Upload
natalie-blackburn
View
1.127
Download
1
Tags:
Embed Size (px)
Citation preview
Data Governance at Guide Dogs
Presented by: Jane Huntington - Data Manager
Maria Novell - Head of Individual Giving
Introducing…
Data Governance
Why..
How..
Who..
Where are we..
Where next..
2
3
Data Governance Definition
4
Why?
Data Governance
5
. Fast growing and multiple fundraising, campaigning and marketing
programmes;
Service user information, HR systems, finance systems, fundraising CRM and
operations systems;
Multiple office locations;
How does Guide Dogs ensure its data is being dealt with in a compliant and comprehensive way across the organisation?
Data Governance will set policy that the organisation will follow as it
establishes architectures, implements best practices, and addresses
requirements.
Governance can be considered the overall process of making this work.
we need to do more than manage data;
we need a governance system that sets the rules of engagement for
management activities
6
New CEO
Guide Dogs Change Programme
7
8
New CIO
IT Strategy
9
Results from Data Discovery Exercise
10
Some issues:
Over 30 data collection points maintained in 3 or
more Guide Dogs central systems
People Data managed separately in at least 6
systems – Individuals on more than one system
not recognised as such
Overall quality of Guide Dogs data unknown
Security needed tightening in some systems
Other areas to consider…
Policies and procedures
Compliance
Culture of awareness
Information and principles
11
12
How?
Data Governance Board
May 2011
First Data Governance Board meeting held
13
14
Terms of Reference
The Governance Board will:
Identify and Allocate or Resolve Issues
Agree High Level Definitions, for, eventually, all data elements
Agree Criteria for Acceptable Data Quality
Review Results of Data Quality Monitoring
Manage Stakeholder Care and Communications
Agree Data Security Requirements i.e. the roles that should have access rights to
data, becoming the ultimate ‘sign off’ for access requests (delegated for Business as
Usual)
Ensure and Monitor Compliance with Legislation - Confirm the data sensitive to
legislation (e.g. Data Protection Act, Records Retention or Payment Card Industry
Data Security Standards) and agree how it is managed
DGB Meetings
Agenda
Working groups
Presentations, feedback and sign off
Data related activities (to do list!)
15
Issue
Nbr Issue Description Impact
Recommended Resolution
Action(s) Decision Made /
Required
Priority
(H,M,L) Complex
(H,M,L) Target
Date Owner Status
1 General
1.2 Spreadsheets
Pockets of spreadsheets exist (e.g.
breeding centre) because:
- Data is not trusted
- Required functionality apparently does
not exist
- End user doesn’t trust security
Uncontrolled data held outside
of systems has potential
security, DPA and records
retention exposure. Accuracy
is also suspect
Check if there are real requirements,
if so investigate reasons for not
adding to core systems. If the
functionality is not available plan the
provision by including requirements in
enhancements or new systems, if not
use training and or persuasion! Clean
and add data to the appropriate
data store
We will actively
'hunt down'
occurences in
Finance,
Operations,
Fundraising, HR and
External Comms
H M JC Ongoing
2 Data Quality
2.1 Audit
No data quality audit however, in GDI
data changes applied are audited as a
result of triggers on most tables, Fetch has
date and who changed (and sometimes
created) on all tables, some have history
to show what it was changed from. There
is no apparent sanction over poor data
entry.
Guide Dogs cannot rely on the
accuracy of data as there is no
reliable way of measuring it.
Define Quality measures and
introduce data audits to measure
quality and introduce a link to
individuals appraisal. Include as an
objective in new job specs
Investigate current,
identify gaps, cross
functional
requirements and
measures for
reporting
H M JC In progress
4 Data
Protection
4.7 Subject Access
Request
Subject Access Requests are still being
held on a spreadsheet (accessed by NG
and JF).
There was an initial request to get this
information stored on Ascent, however
because of the effort and the number of
requests that are submitted in a year
(around 10-20), a recommendation was
made for users to continue to use the
spreadsheet.
Lack of security, backup
routines etc make this data
vulnerable
Investigate the best place for this
data and migrate it L M NG
Outstandin
g
4.9 DPA Breaches
Reporting How should we classify and report on DPA
breaches Regulatory exposure
Review current criteria, enhance as
necessary and update reports M M NG
Outstandin
g
4.10 Emailed
Personal Data
Personal Details are emailed to and from
Finance
- Payroll summary from HR to Finance for
sign off
- Supplier (Employee Expenses) Bank
Details confimed back to supplier
- Bank Details Changes sent from HR to
Finance to update SAGE
Regulatory and reputational
exposure Replace each type of mail with a
more secure option Allocate and
prioritise M L
5 Records
Retention
16
17
Who?
Data Governance Board
Chief Information Officer
Data Protection Officer
Head of Legal
Safeguarding Manager
Business users – all areas; Finance, HR,
Fundraising, Marketing, Operations
Information Systems
Database Managers
18
Where we are now…
Data Governance Boad
19
20
Compliance Subject
Access
Requests DPA
Training
Record
Retention
Management
PCI
Compliance
Data
Breach
Procedure
Data
Audit
Volunteering
Complete On-going Outstanding
21
Where next?
Data Governance Board
22
Introduction of Data day
Planning to run the ICO Think! Privacy campaign
Suppressions Management
Debating the day to day management of each
of the data governance elements
New streamlined board structure
23
Where do you start?
Data Governance Board
Dama – UK Chapter http://www.damauk.org/
Audit your existing processes
Be clear about what and why
Identify your risks and challenges
Prioritise
24
Thank you…
25