Shannon Noonan: How to Develop Governance for Data Management and User Access
Summary
Shannon Noonan, CEO of HiNoon Consulting, argues that data governance often fails due to a lack of end-to-end visibility, leading to data overexposure, regulatory issues, and reputational risks. She stresses that governance should be designed as a lifecycle, addressing the need to rebuild good habits around data management and user access. Noonan highlights the disconnect between data management teams, who set standards for data storage, and fragmented access management across various systems.
Her approach begins with a practical form of e-discovery – mapping data flows to understand what data exists, where it resides, and how it moves. She advocates for mapping data *before* implementing security controls, as controls are only effective when anchored in a clear understanding of the data lifecycle. A key barrier to effective governance is fragmented ownership, where no single entity oversees data from beginning to end. This can lead to unintended access permissions and security vulnerabilities.
Noonan illustrates these challenges with examples, such as a HIPAA compliance issue where a seemingly anonymized dataset was re-identifiable through a report containing a generic identifier. Looking ahead, she anticipates that AI will both simplify mapping and introduce new risks through data centralization, potentially expanding access to sensitive information. Ultimately, Noonan advocates for building governance into processes from the start, rather than retrofitting it, to ensure organizations know what data they have, who can access it, and that those decisions are justifiable.
(Source:Techbullion)