Data Strategy and Governance

Successful implementation of data governance requires fit-for-purpose processes and appropriate technology. Data quality can only be improved if business processes are improving and are considering critical data governance aspects. Technology can be a significant enabler of increasing data quality. Examples of data governance activities that improve data quality include (but are not restricted to):

• Providing master and reference data sets from authoritative data sources
• Automating the detection of data quality issues
• Formalising responsibility for ensuring data quality at the point of collection

When business processes are maturing, the quality of data should increase. In return, an increase in quality data will lead to greater accuracy in reporting and advanced analytics. These reliable insights will lead to improved decision-making support in processes.

To achieve a higher Data Governance practice maturity, cultural and mindset changes across the organisation are very important. Being accountable for the way we capture and ethically use our institutional data is key to ensuring that we reduce risks and increase operational efficiencies. To enable this, UQ will establish data governance structures including roles and responsibilities for key data stewards and custodians to champion this cultural change. Ensuring data is of appropriate quality is one of their responsibilities.

However, the above can only be achieved when there is a higher level of data literacy in our organisation. Data literacy is the ability to identify, locate, interpret and evaluate information and then communicate key insights effectively. Historically a small number of experts in our organisation had this ability, but uplifting data skills throughout an organisation can democratise analytics and be a game-changer. An awareness and appreciation of the importance of data quality need to be pervasive at all levels of the University.

Data literacy is also important for UQ to comply with regulatory expectations. Staff must be aware of, trained in, and adhere to relevant University policies and procedures. Compliance is highly dependent on the day-to-day behaviour and actions of UQ community members. To date, most data breaches reported to Queensland’s Office of the Information Commissioner have been triggered by accidental transgressions of staff members. For example, sending a single email containing sensitive information to the wrong recipient may breach legislation, with serious consequences for both the individual involved and the University.

Data provides a powerful foundation for decision-making; however, many University decisions are still being made without knowledge of or access to this critical resource. UQ is committed to improving this culture and is investing in data and information management initiatives. Data governance is critical in improving the visibility and controlled access of available data as well as establishing common understandings of terminology, context and meaning of data. Examples of data governance initiatives include (but are not restricted to):

• Business glossary
• Data asset register
• Data dictionary and data catalogue
• Data stewardship tools and processes
• Master data management
• Rationalisation of information systems

Understanding data lineage is also important in an environment where data is extensively shared and integrated. Knowing where and how data was created, where it is stored, and which systems have access to this data are becoming more critical due to changes in legislation.

Data brings both opportunities and risks to the University. Capabilities such as ‘big data analytics’ are of great value, but they also give cybercriminals the opportunity to access mass quantities of sensitive and personal information if it is not adequately protected. On the flip side, the ability to harness the variety, velocity and volume of big data has ushered in new possibilities in terms of analytics and security solutions to detect malicious activity, protect data and prevent future cyber-attacks.

Data governance is able to assist in the identification of critical data assets and inform appropriate security controls.

Regulatory scrutiny of the protection of data is becoming more intense and community expectations are rising. New data protection laws including GDPR and mandatory data breach reporting pose significant compliance costs and complex challenges to UQ. To respond to this, we must increase our understanding of our data landscape. Being disciplined in the ways we govern, manage and store our data enables us to satisfy regulatory requirements related to data, which will reduce cost and risk to the University.

To comply with data protection laws, UQ staff must be trained in and adhere to University policy and procedures. Compliance is dependent upon the day-to-day actions of every staff member.

The IT division traditionally supported the discovery and accessibility of data. In recent years, the demand for data has grown, and central teams struggle to meet demand with the processes and tools currently in place.

As the University relies more on data to improve user experiences and inform decision-making, it is critical to know which data is available, understand its meaning, and be able to easily access this data in a controlled way.

The number of information systems and the volume and variety of information they hold increases exponentially, and it is challenging for most institutions to manage and govern the volume and variety of data. This presents complex challenges when applying policies, responding to discovery or regulatory requests and determining compliance with privacy requirements.

Not being able to identify or dispose of data in accordance with regulations will increase risks and costs without appropriate data governance practices being implemented.

Data analytics has changed in recent years with trends such as data science, big data, artificial intelligence, machine learning and self-service analytics. UQ is investing in advanced analytics capabilities, and sound data governance practices are foundational to the sustainability of these new and rapidly evolving capabilities.

Increasing visibility and access to more data will enable our analytics community to generate meaningful insights to support decision-making or identify risks.

Cyber threats are growing in volume and becoming more sophisticated. Breaches and cyber-attacks regularly impact major brands and government agencies, resulting in reputational damage and economic impacts for many affected organisations. Being the target of a cyber-attack is inevitable for a large university such as UQ.

Data governance can support cybersecurity initiatives by identifying our critical data assets and determining the minimum controls that should be in place to protect them.