James Shaw is a Data Governance, Protection and Management professional with experience in managing data risks and assisting data transformations. He is the Data Risk Lead at esure Group.
How long have you been working in Data Governance?
I started work in Data Governance specially about 4/5 years ago, but have broader Data Management experience prior in Data Analytics and MI. Drawing on my Data Governance experience, more recently I have moved into Data Risk Management which concerns second line oversight of key risks to Data including those relating to Data Governance, Protection and Management.
Some people view Data Governance as an unusual career choice, would you mind sharing how you got into this area of work?
Like a lot of fellow Data Governance, Management or Protection professionals, I started in Data analysis and reporting where I learned how to interpret and utilise data, as well as the need to manage data effectively. Through Data Analyst roles I developed a keen interest in data risk and data management specifically, and also searched for a role that was more people focused. I believe Data Governance/Management/Protection is for people who love Data, but also love people and cultural/structural change. Thankfully I was lucky enough to start my Data Governance career under Nicola Askham herself and consider myself fortunate to have had that introduction in an industry that is very young in experience.
That Data Governance is considered ‘unusual’ is a common (and somewhat justified) view I agree, but I don’t think Data Governance as a corporate function should be as niche or unusual as it’s widely perceived. The governance and management of Data is not just desirable but essential to maintain control and discipline over any organisation just as we do with People or Systems.
If that is perceived as unusual then it is perhaps a sign that Data Governance has sometimes been boxed in as a regulatory specialism (particularly in Banking, Insurance and other highly regulated industries), or narrowly defined as data quality deficiency meditation.
I would like to think that actually logically, the overall governance and management of Data should eventually be given as established a platform as the governance of IT assets or similar. The emergence of the Chief Data Officer and similar functions suggests that Data Governance is establishing itself in organisational Leadership and strategy plans.
How do you see Data Governance evolving over the next 5 years?
As mentioned above, I envisage the management of Data will become a high level function in it’s own right and no longer an oddity or ‘in trend’! If Data Governance/Management/Protection professionals can frame themselves in the right way, that is as persons in some capacity responsible for ensuring the integrity, availability, security, protection, ownership and understanding of organisational data, then they will be perfectly placed to deal with emerging and residual data risk, as well as supporting data transformations that seems to commonly underpin corporate strategy. If Data Governance is able to embrace this challenge, and not shrink to tick boxing or specifics in complex data regulations, then there will be an accelerating demand for professionals who can demonstrate this experience. Every year we see an increase in Data Governance/Management/Protection professionals and this of course solidifies the position of the function in its own right.
I also expect Data Governance to develop beyond its focus on Data Quality and apply more equal weight to all aspects of data management, which will also blur the lines between the different factions of data responsibilities. For example, I imagine Data Governance working more closely with Information/Cyber Security, Data Engineering, Data Privacy professionals etc. to deliver common objectives. Which is not a bad thing! Finally, as Data Governance branches out, I would hope to see the expansion of principles embedded in Solvency II and similar quality regulations to other and all types of data, as I believe the principle that data should be accurate, complete and appropriate to be fairly universal. As too are the principles of Data Protection, in terms of understanding, protecting and using data for the right reasons, I don’t think these principles should only apply to personal data. The regulations can, potentially, establish universal principles and ethics as intended.
What are the biggest risks and threats to organisational Data right now?
Other than large scale cyber breaches and hacking incidents, which is not the domain of Data Governance, the biggest risks perhaps lie in the volume of data that is being accumulated and an organisations’ ability to control and manage it. Data volumes and input is being ramped up and the investment in Data Governance is not always keeping pace. When that data is sensitive, confidential or personal, the risks are multiplied. Challenging the assumption that more data is always better is a huge test for Data Governance because the corporate giants of today’s world and those perceived to be at the top of the pyramid consume data on a vast scale. The important point here though is that they are able to apply the equivalent resources to control and manage their data so it becomes a benefit and not a hinderance. Organisations have to be able to understand, catalog, control, and manage their data effectively otherwise it becomes polluted and uncontainable, aka. the dreaded data swamp. It should be understood that the potential consequence (other than the increased regulatory risk) of plugging in data that is not really needed, is that the data that is genuinely needed can be diluted, contaminated and harder to find. I would advocate smaller volumes of quality data that is understood, useful and manageable rather than drowning your systems in data.
What single piece of advice would you give someone just starting out in Data Governance?
I would say that building data related experience is a priority, but as too is developing soft people focused skills. Data Governance is about effecting organisational management and change. So whereas a MI analyst for example may be used to delivering independently, a data governance specialist needs to be effective in driving co-operation and initiatives with the wider business. Sometimes getting other people to do things can be harder than doing it yourself! I would recommend developing yourself as a rounded individual, with a balanced set of skills. Unlike some in the industry, that while useful, I would not recommend focus necessarily on developing technical computer language skills as a priority nor would I think necessary to become an evangelical in people persuasion.
Two of the most important skills I would empathise are patience and tenacity. You have to be able to keep going until you deliver results and be creative as to achieving that – Data Governance is never going to be easy to achieve and instant results are rare.