Why data governance is not an option

With the global increase in data breaches, like the biggest data fiasco of Facebook and locally the massive cyber attack on SingHealth’s database, the simple question of “Where is my data?” now requires answers that derive from the complex universe of data governance. 

In Singapore in particular, the most serious breach of personal data, where 1.5 million SingHealth patients’ records were compromised, prompted the government to beef up its cyber defences whilst it continues with digital transformation as part of the Smart Nation initiative. Prime Minister Lee Hsien Loong was quoted saying, “(The SingHealth cyberattack) was a harsh reminder that cyberspace is not a benign environment, and we have to do much better in keeping our IT systems and data safe and secure.”

It must be noted that the risk to companies from a breach of their data and privacy violations is not confined to financial losses. Perhaps even more significant is the potential loss of trust. Facebook, for example, has not taken a major hit on its revenues since revealing the scale of its hack, but because data privacy made the headlines in Europe for a month or two, intensified by the Cambridge Analytica scandal, Facebook lost members in Europe for the first time in history. At the same time, many of the European members opted out of personalization of ads, which is the core Facebook model.

Data safety and security is a new business imperative that organisations must ensure, and this now calls for effective data governance that increases at scale. 

The essence of data governance
A well-crafted data governance strategy is fundamental for any data-driven organisation to ensure that roles related to data are clearly defined and compliant with relevant government requirements, such the EU General Data Protection Regulation (GDPR), the US HIPAA (Health Insurance Portability and Accountability Act), and the Singapore Personal Data Protection Act 2012 (PDPA).  

An effective data governance strategy builds a framework that provides data accuracy, completeness and consistency. It also ensures the creation of data maps which pave the way for an advanced ability to understand the location of all data related to key entities, necessary for data integration. More importantly, an effective and properly implemented data governance strategy will provide entities the necessary boost of trust, integrity and confidence, which are undoubtedly definitive and basic requirements for the success of any business. 

In order to find the right data governance approach, organisations can opt for the open source, scalable data centric platforms that can be integrated quickly and economically with the existing environment. Now that Cloud has become the most popular deployment model for digital trasformation, it has to be considered for governance as well. As the focus is on delegating certain tasks to third parties, such as infrastructure management, application development, and security, it makes governance even more critical, as companies need to control their data even if it lives beyond the company's walls. 

The Monetary Authority of Singapore recognises the importance of data in the modern economy hence, new data analytics tools provide policymakers and firms with better support in their decision making processes. Therefore, to improve its capabilities in the governance, usage and management of data, the Monetary Authority of Singapore has established a Data Governance and Analytics (DGA) unit.

Cloud is also about virtualisation of technical resources, which can create data sovereignty challenges —such as with regulations that mandate that data resides in a certain place or country. In addition, cloud-first strategies generally encourage decentralisation, allowing lines of business or workgroup to roll out their own system independently, which could result in a uncontrolled data sprawl.

Hence cloud migration calls for relevant data sovereignty that ensures proper compliance with the laws of the country in which the information is located or stored. These laws are emerging as a key impediment to cloud-based storage of data, and they need to be fully understood and considered when information is created in one country but then moved to another country for analytics or processing.

It is not optional
With the incredible amount of data that an organisation deals with, the application of an appropriate and sound data governance strategy, implemented through the right tools, will ensure that the data is trusted, well-documented, easy to find within the organisation, and that it is kept secured, compliant and confidential.

Ng Hoo Ming, deputy chief executive of operations at Singapore's Cyber Security Agency (CSA), could not have been any more adamant during his keynote at the RSA Conference Asia-Pacific Japan this year. Stressing the importance of data governance in steering an organisation's data management practices, he urged decision-makers not to dismiss its role during new implementations. “Doing so would open up the risk of cybersecurity attacks and the reason why some organisations would take considerable time to realise they had been breached,” he said.

Data is the lifeblood of business operations, digital economies and smart nations, he noted, but amidst a current landscape where cyber threats were real and personal data breaches were growing, data governance must be viewed as an enabler – not hindrance – for business to run smoothly.