In a previous post, we discussed the importance of establishing a data governance framework to ensure the accuracy of the information being used to guide business decisions. Perhaps more important is the role of effective data governance in ensuring compliance with government and industry regulations.
Organizations of all sizes and in many sectors must comply with a wide range of regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS) and the Gramm-Leach-Bliley Act (GLBA). Increasing scrutiny and noncompliance have resulted in billions of dollars in fines, sanctions and lost revenue over the past decade.
Data quality and integrity issues can undermine an organization’s ability to monitor or report on key metrics, and that can create substantial compliance risks. Often the problem is related to aging IT environments that cannot keep pace with exponential data growth. As organizations capture and store ever-increasing amounts of data from a variety of new sources, they are often unable to properly integrate this information. This can lead to the creation of data silos and a dependence on manual, spreadsheet-based processes that introduce high levels of user error in reporting.
To maintain regulatory compliance and customer confidence, organizations should make data governance an essential element of their overall IT strategy. However, data governance should not be treated as an IT project that can be handled by software. It must be viewed as a business function requiring the involvement of stakeholders throughout the organization.
The danger of an IT-centric approach is that data won’t be managed as an asset that crosses organizational boundaries. You can wind up with a series of tactical projects such as storage upgrades that have no real effect on underlying data integration issues. Ultimately, there will be no discernable impact on your compliance and risk mitigation efforts.
To ensure an organization-wide emphasis, Gartner says companies should put someone in charge of data management and control. Ideally, this person would have both business and IT responsibilities and a background in legal and compliance requirements specific to the industry they work in. He or she will help guide the development of a governance framework that supports compliance and reduces risk. Such a framework should include:
- Key stakeholders who will work to define policies, processes and performance metrics.
- Integrated tools for storing, searching and protecting data.
- Automated data quality tools to ensure data conforms to defined standards.
- A robust identity and access management system that provides visibility into who, where and how data is being accessed and supports auditing and reporting requirements.
- Regular data quality audits to correct and improve compliance processes, management, reporting quality and compliance data.
- An employee education program to help ensure that everyone is aware of the importance and benefits of compliance, and the ramifications of noncompliance.
Data growth affects not only your IT environment but your compliance requirements as well. Given the day-to-day demands on your staff, you might find that working with a third-party solutions provider is a sound investment. SSD Technology Partners can give you an unbiased view into your current IT and suggest tools and processes that will enhance your regulatory compliance efforts.