noun_Email_707352 noun_917542_cc Map point Play Untitled Retweet Group 3 Fill 1

Investing in your data to improve control and to extract value

Data management controls are mechanisms put in place to ensure the security, integrity, and proper handling of data throughout its lifecycle.

Jonathan Huw Howells / July 09, 2024

To ensure you extract the value form your data, controls are needed.

To understand where your data is needed, processed and stored, requires a coordinated structure. Different frameworks such as DCAM, CDMC and DAMA can help you understand the state of your data portfolio and the structures that you need to manage it.

Data management controls are mechanisms put in place to ensure the security, integrity, and proper handling of data throughout its lifecycle. These controls help organizations protect their data assets, comply with regulations, and minimize risks associated with data breaches, unauthorized access, and data loss.

Data management controls

These data management controls collectively help protect data, minimize risks, and ensure that data is properly managed and used in accordance with organizational policies and legal requirements. As we adopt more data driven approaches, our organisations data literacy needs to grow, to understand the value and controls necessary to trust the data.

The model above maps out the data management controls and are examples of the traditional controls. To explain further:

  1. Access Control determine who has permission to access and modify data.

  2. Data Classification is the process of categorizing data based on its sensitivity, value, and regulatory requirements.

  3. Data Encryption transforms data into an unreadable format using encryption algorithms. It protects sensitive data from unauthorized access and ensures data confidentiality.

  4. Data Backup and Recovery. Regular backups are essential to protect against accidental data loss, hardware failures, or security incidents.

  5. Data Retention Policies. Define how long data should be kept based on legal requirements, business needs, and compliance regulations such as GDPR. These policies ensure that data is retained for the appropriate duration and securely disposed of when no longer needed.

  6. Data Masking and Anonymization replaces sensitive data with fictional or anonymized values while preserving data format and structure. This technique is used to protect confidential or personally identifiable information (PII) during testing, development, or sharing of data.

  7. Audit Trails and Logging record and monitor data access and changes. They provide a record of activities to detect unauthorized or suspicious activities, investigate security incidents, and maintain data integrity.

  8. Data Privacy and Consent ensures compliance with relevant privacy regulations such as GDPR. This includes obtaining user consent for data collection and processing, providing transparent privacy policies, and implementing mechanisms for data subject rights.

Emerging controls for Data Assets

Data Centricity has seen the rise of new areas that require investment in new controls. Focusing on how we should use and enable trust of data by understanding the data lifecycle together with what has influenced it. To promote transparency, accountability, together with understanding of bias that can influence the data.

  1. Data Ethics. With the increasing use of automation with algorithms and AI, it is important to understand how we should use our data. Establish a set of ethical guidelines to enable the organisation to deliver morally sound solutions such as conduct or right values.

  2. Data Lineage. With the increasing adoption of cloud platforms, data lineage is coming more into focus as data is fluid in its movements across borders. Data lineage refers to the complete historical record of a data item from its origin to its current location or usage. It provides a detailed overview of the dataset's journey, including its source, processing, transformations, and any updates or modifications it has undergone over time.

  3. Data Provenance is closely related to data lineage but focuses more on what has influenced the data and the metadata associated with the dataset. Provenance helps establish data trustworthiness and enables data consumers to verify its authenticity and reliability.

Both data lineage and provenance are essential for data governance, compliance, and audit purposes. They provide insights into how data has been created, modified, and used within an organization, which is crucial for ensuring data quality, understanding data dependencies, and meeting regulatory requirements. Implementing data lineage and provenance tracking systems can help organizations enhance data transparency, establish data accountability, and improve overall data management and governance processes.


Data Metrics and Artificial Intelligence 

With the current focus on adopting artificial intelligence technologies (AI) data controls are becoming increasingly important. Building on the traditional controls for data we need to understand more about the content and processing of the data as data driven and AI initiatives expand in our organizations you should consider looking at the following aspects:

  • Data Privacy: AI systems often require access to large amounts of data to train and make accurate predictions. Data controls should be implemented to protect sensitive data and ensure compliance.

  • Data Quality: AI systems heavily rely on high-quality and reliable data for accurate predictions and decision-making. Data controls should be in place to ensure data integrity, consistency, and accuracy. This includes measures such as data validation, data cleansing, and data monitoring to identify and rectify any data errors or anomalies.

  • Bias and Fairness: AI models can inherit biases from the training data, leading to unfair or discriminatory outcomes. Data controls should be implemented to identify, measure, and mitigate bias in the data used for training AI models. This includes diversifying the training data, using fairness metrics, and implementing bias detection and mitigation techniques.

  • Model Governance: Data controls should extend to the AI models themselves. Organizations should establish processes to manage the lifecycle of AI models, including version control, audit trails, and access controls. This helps ensure that models remain accurate, compliant, and aligned with organizational objectives.

  • Transparency and Explainability: AI models often operate as "black boxes," making it crucial to have data controls to ensure transparency and explainability. Data controls should facilitate the tracking of inputs, outputs, and decisions made by the AI model. This helps in understanding model behaviour, detecting biases, and explaining the reasoning behind predictions or decisions.

By implementing appropriate data controls, organizations can ensure the responsible and ethical use of AI while protecting data privacy, quality, and fairness. Regular monitoring and evaluation of data controls are also important to adapt to changing regulatory landscapes or emerging risks.

Jonathan Huw Howells
Enterprise Architect Director, Tietoevry Create

Jonathan has extensive experience in the private and public sector, working across Europe, with over 25 years of strategic and operational industry experience across a variety of industries. As a Consulting Director at Tietoevry Create and a member of the Chief Architect Forum, Jonathan looks at ways to improve business outcomes by navigating digital and data ecosystems for the benefit of the projects and organisations he works with.


Jonathan Huw Howells

Enterprise Architect Director, Tietoevry Create

Share on Facebook Tweet Share on LinkedIn