Inside: Establishing a Data Governance Committee as part of 2014 strategic priorities
The ability to control costs, timing and the nuances of any required culture change can place the company in a strong position to align the organization in the prioritization of data governance.
January 27, 2014 at 03:00 AM
4 minute read
The original version of this story was published on Law.com
In our first column of this series, we discussed why it is in the best interest of general counsel to cultivate successful relationships with the company's chief information officer and IT staff. Not only does a collaborative approach benefit the operational efficiencies of each respective department, but in an era where data breaches top national headlines on a regular basis, a team-minded system to dealing with security and privacy issues makes these corporate governance challenges easier to handle.
When a positive interdepartmental relationship has been established, successful GCs create a culture of data responsibility, accountability and sustainability. How does a GC institutionalize good data governance so that, when bad things happen to the company, the legal department can respond appropriately, or better yet, avoid crisis events?
Proactive data governance planning is the most effective defense. The ability to control costs, timing and the nuances of any required “culture change” can place the company in a strong position to align the organization in the prioritization of data governance in advance of any crisis.
Establishing the Data Governance Committee's objectives and responsibilities
To do this successfully, the company should establish a Data Governance Committee (DGC) within the institution. The DGC's primary duty is to ensure responsibility, accountability and sustainability of data practices. The framework for effective data governance planning contemplates the personnel, technology and policies and procedures necessary to ensure the preservation, availability, security, confidentiality and usability of the company's data. Furthermore, a DGC encourages strategic thinking and the creation of opportunities surrounding the appropriate use of data within the organization.
Key steps are establishing roles and objectives for the DGC. These should be clearly articulated in the form of a governance charter and should be well understood by the key members of the DGC.
The group should focus on establishing data standards for privacy and information security, records management, employee data, trade secret and intellectual property protection, e-discovery and litigation readiness and vendor management. Such policies must include a comprehensive set of rules, policies and procedures governing the proper use and disposal of the company's data. The DGC will be the decision-makers when issues arise related to data use and the DGC will consider the appropriate level of risk allocation, assuring that insurance and contractual risk transfer in connection with data risks.
Finally, the DGC can be a powerful tool for setting the tone within the company, establishing the internal top-down support for helping to ensure that employees are properly educated and trained about responsibility related to data and institutionally appropriate practices in the collection, use and disposal of data. The DGC should also develop appropriate channels through which employees can express concern and identify potential risks.
Composition of the committee
Choosing members of the DGC is crucial in ensuring the ultimate success of the committee. Members must comprise a cross-functional team, including representatives of executive management who can appreciate the role of data in the long-term objectives of the organization.
The DGC should include members of executive management, and representatives from the IT, marketing and legal departments, as each of these departments have jurisdiction over spheres of the company that are most likely to be affected by a data governance strategy.
Through participation in the DGC, representatives can closely coordinate to accomplish the established objectives and goals of the company in the context of data governance. Each of the team members has a crucial role in ensuring their respective jurisdictions are properly represented in the data governance process.
Roles and responsibilities
The roles and responsibilities of the DGC are to:
- Establish direct reporting to the most senior corporate governance tier of company, as there should be oversight of data governance at the highest levels of the company.
- Evaluate and respond to internal proposals relating to the use of data and information in connection with data mining, behavioral targeting and data analysis.
- Monitor implementation and compliance of processes, and, when appropriate, propose revisions to policies and procedures adopted by the company.
- Provide oversight to senior management, the chief technology officer and company employees in their efforts to reinforce good business practices and maintain legal compliance.
- Be frequently and timely informed of compliance activities, training activities, communications programs, compliance audit reports and reports of alleged violations of the company's data governance policies.
- Conduct annual evaluations of the company's data governance practices.
- Consult with any advisors they deem necessary to ensure that the company conducts its business activities in compliance with the law.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllFatal Shooting of CEO Sets Off Scramble to Reassess Executive Security
5 minute readBen & Jerry’s Accuses Corporate Parent of ‘Silencing’ Support for Palestinian Rights
3 minute readShareholder Activists Poised to Pounce in 2025. Is Your Board Ready?
Regulatory Upheaval Is Coming. How Businesses Prepare and Respond Will Separate Winners and Losers
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250