What We Know So Far: Best Practices in Developing Data Governance Frameworks

August 18, 2022 Global Data Policy
Beverley Hatcher-Mbu, Analisa Goodmann
Explainer

Last year, we wrote about some of the issues and discussions around data governance. As data and technology remain increasingly central to how governments, institutions, groups, and individuals all interact with one another and among themselves, we wanted to update our conversation and outline some of the best practices that Development Gateway (DG) has learned through our data governance work.

Data Governance refers to the processes and systems through which an institution manages its data. Data governance guidelines generally include several different elements: principles, roles, responsibilities, related processes, and tools.

The guidelines are composed of a single document or—more often—are outlined across several related documents, frameworks, and policies. Often (but not always) these guidelines will address some or all core issues of data privacy at the same time, such as issues around the safe collection, storage, deletion, and sharing of data gathered in the course of institutional operations. 

Best Practices in Developing Data Governance Frameworks

At DG, we have helped organizations think through how they manage their data and supported them to develop data governance frameworks that work in their specific contexts. We have similarly developed frameworks of our own in our projects. Through our Visualizing Insights on Fertilizer for African Agriculture (VIFAA) program, we worked with partners to develop a governance framework that improves trust in data sharing by clarifying how sensitive data would be protected. The Tobacco Control Data Initiative (TCDI), as one of the first DG projects to include primary data collection, has developed program-wide data management protocols to guide end-to-end data management. These latest efforts are built on a deep history of supporting data strategies more broadly and have helped us identify several best practices when it comes to data governance. Below are a few highlights.

 

1. Map the structures, and mirror pre-existing processes

In creating data governance frameworks, DG begins by understanding existing roles, responsibilities, and tools using interviews to fill in the gaps. After all, there is little use proposing a governance system that is not fundamentally practical for those who will use it and be guided by it. DG has seen the importance of creating data governance processes that mirror an institution’s pre-existing processes when possible; doing so increases the likelihood that individuals at the institution will follow the new processes and security procedures. In 2020, DG and partners worked with the WHO to identify gaps and opportunities to strengthen implementation of their data sharing policies. By mapping the existing structures, we were able to provide clear practical guidance at different levels of the institution that reflected an understanding of the need to build on, rather than add to, existing data management responsibilities.

2. Put stakeholder relationships at the center

Putting stakeholder relationships at the center of data governance frameworks helps connect the dots between mapping existing structures and figuring out how to transform them. DG worked with organizations to help them identify and design risk mitigation strategies through the co-development of data management protocols or memorandums of understanding which safely manage data and maintain trust with data sharing partners. For example, through VIFAA, we developed a data management plan with stakeholders which helped the private sector feel comfortable sharing their data. This plan also doubled as an opportunity to support our partners in strengthening their data management practices. 

3. Follow data privacy law or, in its absence, create best practices based on exemplary laws in other contexts

From Kenya to India, countries are adopting national data privacy laws at great speed. However, when there are no local, national, or regional laws that address data governance, DG recommends identifying such laws in other contexts that provide the highest level of privacy protection and security as well as incorporating key guiding principles outlined in these laws. For example, the EU General Data Protection Regulation (GDPR) is one of the most detailed laws and can act as a guide on how to approach storage, sharing, and disposal of data to help frame a rigorous governance approach that satisfies partners worried about their data falling into the wrong hands. Importantly, when the actors create best practices based on GDPR or similar legislation, they must adapt these best practices to the context in which they are working, as certain aspects in the model legislation might not fit.  

4. Stay local

When an international organization, governing body, or other institution is gathering data, our recommended best practice is to emphasize keeping the governance of data at the local government level in order to promote data use and strengthen local data ecosystems. DG recommends that this localized ownership of data is planned from the beginning of the data gathering process. Through our work on the Cashew-IN platform in partnership with Cultivating New Frontiers in Agriculture (CNFA) and the US Department of Agriculture, we are working to improve the availability of data for the cashew sector in West Africa. The data governance plan includes working through a steering committee in each country made up of sector stakeholders and MOUs with detailed data gathering/retention guidelines to underscore government ownership of final products. Keeping data decisions at the country level rather than the regional/program level has made stakeholders feel more comfortable to share their data.

5. Build protections into tech

In developing specific technological tools, DG has built location fuzzing into dashboards upon request. For example, understanding the need to protect vulnerable individuals, we designed our ​​Premand Neonatal and Maternal Dashboard to protect sensitive location data while still providing enough data to inform decision-making among stakeholders.

The DG Approach

DG’s approach to data governance is to empower local entities to own and govern data when possible and to create data governance plans that go beyond minimum legal requirements.

What’s Next in Data Governance? 

Creating for Context

Conversation around data governance is moving toward how to create “fit for context,” sector-specific approaches in data governance frameworks. For example, the health sector has historically seen a wealth of detailed protocols (in part because of the high stakes nature of sensitive health data).  One of the next major frontiers for sector-specific data governance frameworks is in agriculture. A proliferation of mobile and web-based applications are increasingly collecting farmer data. Guidance is still evolving on how to ensure farmers gain the most benefit (i.e., improved efficiency in supply chains) and not the downsides (i.e., risks to land ownership, exploitation, etc.). 

We are starting to explore this in work with USAID that maps farmer-centric data governance models and with IFAD, as they seek to scale digital agriculture approaches across their programs. We are hoping to “watch this space” to see whether and how these program-by-program approaches scale into national and regional policy frameworks. (Learn more about our farmer-centric data governance work here.)

Protecting the Local while Informing the Regional and Global

Thanks to the way corporations work across borders, it is no longer uncommon to see data collected in country A and stored in country B while influencing decision-making in country C. However, because of data localization policies, barriers are often created in sharing this data, and these barriers stymie the subsequent decision-making and policy-making this data could inform. (There is a robust conversation in the private sector about how these barriers to data flows can impact innovation.)

What does the existence of these barriers mean in the open data/development space? After all, in this space, we think about improving regional linkages (e.g., regional crop supply chains such as fertilizer or cashews) which could increasingly require combining data across borders in order to get a fuller picture. However, sharing data across borders also, rightfully, provokes concerns around privacy.

Kenya has started to tackle these thorny issues in the development of accompanying regulations for its data privacy law. DG has worked with the Centre for Intellectual Property and Information Technology Law (CIPIT) at Strathmore to weigh in on several draft regulations on these issues. We have a long way to go to see what restraints make it into the final regulations and how these will be enforced. 

Emerging Technologies

Last, but not least, what will it look like to transform emerging technologies such as blockchain, artificial intelligence, and machine learning into practical tools that communities and government officials can use to shape decisions in their daily lives and ensure that governance and privacy models are fit for these new technologies? At DG, we have seen how machine learning models can bypass labor intensive mapping to produce whole countries’ cropland usage with high levels of accuracy.

How could or should this affect who owns, uses, updates, and discards the data behind these models? We are looking forward to these conversations and how these can add to ongoing approaches to finding a balance between innovation and protection. 

Conclusion

Data governance approaches are proliferating at national, regional, and international levels, almost faster than we can keep up with. Over the past few years at DG, we have zeroed in on some of the practices that we believe work—namely, centralizing mapping, stakeholder relationships, local ownership, and privacy-forward technology—to help us develop and support strong data governance frameworks. We hope to carry these lessons forward as the governance space continues to shift, addressing new challenges (and opportunities) that arise within specific sectors, across borders, and facing exciting emerging technologies. We will continue to share what we learn as we encounter evolving data governance challenges and hope that you will engage us in conversation as well! 

Photo Credit: Donald Giannatti

Share

Recent Posts

Thinking of Investing in a Data Ecosystem for Sustainable Development?

Many factors must be considered before investing in a data ecosystem for sustainable development, including the objective of the assessment, the focus level, and specific goals for data outputs. IREX’s Jesus Melendez Vicente and DG’s Carmen Cañas would like to share a few insights and questions to help you get started, including a curated list of tools for data ecosystem assessments.

September 27, 2022  
Announcing: Data-Driven Decision-Making Mapping in Education

Development Gateway: an IREX Venture (DG) and IREX, in partnership with the Hewlett Foundation, are pleased to announce a new research program supporting data-driven decision-making in education in East and West Africa. This two-year, $300,000 project to map education data and decision ecosystems in Kenya and Senegal will focus on the variety of administrative, census, and survey data collected to implement and monitor primary and secondary education. The goal is to holistically understand the barriers to more effective data collection, sharing, interoperability, and use. By understanding the barriers, we can better design support for more robust education data ecosystems that drive better learning outcomes.

September 22, 2022  
Exploring Digital Transformation & Emerging Technology

Our final episode of "Data… for What!?" about our strategic plan Josh Powell speaks with Fernando Ferrayra and Annie Kilroy about digital transformation, ways to center the user, and our approach to emerging technologies.

September 20, 2022 Process & Tools