Q2 | Torys QuarterlySpring 2024

Why good data governance makes for good corporate governance

Authors

Business leaders are well aware that data is a strategic asset for virtually all organizations. Businesses collect and create data assets to stay competitive in the marketplace and use it to make informed decisions. In turn, organizations need frameworks to ensure that data is managed securely, ethically, and in compliance with legal and regulatory requirements in order to protect its value and prevent financial loss and reputational harm.

Integrating data governance into the boardroom

In a global survey of directors and officers, 82% of North American respondents cited cybersecurity as a top concern, and data loss followed closely behind with 80% of respondents identifying it as a very to extremely important risk1. With the increasing value and material risk associated with data, there is a growing imperative for corporate governance and risk management frameworks to incorporate data governance. While some organizations continue to frame data governance as a siloed compliance or records management responsibility, the importance of protecting data value (and the impact that mismanagement of data can have on many organizations from a growth, value and business continuity perspective) warrants a cross-functional approach with executive and board oversight.

So, why is data governance better viewed as an element of corporate governance?

  • Data governance refers to the internal processes, policies and controls that govern how data is collected, stored, processed, and destroyed within an organization. At its core, data governance is about enabling organizations to maximize the value of data assets while minimizing associated risks.
  • Corporate governance provides overarching frameworks of policies and procedures to guide decision-making, ensure accountability and advance the best interests of the company.
  • Integrating data governance into the corporate governance umbrella ensures that data-related decisions align with broader business strategy and processes to further the best interests of the organization, and that they have had requisite attention from the board and management. The focus for corporate leaders should be to ensure that policies and procedures are in place to address and manage data governance across an organization.

Putting a robust data governance framework in place

An effective data governance framework will capitalize on data-related opportunities while mitigating the business and legal risks associated with how it is used and protected. As these risks and opportunities are closely related to growth, third-party risk and legal compliance strategies, corporate leaders at the management and board level would be wise to include data governance as part of the overall corporate governance framework.

Staying agile as regulation evolves 

A well-defined data governance framework will allow an organization to adhere to data protection regulations and rapidly adapt to new regulations. To this end, companies need to establish clear processes, policies and controls to track and monitor sensitive data, implement appropriate security measures and respond to regulatory inquiries and audits. For example, a traditional records management strategy based on the storage and deletion of paper files will require extensive adaptation to support a use case for using corporate data for AI initiatives in the face of evolving AI regulation in Canada and globally.

A well-defined data governance framework will allow an organization to adhere to data protection regulations and rapidly adapt to new regulations.

A data management strategy aligned with 1) the corporate governance framework for identifying revenue propositions, 2) legal restrictions, and 3) the organization’s internal values (accompanied by clear guidance on roles and responsibilities within the organization) is much better positioned to evolve as the legislative landscape continues to change.

Innovation and development

Data governance supports innovation and development by guiding an organization’s engagement with technology and data assets. Corporate leaders can harmonize the protections afforded by sound corporate governance frameworks to capitalize on the analytics and insights available via emerging technologies while reducing the potential risks associated with data by guiding the ethical use of emerging technologies, such as AI and biometric-based authentication tools.

Holistic strategies for privacy and cybersecurity

In the current environment, cybersecurity incidents and data breaches do not just raise legal compliance considerations—they can have significant impacts on business continuity, corporate transactions and growth targets. Accordingly, privacy and cybersecurity policies should not be assessed in isolation but should be incorporated into an organization’s holistic risk management strategy. These policies ought to provide guidance to boards and management on how to make difficult, time-sensitive decisions that support the best interests of the organization. For example, an organization’s vendor risk management framework should align with its business continuity, disaster response, privacy and cybersecurity incident response procedures, and the cross-functional roles should be defined consistently with the broader corporate governance strategy for effective decision-making.

Key takeaways

Data governance supports the objectives of corporate governance by promoting accountability, transparency and value creation through effective management of data assets. It represents a proactive approach to managing data-related risks, ensuring regulatory compliance and harnessing the full potential of data assets to drive innovation and growth. It also ensures that the strategic use of data aligns with the broader goals of the organization. By integrating data governance into broader corporate governance frameworks, corporate leaders are empowered to make decisions about data to further growth and innovation in the best interests of the company.


  1. WTC, “Global Directors’ and Officers’ Survey Report 2024”, March 19, 2024: https://www.wtwco.com/en-us/insights/2024/03/global-directors-and-officers-survey-report-2024.

To discuss these issues, please contact the author(s).

This publication is a general discussion of certain legal and related developments and should not be relied upon as legal advice. If you require legal advice, we would be pleased to discuss the issues in this publication with you, in the context of your particular circumstances.

For permission to republish this or any other publication, contact Janelle Weed.

© 2024 by Torys LLP.

All rights reserved.
 

Subscribe and stay informed

Stay in the know. Get the latest commentary, updates and insights for business from Torys.

Subscribe Now