Confused about data governance, privacy & security?

Michael Queenan, co-founder and CEO of Nephos Technologies, explains the difference between these three business critical data strategy principles. 
Michael Queenan, co-founder and CEO of Nephos Technologies, explains the difference between these three business critical data strategy principles. 

Data governance, data privacy and data security. Core to every organisation’s data strategy and a boardroom responsibility, their natural overlap often causes confusion for non-specialists. Let’s simplify what each of these three terms mean for your business. 

1. What is data governance? 

This is the starting point and bedrock for a strong data strategy. The lynchpin to everything. Fail to establish solid data governance and you’re unlikely to achieve adequate levels of data privacy or data security. 

Technology analysts Gartner define data governance as “the specification of decision rights and an accountability framework to ensure the appropriate behaviour in the valuation, creation, consumption and control of data and analytics.” 

In plain English, data governance is establishing formal rules within your organisation for 1) who has authority over 2) which data assets and 3) how those assets can be used.  

Although selective areas of your business may do this to some degree, data governance is all about treating data holistically across the organisation. So, as a business, you need to determine the methods, responsibilities and processes so that data can be formally standardised, integrated, protected and stored. 

Business benefits of good data governance

This systematic, cross-business approach will minimise risks and keep you in control. It will also:

  • establish clear internal policies, metrics and processes for better compliance 
  • increase the value of your data 
  • prepare the business to scale up

2. What is data privacy? 

With data governance in place, step two is to apply privacy controls to your business. This means 1) protecting the privacy of any personal data that your organisation stores or processes and 2) being able to prove that you comply with the law in this respect. 

Data privacy generally applies to personally identifiable information (PII) and personal health information (PHI) connected to your customers and prospects but can extend to your partners, staff, suppliers and so on. 

The latest General Data Protection Regulation (GDPR) insists that businesses do this with transparency and simplicity. For example, it needs to be clear to customers or users:

  • what information you are collecting
  • who is collecting it
  • how it is collected
  • why it is being collected
  • how it will be used
  • who it will be shared with
Why data privacy is an important focus for your business 

Data are possibly the biggest assets a business owns, so it’s key that you nail these aspects in terms of business asset management and regulatory compliance. The fallout of a failure to protect customer data privacy can ring the death knell for a business. The trust you worked so hard to build up can be wiped out overnight.  

3. What is data security? 

Data security refers to the processes and tools that protect sensitive information assets so they are secure and available. 

In the real world, it’s about protecting the hardware in your office, at home, at your data storage or backup centre, or the laptop in your staff member’s backpack as they’re cycling to a meeting. 

In the digital world, it’s protecting digital information from corruption, unauthorised access and theft. That’s anything from securing against basic human error to dealing with a cyber security attack and ransomware. 

When protecting personal data, four key security methods include:

  • Encryption so that personal data are difficult to read or alter by unauthorised parties
  • Masking so data appear to have a lower value
  • Deletion from your systems when data are no longer legally active
  • Backup copies of data, so they are recoverable even if the original data are corrupted or stolen. 

The internationally recognised Cyber Security Framework from the US Commerce Department’s National Institute of Standards and Technology (NIST) is the foundation of most standards. It breaks the framework into five actionable areas. Your business needs to be able to: 

  1. IDENTIFY your weak spots. Audit your systems and services – your assets, data, people, data flows etc. This will allow you to identify where you might be vulnerable to hacks or breaches.
  2. PROTECT your systems and services according to how critical and sensitive each one is. 
  3. DETECT security anomalies in real time through monitoring and alerting.
  4. RESPOND to an attack or breach according to an established protocol – be clear on who should do what and when.
  5. RECOVER your systems and services should the worst happen. Plan your recovery, including agreeing the order of recovery of systems and services.  


American journalist Edward R. Murrow wrote, “Anyone who isn’t confused really doesn’t understand the situation.” However, hopefully, data governance, data privacy and data security will seem less confusing now.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of data governance, News, Confused about data governance, privacy & security?

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

AI alignment: teaching tech human language

Daniel Langkilde • 05th February 2024

However, Embodied AI refers to robots, virtual assistants or other intelligent systems that can interact with and learn from a physical environment. In order to do this, they’re built with sensors that can gather data from their surroundings, with this they also have AI systems that help them analyse data they collect, and ultimately learn...

CARMA announces acquisition of mmi Analytics

Jason Weekes • 01st February 2024

CARMA announces acquisition of mmi Analytics, expanding expertise in Beauty, Fashion, and Lifestyle sectors The combined organisation is set to redefine the landscape of media intelligence, providing unparalleled expertise and comprehensive insights for PR professional and marketers in the exciting world of beauty, fashion and lifestyle.

Managing Private Content Exposure Risk in 2024

Tim Freestone • 31st January 2024

Managing the privacy and compliance of sensitive content communications is getting more and more difficult for businesses. Cybercriminals continue to evolve their approaches, making it harder than ever to identify, stop, and mitigate the damages of malicious attacks. But, what are the key issues for IT admins to look out for in 2024?

Revolutionizing Ground Warfare Environment with Software-Enabled Armored Vehicles

Wind River • 31st January 2024

Armoured vehicles which are purpose-built for mission-critical operations are reliant on control systems that provide deterministic behaviour to meet hard real-time requirements, deliver extreme reliability, and meet rigorous security requirements against evolving threats. Wind River® has the partners and the expertise, a proven real-time operating system (RTOS), software lifecycle management techniques, and an extensive track...

The need to prove environmental accountability

Matt Tormollen • 31st January 2024

We are currently in the midst of one of the most consequential energy transitions since records began. The increasing availability of clean electrons has motivated businesses in the UK and beyond to think green. And for good reason. Being environmentally conscious attracts customers, appeases regulators, retains staff, and can even gain handouts from government. The...

Fuelling Innovation in Aftermarket

Jim Monaghan • 31st January 2024

One section of the motor trade is benefitting from the cost-of-living crisis: with consumers keeping their cars for longer, independent repairers are in huge demand. But they are also under pressure. Older cars need more repairs. They require more replacement parts, tyres and fluids. With car owners looking for value and a fast turn-around, independents...

The return of the five-day office week

Virgin Media • 25th January 2024

Virgin Media O2 Business has today published its inaugural Annual Movers Index, revealing four in ten companies are back to the office full time, despite widespread travel delays and disruptions With 2023 cementing the cost-of-living crisis, second hand shopping and public transport use surged as Brits sought to save money Using aggregated and anonymised UK...