data governance articles

A Key EIM Partnership: Data Governance and Legal

By FSFP

Since I first wrote this Information Management article almost two years ago, the topic of a partnership between the data governance (DG) and legal areas has become even more important.

Ever-increasing laws and regulations around data make it more critical today for the groups to work well together. Legal’s core capabilities of understanding these laws and regulations — and being able to interpret them within the use cases that drive the business — make it a key partner for DG. When DG understands and even appreciates Legal’s focus, its initiatives can thrive. But learning how to be an effective partner takes effort and continuous attention to making the relationship work. My experience is that the effort is well worth it for DG, as it can bring tremendous value in the broader interactions with the business.

Now, here’s the reblog of my article — and thanks to Information Management for the permission for us to do so.

As data governance becomes increasingly part of the business (rather than an offshoot of IT), it must proactively seek to build links with other areas of the enterprise.

Two paradigms dominate the IT mindset: the drive to build and maintain a technical environment and reacting to requirements provided by business users. Neither of those paradigms involve proactively engaging with other areas of the business, and to the extent that DG was conceived in IT, it must discard these paradigms. Instead, DG must actively seek out partnerships with other areas of the business and present a vision of synergies that can benefit the enterprise as a whole. One of the most important of these business areas is the legal department.

What Can Data Governance Do for Legal?

Before DG approaches the legal department to establish a mutually beneficial partnership, it should have a clear idea of what it can bring to the table and some understanding of how Legal functions in general. Let us consider some of the ways in which DG can support Legal.

Operationalizing Data-Related Laws and Regulations

Legal is, or should be, the source of regulations about data privacy and protection in the jurisdictions within which the enterprise stores, manages or accesses data. However, Legal typically cannot translate these rules into operationalized practices that ensure the enterprise is truly in compliance with the law.

Data Governance can translate Legal's rules & regs into operationalized practices to ensure compliance.Click To Tweet

DG can bridge that gap. It can provide an understanding of the situation in the environments that manage data and help to identify potential gaps with respect to laws and regulations. Jointly with Legal, DG can help to determine what solutions have to be put in place to deal with these gaps. These solutions will often be changes to business practices rather than changes to the underlying systems. Put another way, anything DG can do to help solve these problems without involving IT will be greatly appreciated.

Ensuring Contractual Compliance

Besides laws and regulations, another great concern of Legal’s is ensuring that data acquired under some form of contract is managed in compliance with such contracts. Unfortunately, the business generally thinks that any data inside the firewalls of the enterprise is fair game and can be used for any purpose whatsoever.

While Legal can sign off on a contract, it is typically not going to be involved with monitoring the enterprise environment to detect if the data is being misused. It will likely only get involved if the counterparty in the contract suspects potential misuse and seeks a legal remedy, such as threatening to sue the enterprise.

DG can assist in this area by acting as a gatekeeper to prevent illicit reuse of data. For instance, DG can establish a presence on the Architectural Review Board (ARB) that many enterprises have. There are a number of other reasons for DG being on an ARB, such as enforcement of data standards, but detecting contractual data concerns is a major one.

In order to carry out this work, DG must understand what is implied in the contracts that exist about data. Such contracts may be with data providers, who sell data to the enterprise, or with customers who give their data to the enterprise.

How Legal Works

Having discussed a few of the needs that have to be jointly addressed by DG and Legal, DG needs to understand how it can approach Legal. DG has to potentially interact with all the operational units of the enterprise. It can only do so successfully if it understands the subcultures of these units. So what is special about Legal?

Legal is Conservative

Lawyers want their clients to avoid problems, and tend to give advice that points out the safest course of action. One of the consequences of this is that lawyers rarely are put in leadership positions in enterprises as they are not inclined to try anything new without an ironclad guarantee of success. DG must listen to Legal, but will inevitably have to participate in discussions in which a business decision is made that weighs risks described by Legal with the potential benefits of a new business undertaking. This is not like the IT mindset of just accepting requirements from users — DG will have to help in the making of informed business decisions.

Legal is Slow

DG must generally allow long lead times in dealing with Legal. This is not always true, and Legal can sometimes be very agile. However, lawyers do not like being railroaded, especially if they feel they don’t have an adequate understanding of a particular situation. DG needs to work to gain the confidence of Legal. This means that DG must strategize about the way in which it is going to engage with Legal. Establishing formal recurrent meetings is something that can be helpful, as Legal will feel DG is not coming to it only when there is some kind of urgent issue. Such formal meetings can also help both sides identify risks before they turn into issues.

Legal is Detailed

This also means that Legal is verbose. Legal will generally generate a high volume of documents about a particular topic. DG will have to read and understand these documents and should reserve time to do this. This will mean that DG has to become familiar with legal jargon to some extent, and this may require one or more members of DG being dedicated to interface with Legal.

Legal is Specialized

Lawyers tend to be rather narrowly specialized in areas where they are especially competent, and more general in other legal areas. This can mean that individual lawyers miss the implications of data-related issues and decisions. DG can help by ensuring that Legal understands the scope of a data-related issue, even if DG does not adequately understand what has to be done from a legal perspective.

A strong partnership between Legal & Data Governance is important for most any EIM initiative.Click To Tweet

Opportunities and Risks

If DG can establish a successful relationship with Legal there can be enormous benefits to the enterprise. However, DG also needs to be careful. It should not end up being perceived as the paralegals for the Legal department in matters of data management. This will detract from DG’s independence and its standing in data-related concerns that have nothing to do with Legal.

Of all the organizational units DG can establish a partnership with, Legal is one of the most important. In every enterprise, DG should seek to build and maintain this partnership for the long term.


Article contributed by Malcolm Chisholm. He brings more than 25 years’ experience in data management, having worked in a variety of sectors including finance, insurance, manufacturing, government, defense and intelligence, pharmaceuticals and retail. Malcolm’s deep experience spans specializations in data governance, master/reference data management, metadata engineering, business rules management/execution, data architecture and design, and the organization of enterprise information management.

You have Successfully Subscribed!