Manage data collection processes

A strategic approach

How data governance can help you manage data collection processes

If you’re looking for a solution to managing data collection, you’d be forgiven for assuming technology is the answer. Especially when you look at the role of AI, the Internet of Things, and the digitisation in streamlining data collection in recent years.

However, even the most advanced technology won’t guard against data overcollection and poor data quality.

You need the correct infrastructure, systems, people and processes in place to avoid overcollection and the associated risks. 

That’s where data governance comes in. 

Data governance is a collection of policies, frameworks, procedures, people and culture that collectively ensure the effective, efficient and reliable use of data to support your organisation in achieving its objectives and vision. 

The goal is to ensure that all data across the organisation is high quality and collected and processed according to relevant rules and guidelines. 

Here’s how data governance can help you manage data collection processes:

Start by asking why

A critical part of data governance is to ensure that only necessary and relevant data is collected in the first place.

Many organisations collect data just because they can. Every day, individuals around an organisation – from operational and field staff, to HR and finance to marketing and sales – identify different data they want to collect for various reasons. The data may be purchased, collected directly from consumers, or collected through automated tools. However, it isn’t always purposeful or necessary, or required for the long term, which can quickly lead to saturation.

To be purposeful, you should always ask why you need the data and how it will contribute to the organisation’s goals and vision – and that’s what data governance helps you do.

Take stock of your data

Building out your data governance requires you to have a complete view of the data. This means you need to identify what data exists in the organisation, where it lives, who owns it, who has access rights to it, and other key components. Sometimes this information doesn’t exist so you may need to find out.

With a clear view of your data, you can “know what you know”. You will get a picture of what data is most crucial for your business, and see where there may be unnecessary data or whether redundant data is being hoarded. This will help guide your data collection needs and processes.

Ensure the right people are managing the data

While infrastructure and systems are essential, people are at the heart of data governance. Therefore, you must appoint people in specific roles. For example, data owners and stewards will be responsible for the data and implementing the governance framework, policies, procedures and standards with support from your data governance experts.

With the right data governance team, you can ensure that data isn’t being collected unnecessarily, avoid duplicates of data collection across functions, and ensure adherence to privacy laws.

The transformation the City of Greater Geelong implemented is a good example of how to define data governance roles and responsibilities for your people.

Lay down the rules

A crucial part of data governance is the creation of rules defining how the data should be collected, managed, stored, and handled. The goal of these rules is to ensure you have the right data management lifecycle approach in place.

For example, your data governance rules will include standards around the minimum data quality requirements for collection and how to comply with privacy laws by ensuring teams only collect personal information necessary for their functions and activities.

Standardise

Standardising your data will maximise its usability across the organisation, which helps prevent duplicate data collection and redundant data. It means ensuring consistency of definitions and naming conventions so that teams have a shared understanding of the data.

Your data governance team should standardise common data definitions, such as “customer” vs “client”. Then, ensure the definitions are shared with, understood and followed by the whole organisation.

Avoiding a data breach

The risk of data collection without data governance

The business case for data governance is undeniably strong, and we don’t need to look far to find an example of what happens when an organisation does not have good data governance in place. 

In September 2022, the largest-ever data breach in Australia hit nearly 10 million current and former customers of the country’s second-biggest telco, including 1.2 million customers with at least one number from a current and valid form of identification information. 

The data breach is about more than how Optus managed their customers’ data – the question lies around how they collected customer data and why, and whether they took reasonable steps to comply with the Australian Privacy Principles. 

Two principles are fundamental with regard to the Optus data breach:

• APP 3 requires organisations to only collect personal information that is reasonably necessary for their work. 
• APP 11 requires that organisations destroy or de-identify personal information once it is no longer needed for the purpose it was collected.

But it gets more complicated. 

Some commentary has attempted to shift blame for the data breach onto the government, calling out the “burdensome” regulations that require telcos to collect and store personal information, such as identity documents. One might argue that regulations have not kept up with the technology, meaning organisations hoard masses of personal data rather than accessing it on demand via an API. 

This results in “mass data hoarding”, which the now head of the Australian Security Intelligence Organisation, Mike Burgess, had previously warned would create a prime target for hackers. 

Mass data hoarding is like an extreme version of data overcollection. It’s where an organisation is holding onto masses of personal data (including ID documents) that they no longer need – a veritable honeypot for cybercriminals. 

Start with data governance

The lesson for organisations is clear

As you seek to collect and hold more personal information, you must implement systems and processes to meet your obligations to the Australian Privacy Act. A better approach is to use data governance to ensure you only collect data that is reasonably necessary for your business.

However, with the business demanding more and more data, how do you balance the need for both data collection and data privacy? Our next article will explain how good data governance can help you find the right balance.