 Hello and welcome. My name is Shannon Kemp and I'm the Chief Digital Manager of DataVersity. We are proud to produce the webinar series of data governance case studies for the Data Governors Professionals Organization. We'd like to thank you for joining today's DGPL webinar, governing government data, what makes it different. Just a couple of points to get us started. Due to the large number of people that attend these sessions, you will be muted during the webinar. For questions, we will be collecting them by the Q&A section in the bottom right-hand corner of your screen. Or if you'd like to tweet, we encourage you to share highlights or questions via Twitter using hashtag DGPO. Then let me turn the webinar over to Ann from the Data Governors Professionals Organization to introduce today's webinar. Ann Speaker. Ann, hello and welcome. Hey, Shannon, and thank you. So before we get started as a reminder, the recording for the webinar today will be posted in the DGPO members-only section of the DGPO website in the next few days. So, and again, before we get started, I also want to take a time to provide you a brief overview of the Data Governors Professionals Organization affectionately referred to as the DGPO. The DGPO is a community of Data Governors Professionals, and our mission is to share the knowledge, content, and best practices of our members to build a community of practice. Towards that goal, a group of individuals have been working on expanding our best practice information for the six areas that you see in this bottom left-hand graphic. So, stewardship, fundamentals, organization, process metrics, and communication. To learn more about the DGPO, please visit our website at dgpo.org. So now, to honor the companies that have advanced their Data Governance programs, the DGPO awarded their first Data Governance Best Practice Award winners this year. The award is given to practitioners within a customer organization in recognition of the business value and technical excellence that they have achieved in the design and implementation of an outstanding Data Governance program. We had 18 submissions this year, and these companies are now being featured in our DGPO webinars throughout the rest of this year. I am thrilled to have the privilege and honor of introducing today's speaker, Christy Lottie Johnson, from Hennepin County. Having had the honor of serving as a judge for this Best Practice Award, I can tell you that the Hennepin County program is absolutely stellar, and I can assure you that you are going to get a lot out of today's session. Christy Lottie Johnson, who out of Hennepin County is Hennepin County Responsible Authority, was appointed as the first Hennepin County Data Governance Officer by the County Board in May of 2014. She leverages her 20-plus year career at Hennepin County, the largest county in Minnesota, in the county attorney's office, human services administration, and the Human Services and Public Health Department, building upon relationships with county leaders and securing ongoing support for a data governance program for all levels of the organization. In just three years' time, she has led a team of six staff to develop and implement an organizational-wide data governance infrastructure. By establishing a philosophy of relaxed awareness, the team has built a culture in which staff view data as an asset while still recognizing the risks that are often associated with data. That philosophy, along with the ingenious creativity, has resulted in awareness and the ownership of data practices' responsibilities at all levels, producing tangible outcomes county-wide in the areas of data practices, records management, and disposal and training and communication. Ms. Lottie Johnson is a certified compliance at ethics professional and holds a master's degree in public affairs and an undergraduate degree in criminal justice. Without any further ado, I mean, it is my privilege to turn this webinar over to Christy and have her share her experience and journey. Thank you, Ann. Hello, everyone, and welcome. Can you guys all see the screen? No, hi. Christy, I was just going to mention we are not seeing you sharing it. Okay. We're working on it. This is technical difficulties because this is our first time ever doing this. Okay. There we go. Okay. You can see it. Excellent. Hello, everyone, and welcome. I'm Christy Lottie Johnson, data governance officer and responsible authority for Hennepin County, Minnesota. Thanks again for attending this webinar, governing government data, what makes the difference. Today I will be sharing how Hennepin County data governance team navigates the unique challenges local governments face in respect to protecting data privacy, ensuring compliance with federal and state regulations, and building a culture in which staff know how to manage data responsibly. To provide you with some context, Hennepin County is located in Minnesota with 1.2 million people, and it has the largest population in the state and the 35th largest in the nation. Hennepin County is great for sports and recreation. In a land of 10,000 lakes, Hennepin County does not disappoint with more than 30 lakes, over 100 miles of bike trails, and a park system ranked number one in the nation. In addition, cities in Hennepin County have recently hosted the U.S. Skulls Open, the NBA All-Star Games, and the X Games. And in 2018, the Super Bowl is just around the corner. Hennepin County is very diverse. There are 45 cities in Hennepin County, ranging from rural communities to an urban core. Minneapolis is the largest city, and it's home to the largest Somali population in the U.S. The Minneapolis Public Schools is the largest school district with over 32,000 students, and 32% of these students speak a language other than English in their homes. In fact, Minneapolis Public Schools indicates that there are over 90 different languages spoken in the schools. And while Hennepin County hosts five of the 10 most wealthy communities in the state, 80% of the kids who attend the Brooklyn Center School District, which is a first-ring suburb to Minneapolis, are eligible for free or reduced lunches. Here are the topics for today's webinar. First of all, I'll describe how data governance in the public sector is different. Then I'll go a little deeper and cover policies that are critical to the leading successful data governance program in the public sector. Third, I'll discuss some approaches for implementing a data governance program in a large and complex agency. And last, I'll discuss overcoming change management challenges while working to get staff on board with new and evolving data governance requirements. My goal today is that this discussion will be of interest and use not only to those of you out there who are in the public sector, but to those in the private sector as well. Let's get started. In the private sector, data in Hattopin County is an asset, and it is critically important for us to provide services to clients and residents in the county. However, one of the fundamental aspects for governing data that is different for us than in the private sector is the fact that the data we collect and the records we create are governed not only by federal and industry regulations, but by Minnesota statutes as well. There are three primary statutes. Chapter 13, which is the Minnesota Government Data Practices Act, the Official Records Act, which is in Chapter 15, and the Records Management Act, which is in Chapter 17. I'm going to talk with you first about the Official Records Act and the Records Management Act. These two acts outline the government's requirements to make and preserve records and documents and document official activities and provide direction on the disposition of records. All government entities are required to have official retention schedules in place that outline the disposition of their records. These retention schedules define what records need to be maintained permanently, like records related to heinous crimes must be kept forever, and the length of time that other records shall be maintained by the government entity. In some cases, there are statutory requirements for destroying documents within a certain timeframe. For example, adult protection intake files must be destroyed three years after closure. In other cases, the requirements are around the length of time a document may be maintained, so financial records may be destroyed seven years after closure. The Official Records Act and Records Management Act provide direction for just a subset of the data handled by Hennepin County. The Data Practices Act, or Chapter 13, addresses the remainder of the data. Chapter 13 defines government data as all data collected, created, received, maintained, or disseminated by any government entity regardless of physical form, storage media, or conditions of use. So if someone would make a Data Practices Request for all data related to a contracted provider, it means that we would have to review, retrieve, and produce all data related to that provider. In addition to the Official Record, we would also need to check with individuals on whether or not there are personal worker notes taken during a meeting or something like that. So when we talk with staff and train staff, we try to help them understand that it is not just the record that is subject to the Minnesota Data Practices Act, but it is all data that the county has. So many of you are probably familiar with the data classification method for applying a security framework for data. It considers the level of confidentiality, the availability, and the integrity of the data. However, for us, classification of the data starts with the Minnesota Data Practices Act. All government data is classified under one of the six data classifications you can see on the screen. There's data not on individuals, which can be classified as public, non-public, and protected non-public, and then there's data on individuals that can be classified as public, private, or confidential. In Minnesota, all government data are presumed public, except for when it's not. This is stated in the first section of the Data Practices Act. Then it goes on for another 160 pages of the Data Practices Act to identify exceptions to that rule. A couple of years ago, the Minnesota legislature also clarified in a statute that anyone under contract with a government entity is subject to the Data Practices Act for data it collects, creates, receives, maintains, or disseminates as part of that contractual relationship with the government entity. The Data Practices Act also requires that government entities inform an individual asked to supply private data or confidential data of the purpose or intended use of that data. Should we then decide that we would like to use the data for a different purpose, we would need to get that individual's consent to do so. Minnesota Data Practices Act guides much of our work. What sets us apart from the private sector is that we are constantly balancing the public's right to know about what their government is doing, being good stewards of the data, and being in compliance with federal and state laws, especially as it relates to protecting data on individuals that is classified as non-public. Being in a private sector... being in a public sector environment also means sharing data appropriately across jurisdictions. So now I'm going to talk a little bit more about the data governance policies in Hennepin County. State and federal laws drive the adoption of many of our policies and the work that we do. So we have some policies that are required to have under statute. The first is that we are required to have a policy about creating a data inventory on all private and confidential data that we collect on individuals and what our authority is to collect that data. Second, we must have a policy available around access to public data and a policy for data subjects to be able to access data about themselves. Second, we must have compliance in the policy for a data subject to access data about him or herself is that we provide the data within 10 business days. Both of these... access to public data policy and the data subject access policy must be made available to anyone who requests them free of charge. In addition, we have a policy that's called a Safe at Home policy. It's an address protection program that is run by the Minnesota Secretary of State's office. It's available to protect an individual who's the subject of maybe some domestic violence or threatening behavior or stalking or something like that. The intent is to disconnect their address from their name so that they can't be found disease-ally. Across the state, we are required to accept a PO box number for an address as opposed to having people put their address in, but that's for anything. For example, the driver's license would have a PO box number as opposed to a person's address, as well as utility bills, cable bills, bank statements, everything like that. We're allowed to have a PO box number instead of an address. What it does as it relates to the Data Practices Act, though, is it actually allows people to say, that isn't enough protection for me. I need you to also make data that's normally considered public about me, private. So in situations where a marriage license or maybe a birth certificate has somebody's name on it that would normally be considered public data, if the person is in the Safe at Home program and requests that we have to find a way to make that data private, which can be a little bit of a challenge because the systems are set up for the data to actually be considered public all along. We also have data breach response policy, and we have a policy as it relates to the Minnesota Data Practices Act, but then we also have to consider other data breach policies, such as HIPAA, or policies around criminal justice information system breaches, or breaches with PCI data, or something like that. So we have to balance a number of different policies as it relates to data breaches. And then we also have a records retention policy that says that we must have records retention schedules for all of the data that we collect. For the records retention policy, one of the challenges is thinking about the difference between data and records. For example, we can have many different types of data elements that are moved into a data warehouse, and those data elements come from a record. As individual data elements are pulled from different client records with different retention periods, we need to consider that we are faced with a situation in which we are maintaining data on an individual in a data warehouse longer than we're maintaining that individual's case record. And so again, it goes back to striking that balance between the individual's privacy rights and the government's need to use the data to do their work. We also have some policies that are set by leadership that help drive the way the county works with data. Open Data Board Resolution by the county directs the county to more freely and openly share GIS data. We have a number of GIS data sets that are now available on the county GIS page that people use to do crowdsourcing type things and everything like that. In addition, data-driven decision-making requires departments to view data as an asset and freely share data and information about clients and residents consistent with legal requirements. And when sharing that information will lead to better outcomes. In the past, when these decisions and discussions have occurred, it's often been focused more on the provision of services to individual clients. We are now pushing departments to use data to identify trends and transform service delivery models, as well as propose changes when existing laws and requirements challenge our ability to use data to drive toward better outcomes. Open County is a large and complex agency. It has 30 departments and over 8,000 staff. It serves 1.2 million residents, as well as others who commute to work in one of our 45 cities located in the county. The services provided by Hennepin County are multifaceted, ranging across five lines of business, health, human services, public works, public safety, and operations. This means that data is collected on roads and bridges, law enforcement, corrections, energy and environment, licensing, properties, social services, protective services, and libraries, just to name a few. These factors create distinct challenges to implementing a data governance program. When I started my role as data governance officer three years ago, I was a team of one. I have been very fortunate that leaders in the organization recognize the important work being done and have supported the work by providing me with additional resources. I now have an amazing team. But there are still only six of us in an organization of 8,000. We can't do this alone. We need people throughout the organization to understand the value of data that they are collecting and using and be good stewards of that data. The first step was to get buy-in at the executive and management levels of the organization. Shortly after I was hired, the county board signed a resolution appointing me the data governance officer and responsible authority for the county. From there, one of the most effective ways to garner support for data governance was to develop a data governance framework for the county. We looked at a lot of different data governance frameworks and identified those elements that would work best for Hennepin County. The result was the Hennepin County data governance framework. The data governance framework was approved by the county executive team in October of 2014. It is both a top-down and bottom-up approach. Knowing that we need the supportive leadership throughout the organization to keep data governance a priority while recognizing that everyone in the organization has a role in collecting, creating, and handling the data. The data governance strategic council has been a guiding force for moving forward in the data governance realm. We have strategic thinkers from the five county lines of business represented on the strategic council, as well as the responsible authority representatives from our elected officials in the county. The role of the council is to set county-level policies, to promote data governance across the organization, and to think strategically about how the county manages data. When we first formed the strategic council, we said we want you to come and bring the perspective of your line of business, but when you make decisions, you have to help make decisions for the organization as a whole. We adopted the concept of the data steward. We formalized and dispersed responsibilities throughout the organization to engage staff in the roles of business data stewards, those individuals identified in each department that know their data and have the authority to make decisions about their data, and operational data stewards, those employees who handle government data on a day-to-day basis. We also know that we cannot do it alone. In addition to the data governance team providing support to all levels of the organization, we rely on subject matter experts in our county attorney's office as well as staff in our information technology department, such as our security team, our data architects, and our enterprise developers to help ensure that data is accessible and secure at the same time. Just like Hennepin County is complex, the data is complex. Hennepin County staff use many systems with data that may or may not be Hennepin County data. In some cases, such as the child support case management system, we collect and input some of the data into the system that is owned by the state. And then we store the documents in the county document management system. Other data in the child support system come from the IRS in the form of federal taxpayer information, from the Social Security Administration, from the State Department of Employment and Economic Development, and from the State Department of Human Services. Because this data comes from many different sources, there are layers of classifications depending on whether there are other regulatory requirements attached to the data. In the child support system, for example, all of the data is considered government data under the Minnesota Government Data Practices Act. However, federal taxpayer information provided by the IRS has its own set of security and youth requirements that are more restrictive than the Data Practices Act. And the data provided by the Social Security Administration has other requirements. As a result, one of the most important things to get people in our department to think about is the fact that everything isn't just a one-size-fits-all. Rather, we need to consider all privacy and security requirements determining how our data can be accessed and used. Finally, some of the data changes classifications as it moves through a process. Investigative data is one example. Data that is part of an active investigation is considered not public. Even the data subject can't have access to the data. Once the investigation is completed, the data may become private. So if the investigation is a child protection investigation, upon completion, the data subject may have access to some of the data, but it would still not be considered public data. In other cases, if the data is part of an employee investigation, then if the employee is disciplined, the data would be considered public and would be available for anyone who requested it. So the county is trying to take a more holistic approach to providing services to clients and residents. By pulling together data from different data sources to make policy-level decisions. But because of different security requirements placed on different types of data and the restrictions on the use of the data, it is often difficult to get a full picture of our organization or the clients that we serve. Here's our starting point. In all the articles we reviewed, they reminded us the very first step to a strong data governance program is knowing how your data is classified, both under Minnesota and under regulatory requirements. So we have been working over the past two years with every department and their data stewards to identify all of the data in the department and how it is classified. The next challenge is that staff across departments and businesses don't always speak the same language. So what does this mean? For example, the word archive. For some people, the word archive means store it in an off-site location. I'm going to send this data to archive. For others, it means keeping it for a really, really, really long time. We recognize that there are some basic terms used by data, used for data and records management, either based on statutory requirements or industry standards. We created a lexicon of these terms for our data stewards and data practices contracts across the organization to use. Now, when I say we created a lexicon, it sounds like something that we threw together in a couple of days. And that is not true. In fact, one of the reasons we've been able to get people to buy into our lexicon is because we asked for people's input. We met with teams who regularly use the terms. We sent out drafts and asked people for feedback. We made changes. We did more check-ins. And then after all that collaboration, we provided personalized feedback to every single person who made suggestions for changes to the lexicon. Many of the suggestions were valuable and helped to shape the final product. And for those we ended up not using, we provided specific feedback as to why. Sometimes, even when we are speaking the same language, we understand what we hear based on our place in the organization or our history. The county is in the process of implementing a document management system. One of the challenges we face is moving unstructured data into this system. We all agreed we need to provide the organization with metadata standards. But at the first meeting, we discovered that participants had different ideas about what metadata is. We have learned that the best way to tackle these misunderstandings is to seek clarification. My team has gotten very good at asking people, what do you mean? So to assign the role of data governance officer, each department was relatively autonomous in handling and managing its data. As a result, we didn't always know or understand how our decisions from one department would impact another within the organization. Or sometimes with the autonomy, one department would make a decision on how to store data. For example, some type of an employee-related document. One department would say, put the data into a secure network drive. Another would say, no, no, no, you got to print the data up and put it in a paper record and store it in a locked file cabinet. And yet another might say, no, what a supervisor should do is put it on their private network drive. So we had multiple ways of storing the same information. We also had situations where we were storing the same document multiple times. So a higher letter, for example, may be stored in the county employee file in the onboarding area of the county HR department by the department payroll contacts and by the employee supervisor. Once the data governance framework was created we began to push people to view the organization from a different perspective. We began to talk about what data we have in common. What data do we have managed, what data do we want to have managed in the same way regardless of where it is in the organization? What data do we want to be stored only once? And not only who is responsible for that data, but who else needs to be able to see it? The data governance team is leading an effort around data management alignment for data that is common across all departments. We are pushing departments out of their current way of thinking. We are celebrating small steps. If we go back to the higher letter, for example, it has been determined that the official higher letter lives in the employee HR file. Right now the county is in the process of moving our employee HR files to our county document management system. Rather than requiring that others in the county who need access to that higher letter save their own copies, we have pushed for a different approach, allowing system permissions for those that need access to the documents regardless of where they are in the organization. It's a small step, but one that we were actually high-fiving each other about after a meeting, when one of my team members saw the ah-ha look on the faces of the meeting participants about what this approach would mean for the organization as a whole as opposed to creating continued silos. We need to then look at what we've had to do to overcome change management challenges. We are asking people to think differently, and it can be challenging to get them engaged and committed. Here are some things that we have done. First, we've used existing staff resources. Second, we've communicated. And third, we've made it fun. Let's talk a little bit more about each of these change management strategies. First, using existing staff resources. Who are the key players outside of your immediate data governance team? We've already talked about the roles of the county executive team, the strategic council, and supporting departments like the county attorney's office, and the IT department. In addition, we identified roles throughout the organization that do the work, and then we formalized our roles. There are a couple of roles that were required under statute for government entities. The responsible authority and the data practices compliance official. Those were both appointed to me by the county board in 2014. Under statute, each elected official is also considered his or her own responsible authority. So one of my jobs has been to work with other responsible authorities in the county, the sheriff, the county attorney, and the county commissioners, to make sure that we're all on the same page in managing our data. In addition, we have worked to identify individuals in county departments to fulfill the roles within the department. One of the things we discussed with departments initially is that many of these roles have already been filled on an ad hoc basis. So we're simply asking them to formalize these roles. First, the responsible authority does the need. The person in the department for which the buck stops here for accountability with the department's data. These are often the department directors and the assistant directors. Business data stewards. These are people in the department that know their data and have the authority to make decisions about their data. These tend to be mid-level managers, and depending on the size of the department or the diversity in the types of data, departments may have one, two, or even up to 15 data stewards. Finally, we have data practices contacts. These are people who are administrative-level staff who respond to requests for data from the public. Some data requests are small. For example, I'd like to get a copy of an environmental report for some property I'm considering buying. While others can be very large, I'd like all contracts the county has related to the Super Bowl. We continue to look for ways to support these staff in their roles, including answering questions they may have, providing training, and making other resources available to them. Another change management strategy is communication. Talk, talk, talk. Trust me, my team talks a lot. The key attribute for each of my team members is the ability to clearly communicate new and sometimes complex concepts. And we recognize that people have different learning styles, so we know that we need to be strategic and diversified in our approach. We meet with people. Department leadership, data stewards, records managers, pretty much anyone who asks. Sometimes we reach out to people, but often we have people from departments contacting us and asking us to come to talk to them or their teams about what we do. I think it's fair to say that we never turned down an invitation to talk about data. We send out emails. Often our emails are targeted to small or to specific people based on the subject of the email. As all of you know, one of the challenges with email is that we all get a lot of emails. So when we communicate via email, we want to make sure the message is timely and relevant to the recipient. We do presentations. We do data governance, we do a data governance overview at the new employee orientation. This is a significant time commitment of my team, but one that we believe is critical in helping people understand right from the start what their role is in handling county data. We also present to audiences throughout the organization, including those in leadership development programs, communities of practice groups, and pretty much anyone who asks. No matter what we do, we strive to make it fun. When people think of data governance, they think of rules, and most people don't consider rules fun. Also, many of our statutory requirements reinforce with people that data is a risk. Our data breach policy, our privacy policy, our security requirements, it all pushes people to think about the fact that data is one of those things that we need to be super careful with and it's a huge risk if something happens. Because of this, people tend to maybe get a little freaked out every once in a while, and they're fearful of making a mistake. So don't get me wrong, we want people to protect data that needs to be protected, but we also want people to share data whenever possible. We believe that we have been successful because we engage and educate staff in a climate of relaxed awareness as it relates to data. A culture of relaxed awareness lessens the anxiety that is often associated with data governance and opens up to learning and engagement with data. As a result, risks associated with mishandling the data are mitigated and the opportunities to use data effectively are maximized. Here are some fun and creative ways we've created a buzz about data. First of all, data buttons. Creating fun data buttons to spark interest and spread word to advance the data governance framework. Now, I actually got the idea of the data buttons from the DPGO Winter Conference a few years ago. I brought the concept back to my team of three at that point and said, let's get creative. So we now have data buttons, and whenever we meet with new people or do a presentation, our buttons come with us. The point is to give the people the thought about data and get them thinking about it and talking about it, not only with us, but with others in their organization. And to push people to check out our SharePoint page for more information. The second way we've communicated and had some fun with data is our team's SharePoint site. It provides information regarding county-wide data governance roles, policies, projects to support the collaboration and management of data governance activities, and it provides templates for data practices, data practices, contacts to respond to data requests. It provides guidance to people if they have questions about a possible data breach, and it keeps people appraised of what we are working on and where we are devoting our resources. Finally, 60-second explainer videos. I'm sure many of you are familiar with the concept of explainer videos and have had the opportunity to watch at least one. We know explainer videos offer a quick and fun way to engage and educate staff about important data governance topics such as data privacy, email management, and records retention. We also know that people pay more attention if the videos have familiar elements. So we hired a local graphic artist to collaborate with us and create four videos over the course of the last year. The theme of the Hennepin County data minute carries from video to video. The Vikings carry over through all four videos, and the concept of data as an asset to improve the lives of residents, clients, and employees is carried over through all of them. In addition, we used a county employee as a narrator, which tends to make people feel a little more connected. These data minutes have been used in staff meetings throughout the county. They are linked to the IT training page, and we have shared videos with our peers in the other Metro Minnesota counties. As a result, last year, our data governance SharePoint collaboration page actually had more hits than any other collaboration page in the county. Before we move to questions, we are going to share one of the explainer videos with you, and this might take a minute because we have to do a little bit logistically to get it to show. So hang on, people. We don't have any sound. Hang on. Do you have my sound on? On my computer. One more time. Let's see if we can get it to work. It worked earlier. Look at that. The volume turned itself all the way down. Hang on. This is many places. You have your county data in one form or another, and that makes you a data steward. The Hennepin County data is government data. Handle, secured, and disclosed, according to privacy regulations. Data is an asset that helps us make informed decisions to improve the lives of county clients, residents, and employees. All of these steps will be a fatty beta student. To respect privacy, don't talk about private information in public areas or on social media. Share data only is required or allowed by law. Don't use your access figures to look up information on others. To save data, lock your computer from the way of your desk. To allow public data in a secure place is a totally problem. Don't give your password to others. By respecting privacy and safeguarding data, you enable the trust of the public, our partners, and our clients. Our presentation. I think I'm turning it back over to Ann now to moderate questions. You are. And, man, Chrissy, you guys, I told you this program was absolutely awesome, and you have not disappointed it. It is fantastic. I love the videos at the end, by the way. And apparently there's quite a few questions, so I'm going to hit them right away. And, guys, if we run out of time from these questions, we most certainly can follow up for the questions that go unanswered via email later. But I'm going to hit right away. So first of all, do you have any destruction policies other than the minimum amount that they need to retain them so that you aren't keeping, so you're not keeping documents forever? Yes and no. Like I said, we are a really big organization, and so one of the things that we are working on doing is making sure that we get some consistency in how we're setting up our retention schedules. So some of our retention schedules are a little more vague, and it will say may destroy, but then people are like, you don't really have to destroy it. So we're really pushing people that if we've identified that we need to destroy data at a certain point in time, that's our legal authority to do so, and we would like people to destroy data at that time. In part, it's being really good. I mean, to me, it's around being really good stewards of the data, and it's also the fact that, you know, it's not realistic to think that we're never going to be subject to a data breach or something like that. And so part of it is we don't want to be holding data that we shouldn't necessarily be hanging on to simply because we might need it just in case. So we really are trying to be good stewards of the data. Lots of people out there are frustrated with the feeling like they have to keep everything forever, especially in government. Tough, very tough. So I will move on to the next one then. Are your six resources 100% dedicated to data governance activities, or and or are they assigned to certain areas of the county, or do they float based as needed? They are 100% devoted to data governance activities most of the time. How's that for an answer? I have one staff person who also does a respectful workplace and nondiscrimination investigations. I have one staff person who, well, actually I have two staff people who are facilitators and have been asked to do facilitation work for other departments and for other things. And I do have one staff person who staffs employee group. We have the groups that are employee ERGs. I'm not even really sure what that stands for, but they're groups of people that meet around like things. And so the other thing is that my staff do also help manage some compliance things like our reporting hotline for the county and some other compliance requirements. A lot. Very good though. All right. So what method did you use to make data classification so simple and easy? And do you make use of a records file plan? That's really funny because I think anybody on my team would say data classification has not been easy. Especially to my group that's really been working with all of the data stewards. You know, I think it's literally meeting and having conversations. I was really unrealistic initially. I thought, oh, we can put together these, you know, this data inventory and figure out how our data is classified. We can get this done in six months. We'll be done. Two years later, two and a half years later, we're finally like the end is in sight. And so this has spent a lot of work because the data is really complex. And so one of the challenges for our team is that we get how data is classified, but we don't necessarily understand how departments, like what data the departments have or that type of thing. So we have to learn about every department when we go in and start meeting with them. And we have to know enough to ask questions because sometimes what happens is they'll say, oh, it's classified this way. And then we're like, okay, well, wait a minute, let's have another conversation about this. So I think part of it is working with departments who really know that. But then the other part is making sure that we ask questions. And we work really closely with the county attorney's office as well because they have people in the civil division that are assigned to departments to help them kind of figure some of that out. Cool. And in the meantime, while we've been talking, just so you know, Richard Twaddle or Twaddle commented, just so for everybody's knowledge, the ERG, they report to him as employee resource groups, and he's concurring with you that they have them too. So there you go. Thanks. Moving on to another question for you. We're going to, I'm telling you, the questions are coming in like crazy. So let's keep going. How do you go from an aha moment like you were talking about to an action plan and actually doing it? Because many times for the person that has this question and for a lot of us, there's an aha, really good aha, but then they fizzle out to other priorities. I would say that, you know how I said that one of the biggest attributes for our team members is the ability to communicate? I think the other biggest attribute for most of my team members is a quiet persistence in that most people, I don't think hate seeing us come yet, but we have a lot of things where we just keep pushing. And so when my person walked away from that meeting, she immediately got back and she said, all right, so how do we document this? How do we move it forward? And now when's the next meeting and when's the next thing that we're going to do to make this go forward? And so part of it is that we don't own a lot of processes. We really don't. So we have to insert ourselves into the processes and make people understand the value of our role in there. And so this is really like the countywide document management system is being brought up by IT and then they consult with all of the businesses and get their feedback and everything like that. But we need to make sure that IT knows that we need to be at meetings when people are talking about things and making decisions that have an impact across the organization. I think that's great. I love the phrase quiet persistence. I don't know how much we can steal from you, but that's a really good one because I think it really illustrates the importance of staying on top of it because not everybody else has priority. We kind of have to help them make it their priority. So I think that's really cool. And even with that, we've had people that have said, you know, data is not our priority. Our priority is serving clients or our priority is, you know, building bridges or our priority is whatever. And so a lot of times we have to remind people that the data is in a lot of cases what helps make that happen. And so that's another one of our challenges is data isn't always a priority for a lot of areas in the county. Totally get it. All right, so this next one is a bit more tactical and pretty straightforward, but an interesting one nonetheless. Do you use Yammer for your communication within your organization? Not officially. I know some people are on Yammer, but it isn't an officially sanctioned means of communication. Okay, good to know. Next one is focused on metadata. How would you describe or what are your metadata standards? I would describe our metadata standards as a work in progress at this point. It's one of those things that, like, our county document management system has developed some metadata standards. Our SharePoint area has some, but, you know, as we start talking about creating and doing collaboration and SharePoint and then moving the documents into filenets, we need to figure out a way that the metadata standards can be consistent across, and they're not quite there yet. I will say we probably have the best metadata tied to our paper records, because we have inventoried all of our paper records and we have certain data that we use for those paper records that's metadata. When was it created? What type of record? How long, you know, how long does it need to be maintained? Who created it? All that stuff. And so that to us is actually, we know that paper records aren't the direction things are going, but we are starting with those and saying, that's a starting point for us as we start thinking about our business metadata. Now we also know that there's technology metadata as well, and so I have a person on our team who's working with the technology area to make sure that we work together to create these metadata standards. Awesome. Awesome. I don't think I've heard anybody say our metadata is done. You know, it's always work in progress. That's tough stuff right there. All right. So we've got a lot of questions around this one, and I'm sure it's no surprise. The buttons and the videos. There's a couple of questions around this. I'm going to kind of group them here. What was your budget for them? And then also how did you organize the communication plan around them to be able to distribute them and design them for that? So did you have a good budget for it? For both? We can talk about them separately and then the communication plan for them. So when I started in this position, the budget for the data governance area was my salary, and that was it. And my role is actually, our team is in the audit compliance and investigation department of the county. And so I was one of the first people that was a non-auditor coming into this department. And I have to tell you that I think I pushed my department director out of her comfort zone almost daily because I would come in and say, I got this really great idea. I think we should do blah, blah, blah. And she'd be like, oh, well, the county's never really done that before. I'm not really sure how we can do that. And so when I came to her with the data buttons, I'm like, okay, I've got these data buttons as ideas. And she's like, okay, we don't have any money. And I'm like, okay, I'll find out how much it costs. And we've made the data buttons for $700. I mean, we had the internal people do the design and everything like that. We literally had to pay for the printing or whatever you do with data buttons, the printing and putting them on to PIMS, right? It was kind of the same thing with the explainer videos. So I went into her and I said, oh, I got this really good idea. We want to do this. And she's like, okay, we don't really have a budget. And I said, but we can do it. And it'll be super awesome. And so we negotiated the contract with this outside graphic artist who hasn't really done explainer videos before. And so this was an opportunity for him to get his foot in the door. And we said, yeah, you can use it for advertising your services and trying to get other clients and everything like that. So I think we created all four explainer videos for, I think, $16,000 or something like that. It was really inexpensive in the scheme of things. That's great. Why do you use your resources there? Smart planning. Or somebody's resources because they haven't been mine. Right. Because that kind of stuff can get pretty hefty on the price tag. So good job. Thank you. All right. We're going to switch gears on this one for you. And I will add a caveat this because it may fall outside of the scope. And if it does, feel free to share that as well. But someone has asked, what is your retention period for emails? And how do you dispose of emails? And of course it does fall under the data purview, but interested if it falls directly under your responsibility. That's been a real hot button in Minnesota this past probably two years. And it was something that was actually tackled by the Minnesota legislature and then kind of died on the vine at the end of the legislative session. We do have email standards. The challenge is that email is a format. It's not an actual record. And so our records retention schedule is around records, not necessarily around data and not around formats. So to say we save all emails doesn't make sense because not all emails fall within a record. So what we've done is we've set standards and requirements. So our requirement is if you get an email that's part of an official record, you move it to that official record out of your email. And then the standard is that emails that are in our inbasket are automatically deleted after 180 days. And emails that are moved to a folder in the email system are maintained for three years and then they auto-delete. But the biggest thing is we are requiring staff to know if something they receive is a record and move it out of the system because email is not a place to be storing official records. Great. Okay. I think we have time for one more. I have like 12 more that are really there, but we'll figure that out afterwards. But I'm asking them in the order they came in. So do you think that it is very important that I have a data quality tool in order to implement a data governance program? You know, you might be asking the wrong person this question. Mainly because I think data quality is one of those things that I have the hardest time wrapping my head around. So I'm a rule follower. I love rules. Absolutely. Give me a rule. I can wrap my head around that rule piece of cake. Data quality is one of those things that we actually have had a data quality group. And when we pull them together, I was like, I cannot share this group. I can't even think data quality in the same way. And then when we start talking about it, one of the challenges is the fact that we have data from many different sources. So if we're starting to talk about like having standardization around, for example, an address, right? Well, we can say the county, when the county creates addresses, we have standard address format. But then we get data from the Department of Human Services. They have a different address format. We get data from the IRS. They have a different data address format. So the challenge is that we could spend so much of our time trying to figure out the whole data quality thing. And so one of the really smart people that I work with that actually is more of a data analyst and stuff, has talked more about the fact that we need to have ways, we need to have some type of a tool in place that helps us to standardize the data, but we can't really require that standardization in all of our systems. And so we don't really have that in place right now. And it's something we're still thinking about and noodling on how we make it happen. Gotcha. Totally get it. All right. We are right at the top of the hour. So I'm going to let Shannon close it out. I do have several other questions that people have asked, and I will work with you offline on those. So if you guys are in the last bundle of questions here, do know that Christy and I will figure out how we're going to address that and get it through Shannon or however the distribution method is. Thank you so much. Awesome. Thank you so much. Great presentation. Thanks, Christy and Anne. Just a reminder, the DGPO will be publishing the recording and the slides to the members only section of the DGPO website at dgpo.org. You can check it out there. And thanks as always to our attendees for being so engaged in everything we do. We just love all the questions coming in. And hope everyone has a fabulous, great day. Thanks all.