Chapter 7. Governance and Compliance

Almost every day we read of data breaches, the egregious misuse of customer information, or some new hacking scandal. In this treacherous environment, any company using data extensively must grapple with ever more regulation and acute consumer pressure. As a result, the security and privacy of their data is top of mind for both anxious executives and hard-pressed IT teams.

Data governance as a practice has grown over the years from relatively simple policies for security and privacy to a broad, enterprise-wide initiative covering not only access to data, but the uses of data in analytics and machine learning and even the purposes of data for marketing, sales, research, and so on.

In Chapter 6 we considered some of the particular security questions that embedded analytics raise. These questions are potent because we are combining two particular kinds of data: operational data in the host application and analytic data that has been integrated, cleansed, and often denormalized to enable efficient analysis. Just as analytics can be a valuable source of insight for business, it can also be a gold mine for less welcome use cases if it’s not rigorously protected.

In this chapter we’ll look beyond the security issues to include the demands of privacy, governance, and compliance. Let’s start with some definitions.