 Hello and welcome my name is Shannon Kemp and I'm the Chief Digital Manager of Data Diversity. We'd like to thank you for doing the current installment of the Monthly Data Diversity Webinar Series Real World Data Governance with Bob Steiner. Today, Bob, along with his guest, Len Silverstone, will be discussing Activate Your Data Governance Policy. Just a couple of points to get us started. Due to the large number of people that attend these sessions, you will be muted during the webinar. If you'd like to chat with us here with each other, we certainly encourage you to do so. Just click the chat icon in the bottom middle of your screen for that feature. For questions, you will be collecting them by the Q&A in the bottom right-hand corner of your screen. Or if you'd like to tweet, we encourage you to share highlights or questions by Twitter using hashtag RWDG. And as always, we will send a follow-up email within two business days containing links to the slides, the recording of the session, and additional information requested throughout the webinar. Now, let me introduce to you our speaker for this series, Bob Steiner. Bob is the President and Principal of KIT Consulting and Educational Services and the Publisher of the Data Administration Newsletter, TDAN.com. Bob has been a recipient of the Data and Professional Award for significant and demonstrable contributions to the data management industry. Bob specializes in non-invasive data governance, data stewardship, and metadata management solutions. And with that, I will give the floor to Bob to get today's webinar started and to introduce his guest. Hello and welcome. Hi, Shannon. Hi, everybody. Hi, Len. Good to have Len with us on the webinar today. Thank you, Bob. And as Shannon said, the title or the topic of the webinar for today is how to activate or basically activating your data governance policy. So it's going to be great to get some other opinions and bring other opinions and please feel free to chat with us as well and let us know what your thoughts are about data governance policies and things like that. Before I get started, I just want to run through a few things and then I want to introduce Len. But as you know, the Real World Data Governance webinar series is the third Thursday of every month. And next month we're going to be talking about, I'm going to be sharing with you a complete set of data governance roles and responsibilities. I hope you will attend next month as well. I always introduce the topic of a book that I put out, Non-Invasive Data Governance. Just got done speaking at the Dataversity Event Enterprise Data World this week and I'll be speaking at the Data Governance Conference and Data Governance and Information Quality Conference in San Diego in June. I believe that Len will be there as well. Also just real quickly about the two learning plans, online learning plans that are available through the Dataversity Training Center. And especially this month as it's Data Education Month, you can use the code that's shown on the screen to get a 25% discount on not only my courses but all of the courses that are available through the training centers. So please give them a visit. Shannon mentioned my publication, the data administration newsletter, lots of great quality information there. There's a couple articles that are relevant to the topic of data governance policy. And so I hope you'll go and take a look at that. And last but not least, there's the KIK Consulting and Educational Services. I have always called it the home of non-invasive data governance and now we're at a point where we're talking about non-invasive metadata governance. So I hope you'll take a look at that as well. I want to introduce to you my special guest today is Len Silverstein. He's the founder and the CEO of Universal Data Models. He is a best-selling author and we put up pictures of the different books that he's published. And I hope that you'll take a look at those. If you're not familiar with Len, he should be very entertaining. We're going to have a lot of fun on the webinar today. I'm looking forward to working with him. He's also a winner of a couple of DAMA awards, the Professional Achievement Award and the Community Award. He consults in this space, so he's got lots of interesting things to say. And as I said, he'll be speaking at the Data Governance Information Quality Conference in San Diego in June. And with that, I want to say Len, welcome aboard and please introduce yourself to the folks in the webinar today. Thank you, Bob. Yeah, I'm very excited to connect with all of you and share information about organizations with their data governance. Once that's listed on this screen, 2012 has Practice Award. And I'm going to talk not only about this client but other clients about what we've done with policies and other data governance. And I love the field. I do a lot of work in data models where we resell and license reusable data models but also reusable business glossaries and also in the data governance space. We're going to also be talking, I think, Bob, about some of the human dynamics that go into policies as well. So I'm excited about that. And certainly, when that topic comes up and Len, your mic's a little bit soft, so maybe if you could speak up a little bit, that would give you a couple of comments on that. But the human dynamics part is really what this is all about, is really taking your data governance policy and getting people engaged with it and understanding what it is, how it's necessary, how it really drives some of the things that we do. So I'm looking forward to getting your feedback on these things. Thanks a lot, Bob. I hope this has been better. I saw the comments that thought it was hard to hear me. How was this? That's better. Good. All right. So just to let everybody know, the things that Len and I are going to talk about, we're going to try to keep this quite conversational. And if you have questions and comments on the things that we're talking about, the things that we're going to focus on are, first of all, when do you need a data governance policy and when don't you need a data governance policy? And when is it necessary to put one into place? And then we'll talk about the differences between taking a policy and making it inactive versus making it inactive or what that really means to organizations. Len will share and I'll certainly interject some tips for activating your data governance policy. You were talking about using the policy to drive data governance and then getting people to follow the policy. That's always a good idea if you're taking the time and effort to put a policy in place. So this is what we're going to talk about. And with each slide, I'm basically sharing several questions that I don't want to necessarily get through them one by one. Like I said, I like to keep this conversational. And so the first question that I have for you, Len, and just kind of take a blend of all these different questions is, when organizations have a data governance policy, what are the things that they typically put into those policies? Are there certain times when a policy is absolutely necessary or good to have or actually not necessary at all? So I'm interested in your thoughts on that. Thanks, Bob. You know, I thought about this question because you sent it to me in advance. I was at Enterprise Data World with you and a number of other speakers. Michael McMurray quoted Socrates and he said, the beginning of wisdom is the definition of terms. So I thought, you know what, let's just understand what a policy is. You know, it actually comes from the middle French police. It means regulation and control of a community. That's the etymology of it. So it's like, OK, when are you trying to, and I think that applies for data governance policy, like how do we regulate and control this community? So now in my experience, what goes into a data governance policy? Like a whole bunch of things. We have a template with a whole bunch of things, the name of the policy, the effective date, the owner, the overview, the scope, the background. I'm reading from a template, the reason, the supporting documents, how to report violations, enforcement, policy contacts, policy change record, and actually there's more. But there's four big ones. The four big ones. The first biggest one is why? Why? What's the reason for the policy? Another really big one is what is the policy in planning this? What is it? And then the third question is how? How do you enforce, how does the policy gets enforced? What if you don't follow the policy? And then the fourth big one that I think is who? Who created the policy? Who's going to do the policy? Those are the four big ones. What is the policy? Why is it? Who is involved in it and how to enforce it? Okay, and you know what that makes sense to me? I get that question all the time. Is a data governance policy necessary? And in some organizations things are very policy driven, and in that case, it definitely makes sense to have one put into place. Especially if you're basically escalating it up to senior leadership to sign that policy. They're not going to sign the policy unless they're standing behind what it is that you're trying to achieve with the policy. And so the idea of is there an easy answer to the question, is a policy necessary? I've found that it really depends on the client or depends on the organization that I'm working with or the organization in general. What is your feeling? What are some of the things that organizations can look to to determine whether or not it's actually necessary to have a data governance policy? I'm going to ask you to speak up a little bit more if you could close your outlook or anything that might be interfering with your audio. You kind of started breaking up there. Thank you. I did close down a number of applications when you said that. I'm closing down a few more. And I will speak up. Good. So thank you. If anybody has any difficulty hearing me, please let me know. So in my experience with companies, it could take quite a while to develop a policy. And the biggest reason why it's necessary actually comes back to that why question. Like is there a real overriding need for something? Like a big policy that we often do is on data usage or data usage limitations. Because especially with GDPR, the European regulations, just saying, hey, what is allowed or what's not? So I think it's necessary. I've seen companies go overboard on it and create too many policies and you get involved in legal. It'll actually take quite a bit of time to establish a really good policy. So I would say, pick it. Make sure you have a really good overriding, real strong why behind it. That's what I would say. That's really going to create business value. Okay. And I think people are still saying that they're having a hard time understanding you because it's breaking up on my side too. I don't know what we can do about the microphone situation, but it would be helpful if we could rectify that. I understand. Well, Bob, let me interrupt then. So I apologize. And of course, it gets choppy after we start the webinar and leading up to it. But, Len, if you have a telecom that you mind, you can call from. Oh, okay. I can do that as well. I just switched it to my audio right from my computer. Is this any better? Okay. Keep on talking. I'm going to call in on the line. Wait, they're saying it's not as choppy, but you're quiet. You just need to turn it up. If I talk like this, is that any better? No. No. Okay. Technology. Yeah, I know. Technology is great when it works. I'll walk you through switching over, but if you want to chat in the meantime, Bob. Okay, sure. And so, you know, I think a lot of the things that Len was sharing with some of the things that are in line with what I'm thinking, you really need to have a why. Why is a policy necessary? And again, as I mentioned before, it makes sense to be able to build it up to the point that the people at the highest level of the organization feel that it's necessary to have a policy to implement. And, you know, Len had gave examples of a lot of different things that go into a policy. And, you know what, you really just need to address what your senior management is thinking about. If they feel as though this is important enough to have a policy in place, by all means, put a policy in place, communicate it effectively, and it can take time to put a policy together. I haven't seen too many organizations that wait real long to put a policy into place, but it may not be the first thing that they do. It might be something that they do once they've started to establish what governance is going to look like and how it's going to work within the organization. Len, do you have anything to add to that? Yeah, on timing the policy. By the way, on the screen. No. So that's what I was saying. Can you dial into the phone number instead of trying to use your microphone? Yeah. I'm looking up the phone number. Len, I did check your instruction. It'll give you. Okay. Bob, why don't you take it over to, like, Tyler? But I'm so soft-spoken and don't ever have anything to say. Of course, I'll do that. And I'm looking forward to having you come back on in a minute. So I hope all of you people understand this is technology and use. So we talked a little bit about, you know, if a policy is necessary and there's not a blank answer that's going to cover everybody. And so the next topic that Len and I want to address as we get led back on the line here is, you know, what is the difference between an active and an inactive policy? I've seen a lot of organizations that have policies in place but they sit on the shelf and nobody really understands it. And in fact, with an organization I'm working with now, we've actually created a diagram that relates the policy to a program document. It relates the policy to standard operating procedures and things like that. So it's there, it's active, it's the backbone for everything that we do. But again, it's just a component. Putting a policy in place does not mean that you have a governance program. It's just the beginning to demonstrate that there's a high level of support for that program. And let's check to see if Len is back. I am still on the baseline here. Okay. It's going to, I'm just going to continue then for a moment at least. Yeah, continue for a moment. So look at, so everybody who's listening, I'd be really interested in hearing whether or not you have a policy and what you've put in that policy and how you've activated that policy within the organization. And, you know, that's always one of the best things about the community that we're serving to with this, with the webinars, with all the things that DataVersity does, is it's great to start conversation around that. And if you can, share policies that you're working with and how you've taken them from being something that's inactive to something that's now working for people within the organization. So certainly, you know, check out what the environment calls for and then recognize that there's going to be, it's going to take a little bit of time to put this together. There's models that are available, there's templates and things to use for that. And as I said, Len had shared some of the things that go into the policy. What I find is that it's great to have a policy sitting there that demonstrates your senior leadership support and understanding, support sponsorship potentially and understanding of what you're doing and how you're doing it. So Len, I'll check to see. Len, are you there? I'm still on this while I'm here. Yeah, I'll let you know, Bob. It's going to be back. Okay. All right, so you know what? I mean, typically, you want to look to see what other policies do you have in the organization. I've been asked to put together a policy for an organization. And the first question I ask is, what policies do you have? Is there something that we can use as a framework for developing the policy that we're going to utilize within our organization? And how are policies being applied to people within the organization? Is it something that people are introduced to when they join the company? Is it something that's kind of reinstated or demonstrated through whatever communications tools that you're using for your organization? So, you know, see how people have reacted to existing policies before you go and you add another one. Or maybe it becomes part of your operational data policy. Or maybe you already have a records management or an information management policy that can be leveraged, can be approved by inserting some statements and some definition of what governance is. And even, I've seen organizations go as far as including roles and responsibilities within their data governance policy. Oftentimes, I would see that residing within a program document or something like that. You know, look to see how policies are being used within your organization before you determine whether or not a policy is necessary. And then also learn from experience of your organization as to how they've activated other types of policies. Or maybe policies are something that just sits on the shelf and waits to be used. So, figure out first and foremost do we need a policy? And then learn from experience as to what are you doing now with your present policies that have made them effective or have made them ineffective. Can you hear me now, Bob? I can. Good. So, I completely agree with that about learning from experience. And what I have found is that different organizations have different cultures. And so, there's all different models about cultures of organization, but like one model said, hey, are you an innovative risk-taking culture? Are you an aggressive culture? Are you outcome-oriented? Are you a stability culture, people culture, team culture, agility culture? These are some of the types of cultures. So, look at the experience of what's worked. Another useful way to see what you can do on a policy is to say, okay, do I need a guide? So, do I need the policy to be a guide or a suggestion? Or do I need guardrails, which is a strong suggestion? Or do I need a policy that is governing or enforced or a very strong suggestion? So, David Wells, one of our associate speakers said, oh, think about the three Gs, guide, guardrails, or governing in terms of how to activate your policy, how strong does it need to be and what works in your organization. Yeah, I like that idea. So, you said guide, governing, and what was the third one? So, guide, small suggestions, guardrails, but guardrails, um, and, um, being a stronger suggestion and governing being, uh, a, uh, a very strong enforcement type of culture. Yeah, I think that's great when you look at it. Yeah, I could think of one telecom company I work for, which basically, uh, guides work better. If you give a strong suggestion, very people-oriented culture, if you strongly enforce it, it won't work. Then I think of another organization that was more, um, in that culture of aggression and outcome-oriented, and there, the culture that really works well with policy, and specifically about data-sharing policy was, uh, hey, you have to really, really be careful with this, and talk about governing policy. Okay, and, you know, I think that makes perfect sense, and, um, like we've been reiterating, well, let's look at what the culture of the organization calls for. Um, I always talk about trying to help people to stay non-invasive in their approach to governance, and, you know, oftentimes, if there's a policy in place and it's being enforced in such a way that it's really being very forceful in it, they feel much more invasive than non-invasive. So, um, again, it becomes the organizational cultural type thing. Yeah, so, um, you know, I love your approach about non-invasive data governance, and that, it syncs up with what I focus a lot on data governance on human dynamics, of saying, hey, uh, to make it non-invasive, implement, develop and implement the policies along the same lines as what your culture is. Uh, by the way, you guys can look up all different cultural models, uh, where I have information on that, uh, to say, uh, look and see what the culture is in your organization, and if you follow that culture, it'll be more non-invasive. Okay, and it'll be less invasive, I guess, the way it would be more non-invasive, it would be less invasive. It would be less invasive. Right. So, now let's talk about what are some of the things that let's assume for a second that people, that there's a need for a policy, and that it's going to, um, that you actually can't even get started until you have a policy. And so you take the time and the effort, you use models that you've seen, um, you've made certain that it's required within your organization, and you've put the policies together. What are some of the steps that people can take to take it from being just a document on the shelf to something that is going to become useful to them in their everyday job, or as, uh, as again one of those three, the guide or the guardrail, or to be used for governing. So what can people do to activate their policies? Yeah, that's a great question. So what I've seen in my experience is numerous attempts, sometimes, at implementing a policy to take forever. They get caught in a bureaucratic uh, um, they get caught in a bureaucratic life, uh, cycle of okay, let's draft the whole thing, let's go to legal, let's go to security, let's go to all these departments. Uh, what I think is one of the most important steps is get back to the big issue. Like we run data governance programs and one of the first things that we do is we, um, we provide uh, uh, issues of, of, in, in organizations. So like for instance, in one organization, data sharing, and very, very sensitive, uh, in this association, I'm not going to mention names of companies, but in this association, very, um, uh, very sensitive data. So it was, and that was one of their number one issues is sensitive data. Uh, so, um, so basically they, they established their sharing policy. In another organization, pharmaceutical company, it was actually the quality of information and it gets back down to what's the reason for this? Well, if you get the quality of information wrong and you have a little bit of, uh, of data on John Smith in one record and you get a little bit of data on John Smith in another record and, uh, and you don't match them properly, people can die. So it's huge consequences. This was actually the one where we won the 2012 award for it. I can say that one because it's, uh, Express Scripts Medco, uh, where, where it was matching and, and, and making sure that you're setting a policy on data quality of not entering the same record more than once as much as possible. By the way, there's over-matching and under-matching. I just gave an example of under-matching these two different records. Then another is over-matching where you have John Smith and John Smith and it's two different people. So, um, some, some, uh, some policies are around usage, some are around access, some are around sharing, some are around quality or integrity, but find the biggest issue that you can find in your data governance program. That's a whole part of data governance is issues tracking. The biggest issue and say, where do you really need a policy? Once you do that you write up the policy and you describe the reason and the policy. Like I said, there's big four, the, uh, the reason, the why, what the policy is and then culturally how can I enforce this story? Which one of the 3Gs do I use? Uh, how do I, how do I enforce it? And then how do I monitor it? You know what, I'm with you 100%. I mean, I, uh, I'm working with an organization that's focusing on records and information management and they started with the record, with the RIM policy. Um, other organizations that are focusing on, um, protecting sensitive information, like you said data quality, make your policy. You might not even need to call it a data governance policy. You might have an IT security policy that is already a form of governance. And so, look for those and again, look to see how are they activating these policies and making them, uh, valuable to people. But I think that, you know, it would be great if we could share some examples as to, you know, what, uh, what have you seen the policies be called? Or if they're not data governance, what are they called? Yeah, yeah. So, um, so I gave a few examples. One, one, uh, that we created was both a data use limitations policy. So say, okay, uh, to show when you have this what can you not use this information for, like marketing or, uh, or even internally. Um, so that's one example of a policy. Another example of a policy is a data access policy. You know, who is allowed access to what types of information. Now, uh, and so, uh, one is a data usage policy. One is a data, um, uh, one, one other example is a data integrity policy. Another one is a data integration policy. Now, these all have to do with the data, but then there's also stuff that have to do with the processes. So in one organization, a large telecom company, we, uh, we actually had a very difficult issue gathering all the issues formally. People knew about all the issues, but they really didn't have their issues all laid out, which I believe is one of the biggest parts of a data governance, uh, uh, plan is to lay out all your issues, yet everybody together, uh, the data governance council and say and prioritize the issues and work up one issue at a time from the highest priority. Well, so one of the policies we implemented was a, um, data governance issues management policy, which basically said that once you have an issue, the policy is is you have to formally report that issue. They were doing it all different methods, but formally reported through a process that we set up and through a system that we set up. Um, similarly, there was another policy about a process called the data definitions policy to say wow, there's a policy to say, look, when you have a new piece of data, you have to define it. So these are more about the process than the, um, than the end result. Uh, of course, it could lead to a good and it could lead to a bad end result if you don't know what the heck data means or definitions or inconsistencies and stuff like that. So there's some examples of data management policies. I just want to add one quickly before we go to the next next topic, but, um, I've seen organizations that have put a lot of time and effort into creating their business glossaries or their data dictionaries or their data catalogs, all these things that are very hot topics right now and that once they've done they put the resources into developing those things, they decided that they wanted to create a policy around change management for this documentation. So if you are going to request to change something that has already been blessed by the people that needed to bless it, the stakeholders of it, if we're going to change it, we're just not going to give people the opportunity to change it. Now there is and this is going to what you said Len, it's going to the process of keeping these things up to date and making them viable within the organization. So if we're looking for a way to activate the policy, you know, one way may be for you to present something to people that in their daily job is going to impact them and kind of refer it back to why you're doing it and the reason why you're doing it is that you have the management support for it. Absolutely, absolutely. Now actually, so this is an interesting one. I did a project for the Colorado Community Colleges and we were actually able to integrate information from many different universities and get standard terminology around a lot of their terms around the student and financial data. They actually didn't have management support for this project and many pieces involved data governance. They didn't have management support in the beginning but what they did is they took this huge need because like in budgeting, in the college budgeting, there was this tremendous lack of understanding about the data and they basically were able to implement a policy about really labeling data that really made a difference. In the end they had management support at the beginning they didn't but they showed the value. So sometimes even without management support you know everybody, I agree with you Bob, like you need management support but sometimes you can do things and show value and get management support after the fact. And that's true, I mean sometimes they want to be the case, they want you to demonstrate to them why is there even a need for the policy and if you take something to them and say we've actually put the resources into this that we need to again activate the policy and get it involved. It's not for everybody there's not one consistent format that I've seen for a policy. Oftentimes they pick and choose from some of the pieces that you mentioned earlier. So I think that's a real valuable conversation as well. So the next thing that I wanted to talk to you about is kind of the relationship between the policy and data governance. So can you actually use a policy to drive data governance within the organization? If we're going to do that you know what's the best way to communicate with these folks is it to come from like we talked about either top down or what you just described which is the bottom or top approach. Is there is one of these better than the other and what would you suggest? Well so in our methodology for data governance where policies actually fit into is we have like six main major parts to the data governance methodology. It's setting up the organization, it's issues, it's data definitions, it's metrics, it's data quality and it's solutions. And where policies come in is in the solutions piece. So once you identify the issues, once you see what's going on in all the different parts of the data programs there's a number of things you could do on solutions. You could set policies, one is you can change data, one is you can change processes. By the way, another big one is procedures. So we distinguish a policy from a procedure that very often will have both a policy and a procedure about the same thing. So we'll have a data definitions policy maybe like in one organization to say hey you need to have a policy to say look you have to give it some meaning. You can't just add a field to a database and not have any definition to it. And it can't be like you always say Bob, a cheeseburger definition you know. I got that from you Bob, of burger with cheese. Real definitions. So that could be a policy but then there's a procedure. So the procedure is the how, the policy is the what. And very often it's an associate. So basically what I'm saying is that the policy is one solution, one thing we can do. So how it relates to data governance this is one solution we can implement along with all these other things about metrics and and then I'm looking at some of the chat line comments about yeah it depends on culture. So depending on your culture you know I could think of one data governance job where we didn't even implement policies because there were so many other things to do in the organization that was so much more powerful than implementing policies. So really a lot depends on your culture and on the issues and on the why's as to if you implement policies how you implement most organizations will implement some policies. But it's a solution. It's one solution in the data governance program. That's how I say it. You agree? I do because if you think it may come down to even how you define data governance for your organization and often times in my webinars I'll start out by giving definitions of data governance, stewardship, metadata whatever we're talking about today. I thought we'd cut to the chase today. But the idea is that you need if you need the data governance policy to be in place in order to do anything that might be the first step. Or there's a lot of organizations that don't necessarily feel that this is going to become an active document. Yes, I agree. I think that it really again depends on what's expected within the organization and if you go back to the definition as I was saying I define data governance as being the execution enforcement of authority over the management of data. Well, if it takes policy to execute and enforce authority over the management of data, and for example, if you are going to make this more of an information security or a privacy policy or if that's where you're going to start it becomes a no brainer. Everybody knows that everybody is supposed to protect sensitive data or data that is classified a specific way. The policy can say that's what we're going to do. But if you're going to focus on something like information quality and you're expecting people in the organization to really change their behavior in order to execute and enforce authority it may be necessary because they're going to come to you and they're going to say why do I need to do this? And you can say because it's in the best interest of the organization or you can say well management feels that this is very important so we need to put this in place. So one thing that I think is useful to look for is other policies like I said in my experience to put together a data governance policy is actually a lot of work to actually get it there and get it enforced and by the way very often you do have to check with legal and other organizations so to get something in place it's a bit of work so the question is are there other policies and do they work? So there's many other policies aside from data governance policies see what works in the organization and then if there's other policies work okay then that's one effective solution to implementing data governance. If the organization is motivated and inspired by other things like results or relationships or so you might yeah it's really a question of how much time in the data governance program do you want to spend on policies? And you know what your point is very well taken because it does take time, it does take resources you're going to get people like your legal counsel involved you may get HR involved in writing what are the consequences of not following policy I've seen organizations that have things that they call policy management policies which sounds kind of redundant but it's a policy for how they're handling the policies within the organization so again it really depends on the culture of the organization as to whether or not you know if you need to point back to the fact that you have a policy as a way to make certain that people are doing what they're doing. I had an organization I spoke to earlier today some of their senior leadership have as a percentage of their performance evaluation that they are going to implement effective data governance around the specifics of what they're focusing their program on. And in order to do that they say okay well then we need to have a policy if I'm going to be accountable for this as being 20% of my job or 10% of my job we need to be able to make certain that people understand that there is a policy in place and that it needs to be followed. So I think that you can use governance to drive governance it's not necessarily necessarily the least invasive way of doing it but it's certainly if you have a policy then somebody at the top has said this is necessary and it's worth doing the effort. And I've always called it non-invasive data governance I don't necessarily say that it's easy and it's not it doesn't mean no work data governance it means that this is really the approach that we're taking to apply governance and you if you're afraid of work or you might not be in the right business putting the policy together is definitely a bunch of work within the organization. Right, right and you know the other thing is unfortunately I've been doing this a while I've seen a lot of programs and I've seen a number of policies that frankly don't do anything and and you don't even know if they're doing anything so like on this slide you have questions that the policy includes measurements of success and I'm going to say to that yes yes yes yes absolutely like if you have a program and you don't have any metrics and by the way we distinguish metrics from measurements so the measurement is the type of thing you're measuring the metric is the actual result of it so like for instance a measurement might be violations you know we had three violations of the of the data sharing policy you know the so the metric is free but the measurement is the type of thing or how many people refer to that policy or how many questions whether so if you're set metrics and there's absolutely no activity on that policy you may it's like the old thing about reports you know I'm putting out a report and let's just delete it from the operational system let's see if anybody notices it that could be another thing on policy okay we're going to not even look at it for a month let's see if it was doing something so absolutely if you have a program where you're not measuring it it's really what data governance is about in many ways it's about measuring and metrics so you really want to use them in your policy and I've seen them included as well and I think that becomes a very important thing again if we're going to do this if we're going to formally put governance in place how are we going to know whether or not it's effective and whether or not people in the organization if this is something that they want or need or even know exists so let's jump into the last subject before we turn it back to Shannon for some Q&A the last subject that I wanted to talk about was getting people to follow a data governance policy again now assuming that we have a policy in place what are the things that we do so how can you share first of all can you share how organizations effectively use policies and what are some of the techniques that they're using to get people to follow the policies you know we don't want that stagnant passive policy sitting on the shelf we want to get it active get people to follow it what are some of the things that have any pointers for people as to what they can do in order to do that absolutely you know I do that's a leading question because that's frankly I think this is the most important area not only in policies but in data governance that I've been on panels where they said what is data governance it's and you've heard me quote 20 years ago it's not data governance it's people governance we can't govern data you can't tell data what to do it's going to do what it does but we're guiding people in people Bob you were actually at my course in Enterprise Data World of Monday morning where I talked about the whole course was about was about one thing it was about instead of being about data mining and I made a joke about this a long time ago not data mining like exploration of data it's like it's my data it's mine mine mine mine mine mine right so it's one of the biggest issues in data governance not only in policies but in everything in data governance of hey leave me alone I'm working on a data science project I'm working on a machine learning project this is really important so leave me alone and we need to get the data hours in that this is a important I made up that term this is an important piece of information that is really actually the companies probably the companies the piece of information not any particular persons so how do you get from data mining to data housing I've actually spent like decades looking at this and I came up with five things I think are the most important things I talked about it in my course can I say what those five things are sure please do okay one get really clear on the purpose on the why if you're doing anything so if you're going to have a DG policy you have to link it back to the why at that project I told you at the pharmaceutical company we link this policy back to the why of saving freaking lives you don't have if you don't follow this policy it is a very very very strong lie in other organizations there's a big money why in other organizations there can be a risk why in an insurance company they had said we talked to the vice president of marketing with our data governance and data management program you guys don't know what you're doing what you're really doing is you're stopping us from going to jail that's what you're doing with this so a policy could be linked back to actually people I'm being facetious but not going to jail you break a policy so it's the why I'm just going to interject that's really really relevant really really important because if it's not linked to the why people are not going to really understand what's the purpose of it what are we going to do I want to emphasize that point that's a great point and by the way people often think they're linked to the why why because we need better customer information that's not the why why because we need better data quality that's not the why the why is something that people really get their heads around in the Colorado community colleges the why was about educating students that they saw a direct link from getting standard terminology across 13 different reasons to increase their learning the why has to be really clear that's one second, people don't understand what is motivating people so there's like 10,000 regulations on data and then there's company policies and then there's all this stuff policies are getting not followed all the time but I have seen instances of policies being followed like that data sharing policy people understood the why behind it and what we do in our data governance program is one of the whole modules in data governance is organizational change by the way I think that's really important to have a piece of your program dedicated to organizational change whether it's a person or at least part of a person or at least a program or something on organizational change that seems to be the key so there is a model that I shared with you on Monday morning about how to understand people's motivations to know if they would follow a policy or not that's second third is if you don't have trust in the organization people won't follow policies oh this policy is for the organizations like Baker so there are frameworks for developing trust fourth it's the way it's communicated if you communicate for instance if you communicate a policy in legal technical language with that bird that you have on the slide it probably won't be followed so much and I like that graphic by the way you have both and then fifth is conflict so one job in data governance effort one of our data stewards got this nasty email from a person and it was basically she was getting in their stuff about really following policy and in this case it wasn't a documented policy basically to say look you have to have a checkpoint in your project so how do you handle a conflict by the way what she did when she got this pretty nasty email is immediately started typing back like how dare you how could you do that and we're in there you have to follow our lead on this this is authorized this has top level management commitment how dare you you need to follow it the enter key she listened to some of the training that we had about the first thing to do in a conflict so Bob you were at my talk on Monday what's the first thing to do in a conflict now I'm testing you okay I won't test you first thing to do in a conflict is we have to stop we have to create some space that we're always jumping over each other so somebody doesn't follow a policy you don't go and say hey I'm going to escalate I'm going to ram it down somebody's throat you need oh somebody just wrote in on the chat line wait 24 hours then reply awesome Gary and by the way sometimes this happens not in an email but it happens directly where somebody says hey your policy is ridiculous it's crazy you're ridiculous get out we'll follow the policy as long as it doesn't take any time away from or budget away or any resources at all from our project so even face to face you can do like Bob let's have some fun be mean with me and let's say I'm a data science project that says get away from me I don't want this to be synonymous with just go away from me I told you once I told you twice I told you three times okay that you need to go to the glossary and you need to go to the dictionary and the definition of the data or you know I told you that this data is sensitive and you can only print it if you if you follow these rules to do it and you're not doing that land what are you going to do about it okay here's my response big breath well let me see hey can I get on the same page in you and just um let me see if I really understand what's really important to you and then reframe the discussion is might be one possibility now by the way there's a whole bunch of ways I can handle that but the first step is what everybody misses is create some space numerous people are actually putting in great suggestions on conflict you know check in to see if you're missing something how do you drag a horse to water how do you demonstrate the value of the policies there's numerous approaches you could use but the one thing I think we really miss the most is create space because what happens is there's a whole bunch of logical answers but we're operating on emotions at that point that data steward was operating completely on emotions she might have even had a rational explanation behind why it was important to implement the policy but she's emotional she's acting she's reacting you had some place in the deck about how do you react you don't react you intelligently respond and the only way you can intelligently respond is by creating some space to say oh you know like in this scenario that you were just talking I'm explaining it Bob it's not a role play but it's like oh you know you're upset this is important to you tell me why it's important okay I think that makes a lot of sense but what I want to do is I see there's a lot of questions coming in and we only have until the top of the hour so let's try to get to some of the questions because I think that a lot of the people have questions that we can answer that you can answer in the remaining minutes that we have so I see that there's been a lot of chat going on and there's a lot of Q&A and things it's great thanks everybody for chatting and thanks for putting up with my voice that didn't come in first and just as a reminder these are the things that we talked about today we talked about when is it necessary to have a policy the difference between an active and active policy talked about what does it take to activate it and using the policy to drive governance and lastly getting people to follow a data governance policy and we can certainly continue the conversation on the data community I think it's community.dativersity.net we can certainly continue conversation about that after the webinar so what I want to do is I want to turn it over to Shannon in the time that we have remaining to do some Q&A on what we've talked about today great Bob thank you Lynn for joining us today and thanks to Laia as they said for all the great questions coming in just a reminder to answer the most commonly asked questions I will send a follow-up email for this webinar by end of day Monday with links to the slides and links to the recording so diving right in here could you list some of the common policies which are not related to any specific organization type? oh okay so common policies could be data usage how can I use my data or computer's limitation common policy is access who has entitlement to what access common policy privacy security which are two different things integrity integration policies sharing policies then there's a number of policies that I put in the bucket of process type policies how to do data definitions metrics that you need metrics how to set up issues how to set up the measurements so there's a bunch of policies about setting up certain processes so these are some of the most common ones I've seen and I'll just add to that that any look to what you are trying to accomplish with your data governance program and look to see if there's already a policy that's about that like the example I gave was the protection of sensitive or classified information so if the data is classified in such a way let's focus on a policy first and make certain that we have our ducks in a row as we're getting started it just makes sense and I thought that was a very good question yes and by the way along that I saw one of the chats saying are you talking about what large policy for DG? I actually have seen that but I prefer separate the policies with NDG not one large overarching policy for DG it depends on your organization but that's how I've seen it mostly particular policies with NDG this came in earlier so what do you really mean by passive versus active policy? I've defined that very simply it's something that is in force and that is actually being used if it's in force but nobody has actually paid attention to it it's semantics how you define it but that's what you really want it's not only it's in force but something is being done about it some metrics I'm behind him 100% in what is his answer I don't know anything to add yes and speaking of taxonomies here do you have a preferred policy versus standard is there a difference or do you have a preference? well yeah standards actually can refer to a lot of things we actually use that in a lot of things in data governance like standards for for semantics and things like that when I look at those 3Gs a policy usually a policy refers to the governing part it's not the guide or the guardrails it's usually something that is enforced so standards I prefer a policy even when you look up the etymology of it it fits in terms of what it's really doing regulating and controlling in a community a standard yes it's a good question it's another way to regulate and control but I think there's so many things on standards on data quality standards and process standards and so there's overlap there but I don't think they're the same and I think of the bottom line is to execute and enforce authority it's not going to happen by itself I use this line I'm using it a lot I wrote an article now called the metadata will not govern itself well the fact is that the data will not govern itself so if we're expecting to manage data as an asset for the organization then we might need some backbone, some teeth behind what we're doing and that could be a lot of the time as to when data govern, when a policy is necessary and it might dictate how you're going to activate your policy by the way I saw so many missed point number four I think that was on the five points that I mentioned it was about it was about convectively communicating and I actually give an acronym called share you need to be straight you need to be helpful you need to know your audience you need to know your reason and then I use another acronym wait why am I talking I love it well that brings us right to the top of the hour I'm afraid but the good news is if you keep submitting your questions or if you have additional questions I will get those over to Bob who will write up some answers for us and we'll include that in the follow up email that I will send up by end of day on Monday to all registrants with links to the slides and links to the recording and Lynn thank you so much Lynn thank you for joining us this month it's lots of fun having you on and thanks to all of our attendees for being so engaged in everything we do we just love it I hope you all have a great day thank you everybody thanks so much Bob thank you Shannon thank you everybody for listening alright thank you everybody thanks bye