Accessibility Links
Main Content
« Master Data Discovery and Data Mapping Clarification on Defining Master Data Management »

Privacy Policies and Data Governance

April 24th, 2008

I had a conversation recently with a client that yet again confirmed my developing notions surrounding the relationship between business policies and data governance. The discussion focused on how defined business policies relate to information policies, which in turn are composed of data rules that can be monitored and their compliance measured. In this conversation, the client mentioned that the company was considering how data governance could be used to oversee information sharing for the purposes of marketing. The questions hinged on what data could be acceptably put to the marketing purpose without overstepping the bounds of the organization’s privacy policies.

In this case, my thoughts on business policy monitoring as a part of data governance is the right approach - essentially the policies need to be dissected into their component business rules and data restrictions to identify where data oversight can be applied. Documented compliance to business rules that are derived from the policies provides auditability and thereby minimizes some of the risks potentially exposed by the business process of data sharing. Especially in a time when the sin of exposure of protected information is trumpeted to the high hills, providing auditability of data protection is worth a lot.

By the way, if you were unable to attend the presentations I did at the recent DataFlux executive briefings on Data Governance in Princeton, Waltham, or Chicago, let me know and I can share some of the material I discussed.

Leave a Reply

(required)
(required)

The blog content appearing on this site does not necessarily represent the opinions of DataFlux

Author's Other Work

Below are some additional resources which David.Loshin produced or helped produce.