There are a number of ways data management and governance programs may be organized. But generally, there needs to be a hierarchy that includes a highest level of executive sponsorship delegating policy definition enforcement and monitoring to increasingly more granular levels of supporting teams and resources. This slide depicts just one example of a high level structural approach that shows the overlaps of the common information supply chain data flow paradigm, prevalent in most organizations with the need for key corresponding organizational roles. As the diagram depicts, this organized data management needs to be present across all stages and levels of the natural flow and movement of data as it travels across the assorted data topologies in the organization. As you can imagine, this can get complicated quickly with increasing organization complexity and diversification, and especially for those that have grown more futuristically, with distributed domains of business ownership and technical control. In my experiences helping organizations implement data privacy and related governance programs, I've also seen many organizations incorporate data privacy initiatives into their larger information life cycle management governance programs. In some organizations, this may be a more natural fit, as data privacy, data security, data retention, and records management, are all very much aligned from an objectives perspective protecting data. No matter the approach however, it is important to be clear that there are inseparable ties between the need for a sound organizational foundation and building an effective set of data privacy approaches. Typically to be effective, a complete top-to-bottom structure must exist, executive support at the top, the filtering mechanism or council that can interpret and transpose specific business visions, into tangible and realistic objectives for establishing governance policies and practices, a governance office or a center of excellence that can examine specific objectives defined with proposed policies and practices, compare those against a larger organization and industry wide set of data governance standards. Clearly identified, business level assigned owners both, all data resources, data stewards or brokers between the data owners and the technical mechanisms of governance execution. Then the data level custodians or engineers, who are in most cases responsible for the technical level execution, and application of governance practices, integrity, quality, classification, and privatizing data. Depending on the maturity and size of organization, these structural definitions and responsible party assignments can vary in complexity and scale. Resources, may play multiple or combined roles, what's more important is that there is a clear line of responsibility and continuity from the data governance vision down through the policy and practice definitions, then finally through to execution and measurement. A well-defined structure supports the establishing of a set of mutual and interlock responsibilities, between and across the business policy levels and the technical levels of the organization, each of the business and IT levels will require carrying out of different duties, and a lack of clear boundaries and responsibilities, or clarity on authority to act can lead to ineffective or non-existent execution. Take some time to read through these and get a feel for the separation of duties and responsibilities that are all connected to successful actions and outcomes. Subscribing to this model of roles and responsibilities can support any number of data governance type initiatives, whether that be quality or privacy and security, or data retention, or even more advanced capabilities such as, master data management initiatives or common data initiatives. The key takeaway, we need clear guidance that sets policy in alignment with overall organizational governance office policies and best practice guidance. These must be driven by executive and departmental leadership, reinforced with clear mandates, and the ability to delegate authorized execution. It's from this empowered foundation that then business area leaders and process owners can take this direction and authority to create more actionable plans for executing on the goals established, at more tactical levels. Data stewards and engineers translate these authorize tactical plans into actual physical actions of governed data behaviors. So walking quickly through some of the diagram, we see at the very highest levels the governance leadership across departmental teams formulating and reviewing their plans and strategies and defining the policies, providing guiding principals for the governed behaviors. The governance office reviewing those, and helping that team prioritize in relation to other enterprise governance objectives, and assisting with identifying perhaps other governance-focused data stewars or coordinators across the organization that can assist with those efforts. Business process owners are taking all that guidance, formulating those into tactical plans, helping to resolve any tactical level escalations in identifying and engaging the operational data stewards and custodians. Then at the steward and engineering levels, where the rubber meets the road and the actual activities of governance behaviors begin to get implemented. With this hierarchy of roles, critical to making this work is a set of structured communications. Often when we discuss organizational structures, we describe them as how people in departments will be grouped together, or aligned with some common objectives. But as important as what the structure will look like, is how the roles will interact. Interacting includes communicating verbally and procedurally to efficiently and effectively reach the stated objectives. The how dimension of making this work structure model effective is dependent on managing the information flows and communications, just as we would manage any other important process flow in the organization. Defining a structured communication model is one of the IBM prescriptions for facilitating these communications. This model of communication must be officially recognized and managed within the organization to hold some force initially identified governance objectives, but to also help expose or mature, where new or explicit types of governance details, definitions, or policies and processes are necessary in order to improve the original governance capabilities prescribed. As you can see in the diagram, these communications really need to occur both laterally and vertically, but it is essential that the communications vertically are well-defined and effective. These are the communications of the policies and standards in the prescriptions, and also things like the escalations and arbitration's and negotiations processes, how do we resolve conflicts over how certain things are getting implemented? How do we resolve conflicts over discrepancies, over resources and resource constraints? All of that needs to be defined within some degree of a communications model that the organization can turn to when it needs to start on the implementation process.
