Their exists this cohort of operations companies claim they take seriously but in reality do not.
It looks good to say that they do it, but in reality the consequences of them half-assing it are both not that dire and/or not detectable by those who could hold them accountable.
Which is why they fall to the way-side.
It is not until something happens that flips that equation on it's head that a company will actually invest the right time, effort and culture into doing it properly.
A great example from the past decade was Information Security. Once upon a time it was this thing companies half-assed their way through. They made sure they had a few firewalls and went about their day.
Then Sony got hacked and a few million credit card details went walk-about and all of a sudden, Information Security got the attention it deserved.
Their are some concepts that look like they will forever live in this limbo state. Information Management is one for example, it's important, just like Information Security but it's consequences aren't dire enough. Let a hacker into your network and not only can the damage they inflict be monumental but the legal recourse along with the loss in customer faith can sink a company. Fail to practice information management properly and funnily enough employee morale goes up. (I love information management btw - read my article here.)
Currently sitting in this group is Data Governance. Everyone claims they do it, but it's obvious that no one it doing it properly. It's being paid lip service.
Just look at the constant news stories coming out every week.
- Snapchat employees used internal tools to spy on whomever they wanted.
- Facebook allowed new partners to access customers private messages.
- An Instagram add-on hosted personal information about famous Instagram users on AWS without a password or encryption.
- Internet providers are selling your data without your consent.
It is fundamentally clear that the companies who should be at the front of good Data Governance are not doing it correctly, which leaves me to wonder about the rest of us.
And it's not just poor data security either, companies are acting either outright unethically or choose to live in the grey areas, never asking if they should, just testing whether they can.
It is vital, now, more than ever that companies act ethically with their data. Legislation hasn't yet caught up to the technology we invented in the early two-thousands let alone the last few years. GDPR was a great start, just like CASL, but it was a baby step in the grande scheme of things, and shouldn't have had to happen. We should be self regulating, not so arrogant a governing body has to intervene.
With data science being pushed to the forefront and the pressure to develop AI that's not just a boat load of logic rules we need companies to get serious about what they are doing with their data. Not just lying to everyone and hoping nothing leaks.
That means Data Governance is implemented properly so it can be practiced seriously.
And yes their is more to Data Governance, than security and ethical use, but they carry the most fallout when not done properly. What good is a sanitized data set if its stored on AWS in plain text without a password? Hey it's great your data catalogue is accurate but what are your users going to do with the data they can now access it, better than before?
The thing these companies don't realize is, that by not doing Data Governance properly, you work against the data governance processes you have implemented. A poor data governance process becomes something your staff endure, put up with, and often invest time into working around. A bad implementation increases risk and overhead, so why have you bothered in the first place.
I say with utter confidence that Data Governance will be taken seriously in the next decade, but what is it going to take to get it there. Who is going to shit the bed so badly that we all take notice?
Because that's the reality we live in right now. Currently you are all paying lip service to Data Governance. The customer doesn't know what you're doing with their data, and can't find out so you think you are safe. It's easier to say you do it and not practice it, so you that's exactly what you, and your entire company thinks this way, instilling a culture of workarounds and picking and choosing what rules to follow, not to mention acting ethically isn't making you money right now. How many of you passed the ISO 27001 standard? Have you really?
Can't you see this bubble is about to pop? Someone, will fuck up so badly that the governments and public will react, and you'll have to scramble to get something in place. Just like companies had to scramble for GDPR. It is a sign that our industry has failed, when legislation has to be enacted upon us. Because laws don't come from a position of experience, they come from a bunch of people who didn't know anything about our field six months ago, who are forced to make decisions that effect all tech companies, both now and in the future. Their is no such thing as a one size fits all legislation, it will stifle future innovation and opportunity because it has to apply to a list of requirements set by a bunch of people who lack the industry experience.
But unlike GDPR, you can't just wait until it's forced upon you, you need to adopt it now.
Many company's implementation of GDPR was messy, implemented at the last minute, into systems that never had this requirement in mind. Tacked on as an afterthought. This makes for a poorer overall experience, reduced efficiency, and I would be hesitant to say their is a good culture around it. The same thing will happen for Data Governance. It needs to be implemented properly, with sufficient lead time, culture and resource. If it gets the point where legislation is forcing you to do it properly, you'll half-ass it again, tack it onto your current technology like an after thought and then you will be right back in the same spot you are now. A system that slows your company down, has no buy in from the staff, and will increase the risk of something going wrong.
Do Data Governance properly, now, because it's not something that can be rushed. Proper Data Governance reduces risk and improves efficiency, half-assing that does the opposite. If you wait until its legislated onto you, then you'll have no choice but to half-ass it, slowing your company down and increasing the risk of something bad happening, except by then, their will be legislation to punish you with.
Photo by Fredy Jacob on Unsplash