Data Governance at Guide Dogs

Presented by: Jane Huntington - Data Manager

Maria Novell - Head of Individual Giving

Introducing…

Data Governance

Why..

How..

Who..

Where are we..

Where next..

2

3

Data Governance Definition

4

Why?

Data Governance

5

. Fast growing and multiple fundraising, campaigning and marketing

programmes;

Service user information, HR systems, finance systems, fundraising CRM and

operations systems;

Multiple office locations;

How does Guide Dogs ensure its data is being dealt with in a compliant and comprehensive way across the organisation?

Data Governance will set policy that the organisation will follow as it

establishes architectures, implements best practices, and addresses

requirements.

Governance can be considered the overall process of making this work.

we need to do more than manage data;

we need a governance system that sets the rules of engagement for

management activities

6

New CEO

Guide Dogs Change Programme

7

8

New CIO

IT Strategy

9

Results from Data Discovery Exercise

10

Some issues:

Over 30 data collection points maintained in 3 or

more Guide Dogs central systems

People Data managed separately in at least 6

systems – Individuals on more than one system

not recognised as such

Overall quality of Guide Dogs data unknown

Security needed tightening in some systems

Other areas to consider…

Policies and procedures

Compliance

Culture of awareness

Information and principles

11

12

How?

Data Governance Board

May 2011

First Data Governance Board meeting held

13

14

Terms of Reference

The Governance Board will:

Identify and Allocate or Resolve Issues

Agree High Level Definitions, for, eventually, all data elements

Agree Criteria for Acceptable Data Quality

Review Results of Data Quality Monitoring

Manage Stakeholder Care and Communications

Agree Data Security Requirements i.e. the roles that should have access rights to

data, becoming the ultimate ‘sign off’ for access requests (delegated for Business as

Usual)

Ensure and Monitor Compliance with Legislation - Confirm the data sensitive to

legislation (e.g. Data Protection Act, Records Retention or Payment Card Industry

Data Security Standards) and agree how it is managed

DGB Meetings

Agenda

Working groups

Presentations, feedback and sign off

Data related activities (to do list!)

15

Issue

Nbr Issue Description Impact

Recommended Resolution

Action(s) Decision Made /

Required

Priority

(H,M,L) Complex

(H,M,L) Target

Date Owner Status

1 General

1.2 Spreadsheets

Pockets of spreadsheets exist (e.g.

breeding centre) because:

- Data is not trusted

- Required functionality apparently does

not exist

- End user doesn’t trust security

Uncontrolled data held outside

of systems has potential

security, DPA and records

retention exposure. Accuracy

is also suspect

Check if there are real requirements,

if so investigate reasons for not

adding to core systems. If the

functionality is not available plan the

provision by including requirements in

enhancements or new systems, if not

use training and or persuasion! Clean

and add data to the appropriate

data store

We will actively

'hunt down'

occurences in

Finance,

Operations,

Fundraising, HR and

External Comms

H M JC Ongoing

2 Data Quality

2.1 Audit

No data quality audit however, in GDI

data changes applied are audited as a

result of triggers on most tables, Fetch has

date and who changed (and sometimes

created) on all tables, some have history

to show what it was changed from. There

is no apparent sanction over poor data

entry.

Guide Dogs cannot rely on the

accuracy of data as there is no

reliable way of measuring it.

Define Quality measures and

introduce data audits to measure

quality and introduce a link to

individuals appraisal. Include as an

objective in new job specs

Investigate current,

identify gaps, cross

functional

requirements and

measures for

reporting

H M JC In progress

4 Data

Protection

4.7 Subject Access

Request

Subject Access Requests are still being

held on a spreadsheet (accessed by NG

and JF).

There was an initial request to get this

information stored on Ascent, however

because of the effort and the number of

requests that are submitted in a year

(around 10-20), a recommendation was

made for users to continue to use the

spreadsheet.

Lack of security, backup

routines etc make this data

vulnerable

Investigate the best place for this

data and migrate it L M NG

Outstandin

g

4.9 DPA Breaches

Reporting How should we classify and report on DPA

breaches Regulatory exposure

Review current criteria, enhance as

necessary and update reports M M NG

Outstandin

g

4.10 Emailed

Personal Data

Personal Details are emailed to and from

Finance

- Payroll summary from HR to Finance for

sign off

- Supplier (Employee Expenses) Bank

Details confimed back to supplier

- Bank Details Changes sent from HR to

Finance to update SAGE

Regulatory and reputational

exposure Replace each type of mail with a

more secure option Allocate and

prioritise M L

5 Records

Retention

16

17

Who?

Data Governance Board

Chief Information Officer

Data Protection Officer

Head of Legal

Safeguarding Manager

Business users – all areas; Finance, HR,

Fundraising, Marketing, Operations

Information Systems

Database Managers

18

Where we are now…

Data Governance Boad

19

20

Compliance Subject

Access

Requests DPA

Training

Record

Retention

Management

PCI

Compliance

Data

Breach

Procedure

Data

Audit

Volunteering

Complete On-going Outstanding

21

Where next?

Data Governance Board

22

Introduction of Data day

Planning to run the ICO Think! Privacy campaign

Suppressions Management

Debating the day to day management of each

of the data governance elements

New streamlined board structure

23

Where do you start?

Data Governance Board

Dama – UK Chapter http://www.damauk.org/

Audit your existing processes

Be clear about what and why

Identify your risks and challenges

Prioritise

24

Thank you…

25