Is Data Governance the CDO’s Responsibility?
Updated · Oct 14, 2016
Data governance was a hot topic at the recent MIT Chief Data Officer and Information Quality (CDOIQ) Symposium. In a discussion titled The Evolving Role of the CDO in Healthcare: Challenges and Opportunities, panel moderator Nick Marko, a former chief data officer of Geisinger Health System, described the difficulty in overseeing data governance.
“My role as chief data officer [has included] oversee[ing] data governance,” Marko said, noting that, for him, the ever-present challenge for CDOs is: “How do I eliminate all the barriers that have sprung up here over the course of the last 20 years to prevent people from getting to their data, and really [get] information to people quickly and without barriers?”
Many observers insist the chief data officer’s involvement in data governance is essential. In another symposium presentation, MIT Sloan Business School professor Stuart Madnick, said, “the CDO … is focused on data governance.”(The telling title of Madnick’s session: The Role of the CDO in Organizational Cybersecurity Governance.)
Yet data governance isn’t the chief data officer’s only or, debatably, even most important job. Marko said his role as CDO also included the oversight of data management, data science and data strategy throughout the organization. Chief data officers play a more strategic role for at least some companies.
Other CDOs and experts attending the event called into question whether the responsibility of data governance properly falls to the chief data officer at all.
Data Governance, the CDO and Business Leaders
“We have a lot of interesting discussions as to what CDOs are supposed to do. Just one comment [I have] is [that] data governance is specifically owned by the business,” said Mark Ramsey, CDO of GlaxoSmithKline (GSK) and senior vice president of GSK’s research division, in a panel discussion titled Dynamics between the CDO and the CIO: The Case of a Major Pharmaceutical Company. “That’s not a CDO responsibility that I have.”
Ramsey justified his organization’s take on the matter by comparing data governance to information security. While both areas necessarily involve the CDO’s participation and input, Ramsey argued that neither is the CDO’s direct responsibility.
“The business owns data governance. That’s not some ‘nobody wants it so give it to Mikey’ kind of thing,” Ramsey said. “I participate in that but I don’t own it, and I don’t want to own it because that’s something the business needs to deal with.”
Business leaders may struggle with the responsibility for data governance, Ramsey said.
“The business owns the data, and we [as CDOs] are [merely] custodians as it passes through — and that ownership comes with it making sure the [data] quality is at a certain level,” he said. “There’s gonna be a lot of pain [put] back on the business owners because they’ve gotten away with doing some things in the past that aren’t going to be acceptable as we move forward. It’s going back to the folks who created the data — so it’s ‘Wait a minute. If I just do it right, I don’t get all these questions; I don’t get the overhead.'”
Ramsey and GSK’s position on data governance is hardly unique. Take IBM, for example.
“Every business unit leader is part of a governance committee [at IBM],” said Shamla Naidoo, IBM’s CISO and vice president of IT Risk, in a presentation titled Securing Big Data. “They all report to [CEO Ginni Rometty], and she picked two of her direct reports to co-chair this committee.”
Even beyond the people and organizations represented at the symposium, the view pervades. During a recent internet radio show and chat session titled A Look at Tomorrow’s Data Scientist, guest Robert McGrath, director of Graduate Programs in Analytics and Data Science at the University of New Hampshire (and also professor and chair of the university’s Department of Health Management and Policy), indicated as much when he was asked: “As we look at the present, the future, and the evolution of data science, whose job — properly — is that of data governance? What is the data scientist’s relationship to data governance, properly?”
“In some organizations I’ve seen it in IT, [in] others its administrative, and [in] others [in] finance,” replied McGrath. “I think it depends on how mature they are in the analytics lifecycle. Is their data viewed as an asset? A raw material? Or maybe as waste? Let’s hope not!”
It is fair to conclude from McGrath’s observations that the responsibility over data governance could just as easily fall to the CFO, the CIO or even the COO.
Data Governance’s Back-seat Driver
That said, however, the chief data officer’s role may fall under and ultimately answer to one of these members of the C-suite — potentially making the job harder for a Ramsey-sympathetic CDO to shirk.
Going back to Ramsey’s example comparing CDOs to CISOs, it is worth noting that CISOs often answer to the CIO, the CFO or even a non-C-suite position such as the organization’s general counsel; rarely are they considered as equal or senior to fellow C-suiters. From this perspective, it is difficult to adopt Ramsey’s philosophy; even if non-CDOs manage day-to-day data governance operations and strategy, the chief data officer may still inevitably bear some responsibility for data governance.
Indeed, directing and maintaining the assignment of data ownership is a key component of data governance. As the old adage goes, if something is everybody’s job, it’s nobody’s job. Similarly, if data belongs to everybody, it belongs to nobody. Consequently, it cannot be properly governed.
That said, depending upon the organization, the chief data officer may need to go above and beyond to help guide data governance — or, at least, help ensure that that guidance is well vested with another going forward, allowing the CDO to focus on other aspects of the organization’s data.
Joe Stanganelli, principal of Beacon Hill Law, is a Boston-based attorney, corporate communications and data privacy consultant, writer, speaker and bridge player. Follow him on Twitter at @JoeStanganelli.