The Case for Value-Driven Information Governance and Privacy Programs

Establishing a Proactive Governance Program Is a Business Imperative

Against a changing and complex regulatory and technological backdrop, establishing a proactive governance program designed to derive value and insights from corporate data has become a business imperative. However, many organizations struggle to effectively and efficiently develop holistic programs that enhance data operations and derive value, reduce risk and support compliance activities.

Executives and leaders at many firms are still struggling to fully understand and catch up to the sprawl and proliferation of data that continues unabated. While some of that data has value beyond a short period of time, much of it represents added risk, with marginal value. In many situations, data owners and the responsibility or stewardship rules for data have not been established. In others, there is not a collective concept of governance across the business.

Especially at a time when artificial intelligence is front of mind, from the boardroom to the mailroom, establishing those processes and implementing the enabling data technologies needs to be prioritized.

A key challenge organizations struggle with in strengthening their governance practices is simply acknowledging that the governance process doesn’t yet exist. This is an important first step and can be assessed by asking several key questions. Is there an IG committee with a charter or mandate? Do the words “stewardship” or “ownership” appear in the oversight obligations with clear definitions as to what those words mean and what the expectations for data stewards and owners are? Does the client have a data inventory?

Importantly, when referring to data inventory, it isn’t a configuration management database that knows where the databases are. Rather, it’s table-by-table, element-by-element characterizations of what data the organization owns. That catalog must be classified, categorized, contextualized and where possible, correlated (i.e., aligned to its use and purpose) so the governance committee knows what it is working on.

Data stewardship is also a critical blind spot for many organizations and there are some key fundamentals to help organizations get started with establishing stewardship. For simplicity, data owners and stewards can be viewed as interchangeable notions (at least at the outset of this exercise).

At most organizations, various business functions own their respective data, however when asked, the business teams will say IT owns the data. There is a critical distinction that needs to be made. The data owners (again, usually the business) need support from IT without a doubt. The stewards need to know and have a clear understanding of what data they have. Owners may have an idea, but IT needs to help by providing the catalog.

The commitment from the data stewards is needed to review the catalog provided by IT. They should be answering questions such as: Do we need that data? Why are we collecting it? Does it have any value beyond some period of time? When does the data become “ROT” (redundant, obsolete or trivial)?

Input from the compliance organization is also required to help establish retention periods. Getting that engagement from the business is the first, best step to starting effective data stewardship.

AI is of course another dimension that will impact governance and data privacy compliance. It can be a double-edged sword. Cut one way, it has the power to reduce effort and quickly increase the value of the data clients already own, or to reduce workload for many activities that can be routinized. Cut the other way, AI can generate inferences about persons by associating data in ways that may produce portrayals of an individual’s activity patterns that could be overly accurate (thus undermining privacy) or blatantly inaccurate.

These may include patterns and behaviors that even the individual may not be aware of. If used in unexpected ways by an organization, and natural persons are made aware intentionally or by accident of some accurate, AI generated inference, that will very likely affect privacy and other risk areas.

While these issues are often daunting for many organizations, they must remember that no greatness is achieved overnight. Putting in the work, in a pragmatic and intentional manner, toward defined objectives, is how success will be realized. Process, and the use of different technologies to support the pursuits, backed by commitment to excellence will drive impact in governance and deriving value from company data.

Related Insights

Related Information

Published

March 30, 2026

temp Key Contacts

Scott Margolis

Managing Director

Most Popular Insights

  1. Beyond Cost Metrics: Recognizing the True Value of Nuclear Energy
  2. Finally, Pundits Are Talking About Rising Consumer Loan Delinquencies
  3. A New Era of Medicaid Reform
  4. Turning Vision and Strategy Into Action: The Role of Operating Model Design
  5. The Hidden Risk for Data Centers That No One is Talking About

Sign up to get access to FTI Consulting Insights

Subscribe