologies, data governance policies should be equally comprehensive. Let’s look at each of these four policies individually to further flesh out the role they play in data governance.
Data governance structure policy
Building a data governance structure means identifying the roles and responsibilities of individuals and groups who have been identified as key players in the management of data. A typical structure includes roles like enterprise data management leader, data governance leader, executive sponsor, data user, and data steward. Each of these individuals should have a defined set of responsibilities, which you can determine specific to your organization or base on standard role definitions.
In addition, many companies organize a data governance committee and/or an enterprise data management council to oversee the strategy and ensure its execution.
Data access policy
A data access policy is exactly what it sounds like: a policy for enabling rightful employee and third-party access to data assets. This policy is incredibly important from a security perspective — in 2018, Forrester reported that 80% of data breaches have a connection to compromised privileged credentials.
A data access policy will outline exactly who should have access to what assets in your data ecosystem, what security protocols will be in place to enforce it, and how access requests can be approved through a predetermined process.
Data usage policy
Data stewards have a strong role to play here. They must ensure that the authority to read, create, update, and externally disseminate data is enabled for the employees who need each level of permission and understand the relevant PII laws.
Data integrity and integration policy
The key purpose of a data integrity policy is to ensure that your business units have access to data they can rely on. Data must be integrated across sources, systems, applications, and tools without compromising integrity — not a small endeavor. Organizations should create business processes underneath the data to validate accuracy, manage changes or updates to datasets, and track the evolution of data across the pipeline.
Maintaining documentation on each underlying process and data element — including term definitions, usage, and technical metadata — will keep teams in check as they are managing data assets and ensure data accuracy is preserved.
It’s important to note that data governance should always be approached from a collaborative perspective. If policy is written and disseminated without input and discussion among individuals across the organization, you run the risk of losing buy-in. Bring key players and their teams to the table and build these policies together.
How to write a data governance policy document
When drafting a data governance policy document, it’s important to keep your audience and your goals in mind. What do you hope to accomplish with your policy? How does it benefit both the individual and the organization as a whole? Will your teams respond better to a long-winded document, or one that gets to the point?
Eugenia Moore, manager of data governance and quality at Peapod Digital Labs said it beautifully in her 2022 Data Governance & Information Quality conference presentation:
“My recommendation is to keep policies simple, focused, and short. If they’re more than two pages long, nobody is going to read it and you will have a very hard time implementing it.”
Moore also suggested including five key sections in your data governance policy document.
- Purpose / Scope - Why does the policy exist and how does it support business objectives?
- Applicability Who does the policy effect?
- Definition and Acronyms - What phrases and acronyms are important to define for the purpose of the document?
- Responsible Stakeholders - What roles have you defined, who will take them, and what will their responsibilities be?
- Related Policies and References What other documentation is relevant to the policy? How can you connect the dots for your teams?
Fundamentals for Creating and Implementing Effective Data Governance Policies
You now have a good understanding of what a data governance policy is, why it’s important, and the structure and sections it should include. It’s time to actually write the policy.
To help you get started, review this video from the 2022 Data Governance & Information Quality conference to get some additional insight into the fundamentals of a governance policy.
Creating and Implementing Effective Data Governance Policies
If you still feel stuck, consider going back to the basics. Check out this overview of data governance and its purpose, benefits, and best practices.
Ready to make data governance effortless?
Try Atlan — Deploy best-in-class, catalog, metadata management, and data governance without compromising on data democratization.
Related reads on data governance policy
- What Is data governance & why does it matter?
- The importance of a data governance framework
- 8 data governance best practices to help you get started in 2022
- What is the difference between data governance and data management?
- What is data stewardship: Meaning, benefits, and its importance in data governance