What We Know So Far: Best Practices in Developing Data Governance Frameworks
Last year, we wrote about some of the issues and discussions around data governance. As data and technology remain increasingly central to how governments, institutions, groups, and individuals all interact with one another and among themselves, we wanted to update our conversation and outline some of the best practices that Development Gateway (DG) has learned through our data governance work.
Data Governance refers to the processes and systems through which an institution manages its data. Data governance guidelines generally include several different elements: principles, roles, responsibilities, related processes, and tools.
The guidelines are composed of a single document or—more often—are outlined across several related documents, frameworks, and policies. Often (but not always) these guidelines will address some or all core issues of data privacy at the same time, such as issues around the safe collection, storage, deletion, and sharing of data gathered in the course of institutional operations.
Best Practices in Developing Data Governance Frameworks
At DG, we have helped organizations think through how they manage their data and supported them to develop data governance frameworks that work in their specific contexts. We have similarly developed frameworks of our own in our projects. Through our Visualizing Insights on Fertilizer for African Agriculture (VIFAA) program, we worked with partners to develop a governance framework that improves trust in data sharing by clarifying how sensitive data would be protected. The Tobacco Control Data Initiative (TCDI), as one of the first DG projects to include primary data collection, has developed program-wide data management protocols to guide end-to-end data management. These latest efforts are built on a deep history of supporting data strategies more broadly and have helped us identify several best practices when it comes to data governance. Below are a few highlights.
1. Map the structures, and mirror pre-existing processes
In creating data governance frameworks, DG begins by understanding existing roles, responsibilities, and tools using interviews to fill in the gaps. After all, there is little use proposing a governance system that is not fundamentally practical for those who will use it and be guided by it. DG has seen the importance of creating data governance processes that mirror an institution’s pre-existing processes when possible; doing so increases the likelihood that individuals at the institution will follow the new processes and security procedures. In 2020, DG and partners worked with the WHO to identify gaps and opportunities to strengthen implementation of their data sharing policies. By mapping the existing structures, we were able to provide clear practical guidance at different levels of the institution that reflected an understanding of the need to build on, rather than add to, existing data management responsibilities.
2. Put stakeholder relationships at the center
Putting stakeholder relationships at the center of data governance frameworks helps connect the dots between mapping existing structures and figuring out how to transform them. DG worked with organizations to help them identify and design risk mitigation strategies through the co-development of data management protocols or memorandums of understanding which safely manage data and maintain trust with data sharing partners. For example, through VIFAA, we developed a data management plan with stakeholders which helped the private sector feel comfortable sharing their data. This plan also doubled as an opportunity to support our partners in strengthening their data management practices.
3. Follow data privacy law or, in its absence, create best practices based on exemplary laws in other contexts
From Kenya to India, countries are adopting national data privacy laws at great speed. However, when there are no local, national, or regional laws that address data governance, DG recommends identifying such laws in other contexts that provide the highest level of privacy protection and security as well as incorporating key guiding principles outlined in these laws. For example, the EU General Data Protection Regulation (GDPR) is one of the most detailed laws and can act as a guide on how to approach storage, sharing, and disposal of data to help frame a rigorous governance approach that satisfies partners worried about their data falling into the wrong hands. Importantly, when the actors create best practices based on GDPR or similar legislation, they must adapt these best practices to the context in which they are working, as certain aspects in the model legislation might not fit.
4. Stay local
When an international organization, governing body, or other institution is gathering data, our recommended best practice is to emphasize keeping the governance of data at the local government level in order to promote data use and strengthen local data ecosystems. DG recommends that this localized ownership of data is planned from the beginning of the data gathering process. Through our work on the Cashew-IN platform in partnership with Cultivating New Frontiers in Agriculture (CNFA) and the US Department of Agriculture, we are working to improve the availability of data for the cashew sector in West Africa. The data governance plan includes working through a steering committee in each country made up of sector stakeholders and MOUs with detailed data gathering/retention guidelines to underscore government ownership of final products. Keeping data decisions at the country level rather than the regional/program level has made stakeholders feel more comfortable to share their data.
5. Build protections into tech
In developing specific technological tools, DG has built location fuzzing into dashboards upon request. For example, understanding the need to protect vulnerable individuals, we designed our Premand Neonatal and Maternal Dashboard to protect sensitive location data while still providing enough data to inform decision-making among stakeholders.
DG’s approach to data governance is to empower local entities to own and govern data when possible and to create data governance plans that go beyond minimum legal requirements.
What’s Next in Data Governance?
Creating for Context
Conversation around data governance is moving toward how to create “fit for context,” sector-specific approaches in data governance frameworks. For example, the health sector has historically seen a wealth of detailed protocols (in part because of the high stakes nature of sensitive health data). One of the next major frontiers for sector-specific data governance frameworks is in agriculture. A proliferation of mobile and web-based applications are increasingly collecting farmer data. Guidance is still evolving on how to ensure farmers gain the most benefit (i.e., improved efficiency in supply chains) and not the downsides (i.e., risks to land ownership, exploitation, etc.).
We are starting to explore this in work with USAID that maps farmer-centric data governance models and with IFAD, as they seek to scale digital agriculture approaches across their programs. We are hoping to “watch this space” to see whether and how these program-by-program approaches scale into national and regional policy frameworks. (Learn more about our farmer-centric data governance work here.)
Protecting the Local while Informing the Regional and Global
Thanks to the way corporations work across borders, it is no longer uncommon to see data collected in country A and stored in country B while influencing decision-making in country C. However, because of data localization policies, barriers are often created in sharing this data, and these barriers stymie the subsequent decision-making and policy-making this data could inform. (There is a robust conversation in the private sector about how these barriers to data flows can impact innovation.)
What does the existence of these barriers mean in the open data/development space? After all, in this space, we think about improving regional linkages (e.g., regional crop supply chains such as fertilizer or cashews) which could increasingly require combining data across borders in order to get a fuller picture. However, sharing data across borders also, rightfully, provokes concerns around privacy.
Kenya has started to tackle these thorny issues in the development of accompanying regulations for its data privacy law. DG has worked with the Centre for Intellectual Property and Information Technology Law (CIPIT) at Strathmore to weigh in on several draft regulations on these issues. We have a long way to go to see what restraints make it into the final regulations and how these will be enforced.
Emerging Technologies
Last, but not least, what will it look like to transform emerging technologies such as blockchain, artificial intelligence, and machine learning into practical tools that communities and government officials can use to shape decisions in their daily lives and ensure that governance and privacy models are fit for these new technologies? At DG, we have seen how machine learning models can bypass labor intensive mapping to produce whole countries’ cropland usage with high levels of accuracy.
How could or should this affect who owns, uses, updates, and discards the data behind these models? We are looking forward to these conversations and how these can add to ongoing approaches to finding a balance between innovation and protection.
Conclusion
Data governance approaches are proliferating at national, regional, and international levels, almost faster than we can keep up with. Over the past few years at DG, we have zeroed in on some of the practices that we believe work—namely, centralizing mapping, stakeholder relationships, local ownership, and privacy-forward technology—to help us develop and support strong data governance frameworks. We hope to carry these lessons forward as the governance space continues to shift, addressing new challenges (and opportunities) that arise within specific sectors, across borders, and facing exciting emerging technologies. We will continue to share what we learn as we encounter evolving data governance challenges and hope that you will engage us in conversation as well!
Photo Credit: Donald Giannatti
Share
Recent Posts
Diving into the DaYTA Program’s Data Collection Process
This blog explores key insights from the DaYTA program, offering practical guidance for researchers on effective data collection, overcoming field challenges, and leveraging local partnerships to enhance tobacco control efforts. This piece is especially timely following DaYTA’s workshop convening all 3 study country stakeholders to review the survey results and strategize on how best to disseminate this data to target audiences. This workshop took place from in Lagos, Nigeria, from November 18-20th.
Demystifying interoperability: Key takeaways from our new white paper
This blog post gives an overview on our latest paper on interoperability, implementing interoperable solutions in partnership with public administrations. Based on over 20 years of DG’s experience, the paper demystifies key components needed to build robust, resilient, and interoperable data systems, focusing on the “how” of data standardization, data governance, and implementing technical infrastructure.
More Smoke, More Stroke
In honor of this year’s World Stroke Day, observed annually on October 29th, this piece aims to raise awareness of the substantial burden of non-communicable diseases–particularly stroke incidents–using the case study of Nigeria, one of the main tobacco production hubs on the continent, in addition to Kenya.