Drawing the line between Data Governance and Data Management
Everyone else has had a go at trying to define the difference between these - so whats the harm in one more attempt at clarifying this.
tl;dr: Data Governance is executive bullshit, and Data Management is nerd bullshit. Data Governance is both setting the policies for correct behaviour of an organisation and how management monitors compliance with policies to improve accountability. Data Management is the subject matter expertise to put policies into practice.
The areas of data governance and data management are very similar – but very distinct disciplines. But because of the overlaps and similarities there is often a lot of confusion on the differences between these disciplines. The easiest way to examine the similarities is to look at the goals of these disciplines, while the easiest way to understand the differences is to look at who has the most active role in achieving these goals.
The primary goals of data governance and data management are the same – to have data that is secure, trusted and valuable.
Any organisation that collects data and uses it for decision making wants data that is:
secured – if data isn’t secure, it is at risk of theft leading to a loss of reputation, legal action or reduced value through the loss of the competitive advantage that data provides
trusted – if data isn’t trusted, decisions take more time to verify leading to reduced efficiency, or incorrect decisions will be made using faulty data leading to lost opportunities
valued – if data the value of data isn’t known, high-value data is at risk of disposal before it can be used to its best potential, or low-value data is kept for longer than necessary wasting resources for storage and management
Data Governance and Data Management both have a role in maximising the security, trust and value of data. The difference is how these goals are achieved and who is responsible for achieving them.
For data to be secured, trusted and valued, data must be collected, used and disposed of in a way that achieves these goals. Data Governance is the both the process of setting policies and procedures that must be followed when using data to maximise security, trust and value, as well as monitoring processes to ensure that these policies and procedures are followed. Data Management is the activities that are done and procedures that are followed to ensure that data is handled in a way that is secure and maintains its trust and value.
For example, when sensitive data is stored, a common policy is that it is encrypted so that unauthorised people cannot access it – because if the wrong people accessed data, it could be leaked (reducing security), altered (reducing trust) and exposed to competitors (reducing value).
In this example, the role of data governance is setting policies that any data that is classified as “sensitive” is appropriately tagged as sensitive, and that this data is encrypted. Data Management is focused on how this is achieved in practice, through selecting an appropriate industry standard for encryption and implementing alerts to monitor for unencrypted data.
If the organisation has put in place the goal that “all sensitive data is encrypted”, if 25% of data is not appropriately encrypted the appropriate course of action for a Data Governance executive is to report failures to their fellow executives and direct resources to increase compliance. Data Governance executives don’t need to worry about how encryption is technically achieved as they can rely on the support of Data Management subject matter experts. The appropriate course of action for Data Management subject matter experts is to help business areas implement encryption technologies without worrying about change management challenges or how to “convince” others to change as they can rely on Data Governance executives to have used their authority to provided direction to business units.
This separation of governance and management allows each discipline to focus on the issues that they can influence. As we will see in later chapters, once policies have been put in place the goal of governance is monitoring for compliance.
When this separation exists, Data Management subject matter experts have the opportunity to provide input into policies and procedures, and are responsible for putting this into practice. Data Governance executives are then responsible for monitoring that key policies are being followed. These are two sides of the same coin working to achieve the same outcome. On one side, without data management, there is no way to implement the technical controls. While on the other side of the coin, without executives with the authority to direct resources, there is no way to implement organisational change and achieve compliance.
As a former subject matter expert/data nerd, Data Governance is simply about getting data nerds to define the technical standards required for the organisation, and once these standards and policies are defined and endorsed, the role of governance it to focus on using executive structures to ensure that everyone else follows them.

