Leading in data by asking the right questions

Two business professionals work in data center_03.jpg

I recently met with the CTO of a major public utility. This individual is responsible for all of the data and technology that supports the safe delivery of clean, affordable, reliable energy to a major metropolitan area. We discussed a wide range of topics before turning to his current efforts to establish a data governance strategy.

He had some initial success with organizing a data governance committee, made up of data practitioners from across the organization. They met several times and agreed to some standards and policies.

While he was proud of his work, he was struggling to get leadership attention on the need for enterprise data governance. He argued (correctly, in my opinion) that to unleash the power of their data and better serve their citizens, they needed governance. Apparently, however, the idea didn’t yet resonate at the CXO level.

He asked what I’ve seen in my career that might help turn things around.

Leading through questions
I shared an approach I used in prior organizations referred to as “leading through questions“. Over my career, I found that when you ask leaders questions, their eyes open when they realize they lack important information. This is especially true if you frame the conversation around cost and risk.

When it comes to data management, we all need to work towards a culture of data stewardship. This enhances data quality and increases the opportunity for us to do great things with our data. However, like all culture change, it must start at the top, which is where I begin my questions.

What's most important in your organization's data?
I first like to ask a leader what they consider to be their most important data. It’s an open-ended question and usually results in a bit of debate. It might be data about program beneficiaries, research data or information related to policymaking. The answer matters less than its ability to get them thinking about stewardship of that data.

Where is your organization's data stored?
I next ask them if they know the location of their data. Often, they know that it’s in a particular data center or in a Cloud, which is a sign of a more engaged leader.

The questions then become more challenging.

How is your organization's data protected?
The most basic tenant of data management is that if you have data, you need a copy of that data in case something bad happens. Rarely has a leader been able to answer any questions about their backup and recovery process. Nor do they have any awareness of how many copies of the data they have. They also don’t know how long they keep the copies. I also like to ask if the leader knows who has access to all those copies of data. Short answer, they don’t.

Effective copy data management is extremely challenging. Maintaining unneeded data is expensive and creates undue risk for an organization. These are key points that are sure to get the leader’s attention.

How is your organization's data secured?
Another good follow up question is about the way the organization secures its data. Is sensitive data encrypted at rest or in transit?

Data sharing between federal, state and local agencies is increasing but fraught with challenges. It is not enough to know how your organization secures its data. The leader must also care about how their trading partners protect it. An adversary will attack your weakest link. If they cannot get to the data they want in your organization, bad actors will target your data supply chain. The National Institute of Standards and Technology (NIST) is incorporating these concepts into the next version of the Risk Management Framework.

"I'll take Data Management for $500, Alex."
At this point, it’s often clear to the leader that they do not understand enough about their data.

You now have the opportunity to frame this lack of awareness in terms of cost and risk. Ask the leader how much it costs to store the data copies, especially the ones they no longer need. Then ask about the risk that the data contains sensitive information, like PII or PHI, which, if lost, could bring negative consequences to the organization. Routinely, these questions result in the leader asking more questions of their team.

Final thoughts
Leaders are responsible for understanding their data, even if they don’t have all the answers. At a minimum, they should create a culture of strong data stewardship and governance capable of answering these questions.

For my CTO colleague, I predict that “leading through questions” will get the attention of his CXO colleagues. As his organization embraces enterprise data governance, it will produce real benefits for the citizens they serve, and their new question will be why it took them so long.

This content was originally published by GovLoop on September 10th, 2018, and the original article can be found here via govloop.com.

GL_Featured_Contributor_Badge_02_300x300.png