Getting Data Governance and Legal to Work Together

As data governance becomes increasingly part of the business (rather than an offshoot of IT), it must proactively seek to build links with other areas of the enterprise.

Two paradigms dominate the IT mindset: the drive to build and maintain a technical environment; and reacting to requirements provided by business users.  Neither of those paradigms involve proactively engaging with other areas of the business, and to the extent that data governance was conceived in IT, it must discard these paradigms. Instead, data governance must actively seek out partnerships with other areas of the business, and present a vision of synergies that can benefit the enterprise as a whole. One of the most important of these business areas is the legal department.

What Can Data Governance Do for Legal?

Before data governance approaches the legal department to establish a mutually beneficial partnership, data governance should have a clear idea of what it can bring to the table, and some understanding of how Legal Departments function in general. Let us consider some of the ways in which Data Governance can support Legal.

Operationalizing Data-Related Laws and Regulations

Legal is, or should be, the source of regulations about data privacy and protection in the jurisdictions within which the enterprise stores, manages, or accesses data. However, legal typically cannot translate these rules into operationalized practices that ensure the enterprise is truly in compliance with the law.

Data governance can bridge that gap. It can provide an understanding of the situation in the environments that manage data, and help to identify potential gaps with respect to laws and regulations. Jointly, with legal, data governance can help to determine what solutions have to be put in place to deal with these gaps. These solutions will often be changes to business practices rather than changes to the underlying systems. Put another way, anything data governance can do to help solve these problems without involving IT will be greatly appreciated.

Ensuring Contractual Compliance

Besides laws and regulations, another great concern of legal is ensuring that data acquired under some form of contract is managed in compliance with such contracts. Unfortunately, the business in general often thinks that any data inside the firewalls of the enterprise is fair game and can be used for any purpose whatsoever.

While legal can sign off on a contract, it is typically not going to be involved with monitoring the enterprise environment to detect if the data is being misused. It will likely only get involved if the counterparty in the contract suspects potential misuse and seeks a legal remedy, such as threatening to sue the enterprise.

Data governance can assist in this area by acting as a gatekeeper to prevent illicit reuse of data. For instance, data governance can establish a presence on the Architectural Review Board (ARB) that many enterprises have. There are a number of other reasons for data governance being on an ARB, such as enforcement of data standards, but detecting contractual data concerns is a major one.

In order to carry out this work, data governance must understand what is implied in the contracts that exist about data. Such contracts may be with data providers, who sell data to the enterprise, or with customers who give their data to the enterprise.

How Legal Works

Having discussed a few of the needs that have to be jointly addressed by data governance and legal, data governance needs to understand how it can approach Legal. Data governance has to potentially interact with all the operational units of the enterprise. It can only do so successfully if it understands the subcultures of these units. So what is special about legal?

Opportunities and Risks

If data governance can establish a successful relationship with legal there can be enormous benefits to the enterprise. However, data governance also needs to be careful. It should not end up being perceived as the paralegals for the legal department in matters of data management. This will detract from data governance’s independence, and its standing in data-related concerns that have nothing to do with Legal.

Of all the organizations units that data governance can establish a partnership with, legal is one of the most important. In every enterprise, data governance should seek to build and maintain this partnership for the long term.
This article was written by Malcolm Chisholm from Information Management and was legally licensed through the NewsCred publisher network.