5 data governance lessons from gardening
If you don’t know what data you have, how can you manage it effectively and generate value from it?
With continued growth and a series of fast-paced bank acquisitions and mergers, BBVA Compass’s data grew to over 2.5 petabytes (PB) of data. Much of the data was spread across shared network drives and various legacy and new systems with disparate classifications and structures. With these mergers, employees from the acquired companies that owned the data took up new roles elsewhere, leaving us at BBVA Compass with little understanding of the data we had acquired.
All these data growth and acquisition challenges required us to rethink our data governance strategy. We simply didn’t have the visibility we needed to make sure that data was being managed and used properly. Our first priority was to eliminate that risk and make key decisions to help improve our compliance.
Data governance challenges
Tackling our data governance challenges required addressing how to:
- Identify undefined or unknown data
- Reduce risk by classifying and structuring data
- Manage data throughout its information lifecycle
- Enforce regulatory compliance
- Drive new business insights
I’m an avid gardener, so I thought I would use a gardening analogy to share how the bank approached its data governance challenges:
1. Prep the soil.
One of the first things we did was to create a foundation for data governance. Similar to prepping soil for gardening, we needed to remove the rocks and obstacles that would create problems with creating a deep-rooted change.
It was critical to make sure that our employees knew who my team was, what we do, why we do it and how we do it to build trust and get them on board with this transformation. Understanding the data and applying consistent policies and procedures for lifecycle management (retention, archiving and disposal) was a top priority.
To do that, we reviewed all of our policies and brought them up to date. We documented them in a central repository as part of our data governance journey to reduce risk, adhere to compliance regulations and drive new insights about our data.
A data enterprise transformation also requires changing the way users think about and work with information. Our teams needed to recognize the mission and goals of our Information Lifecycle Management group and what value we could bring to users. Implementing new policies and procedures helped provide a trusted source of data and peace of mind for users.
2. Build a support system.
Growing vegetables means adding support systems for the plants to lean on. Tomato cages and netting help support the plants as the harvest starts to grow. We also needed that type of support.
We looked at other areas that could impact our implementation, such as data security and data governance, to ensure we didn’t break any rules or processes. Our legal team also enabled us to augment controls and ensure standards were met. With this support, we then focused on how reducing risk. We did so by grouping and streamlining data and information to support compliance requirements such as PCI, PII, HIPAA and GDPR.
How do you identify the data you have in different repositories? How do you manage structured and unstructured data? How do you automate data disposition? How do you derive more insights and increase the value of the data for users across the enterprise?
You “plant” the tools that will best support your goals. It’s important to choose tools with a view of the big picture. Often, tools are put in place to achieve a single goal. Governance tools have far reaching impact, so it’s important to understand how they can be used across teams.
For example, IBM Stored IQ gave my team the ability to search for data to be moved to IBM FileNet for long-term retention management. We also could use that tool for searching for legal, compliance and audit needs. When introducing IBM Stored IQ, it was beneficial to show how it could give us ROI in other areas.
Our implementation needed to be a Unified Governance and Integration Platform that would supply repeatable and systematic support. Data governance helped us apply consistent retention policies and automate our data disposition. This resulted in better compliance and less risk for the bank. The IBM suite was best suited for our needs and decreased the complexity of our environment.
Historically, we had been good at holding on to data, but hesitant when it came to disposing of data at the end of its retention period. Driving a rigorous approach to archiving helped the bank retire or dispose of inactive structured data. By introducing a governance program, we also helped our users feel confident they were doing the right thing when they disposed of data.
To maintain our security standards, we deployed obfuscation and masking to reduce hacking and threats. This was how we “weeded” our data to make sure we removed redundant, obsolete and transitory (ROT) data that had met our regulatory and business need. We also created an environment that helped us present the data our users needed when they needed it.
By creating a repeatable, automated, and systematic approach to managing our data, we maintained proper “watering” by making it seamless for our users. We also ensured we continued to monitor security controls to ensure we protected the data we maintained.
5. Reap your harvest.
How do I know when my harvest is ready? It’s when this process is so seamlessly integrated with users that they don’t even think about the processes. When we take control of our data instead of it controlling us, we’ve achieved the highest success.
In one bank acquisition, we inherited 50 terabytes of data and an ongoing FDIC investigation. There was difficulty finding the data requested by the FDIC due to the loss of key staff during the acquisition.
The IBM StoredIQ solution helped us index the data and search it using keywords. We found the data the FDIC was asking for. This was a huge win for my team and showcased the return on investment with our data governance tools. It also showed us the power and capability of the tool.
We also realized the extent of uses for Stored IQ. We can use it for e-discovery requests, audits, and future regulatory examinations. It will be critical for achieving our compliance efforts and crucial for abiding by GDPR and California Consumer Privacy Act requirements.
All of these steps helped shape a stronger data governance foundation with true lifecycle management around the data. Taking control of our data helped BBVA Compass reduce risks, identify cost savings, increase the value of our data and seize new opportunities.