Data Governance: Operational Controls to Protect Personal Information

Here's a presentation on Data Governance I gave to the Sydney IAPP KnowledgeNet Chapter today.

The key points:

• Data is both an asset and a lability for an organisation, and different parts of an organisation will have different perspectives

• Data governance is a necessary, organisation wide capability requiring co-operation to be effective

• Emerging and current technology can significantly uplift the maturity of data governance quickly

• Some areas to start with:

  • Data scan to create an organisation-wide data (and PI) inventory

  • Establish a cross-organisational data governance forum

  • Stop collecting and stoting unnecessary sensitive data such as identity documents, use ID&V providers

  • Understand the data risk of third parties involved in delivering services to your organisation