Data Governance

Implementing proper data governance, through guidelines, standards and access processes provides for smooth, equitable data usage while managing risk.

C.L.E.A.N. D.A.T.A

The CLEAN acronym covers key principles like compliance, ethics, security and access controls.


A comprehensive data strategy must ensure full compliance with all applicable laws and regulations around data privacy, security, and industry-specific rules. Cross-functional collaboration is key to understanding obligations.

Legal and Ethical Collection and Use

Data collection and usage policies should uphold ethical principles of consent, transparency, and avoiding harm. Legal vetting will align policies to laws. Ethical reviews will align them with organizational values.

Encrypted and Secured

Robust technical controls like encryption, access restrictions, multi-factor authentication, and data loss prevention should safeguard systems and data, both at rest and in transit. Align to standards like NIST.

Access Controlled

Granular access controls will restrict data access to authorized users only and implement segregation of duties. Integrate access controls with ID management and authentication systems.

Necessary Data Collected

Collect the minimum data elements required for specific, documented purposes only. Data minimization reduces security risks and compliance obligations around retained data.

The DATA portion focuses specifically on good data policies and best practices.

Defined Ownership and Responsibilities

Clearly define data ownership assignments and accountability for control environments, policy governance, product delivery, analytics, and subject request fulfillment across domains.

Accurate and Quality Controlled

Establish data validity measures and automated controls or processes for quality assurance, error identification, anomaly detection, issues logging, and correction procedures to uphold information integrity.

Transparent Processes

Implement transparent data collection disclosure, accessible and readable privacy policy and notices, Data Protection Impact Assessments around new data uses, and avenues for privacy inquiries and subject rights requests.

Accountable Data Governance

Data governance frameworks with executive sponsorship and cross-functional bodies will provide training, assess controls, enforce policies, log and remedy issues, and implement improvements to instill accountability around data oversight.