This paper explores the emerging field of data governance, which involves managing data through roles, rules, and policies. It aims to systematize diverse concepts and viewpoints in data governance by analyzing academic and grey literature. Through literature analysis, we examine the relationships between key concepts of data governance and major components that implement these concepts. This way, a nuanced understanding of the collective contribution of these components to realize data governance is generated. The research culminates in a data governance concept matrix, and an ontology to visualize the concepts' relationships.
Data challenges are prevalent in fields like Information Systems, Computer Science, Data Management, Organization and Management, Education and Healthcare [3]. Ensuring data confidentiality is crucial for protecting individual privacy and maintaining trust in a digital world [4]. As data management issues include fragmented ownership, lack of authority, and absence of standards and policies [5], these issues make sensitive data susceptible to misuse, resulting in poor decisions and resource wastage [6]. Effective data governance is essential, involving the identification of data ownership, defining and enforcing data rules, and monitoring compliance. The goal is to balance privacy and security with the need for data sharing to enhance service quality and decision-making [5].
Research on data governance is evolving. Hovenga & Grain emphasize organizational aspects, advocating for customized structures and decision-making bodies [7]. Brous et al. broaden this to include policies and processes across various sectors, while Panian focuses on technology [8]. However, many scholarly works and strategy reports (e.g. from OECD [9] and European Commission [10]) discuss key data governance concepts without clear definitions or comprehensive explanations. This ambiguity can cause misunderstandings and varied interpretations among researchers and practitioners, hence demanding a unified framework to reconcile differing views and concepts.
This paper aims to identify and systematize the varied concepts for data governance into one primary context - a general overview of the domain. A data governance ontology will establish connections and coherence within existing data governance concepts and attributes. The research is driven by the following research questions: 1) How is data governance perceived by various scholars? 2) What key concepts characterize these perceptions? By addressing these questions, we aim to contribute to a more comprehensive and holistic understanding and advancement of concepts in the data governance domain.
The paper is structured as follows: Section 2 explains the research design, while Section 3 reviews literature to set the foundations. Section 4 conceptualizes the insights from Section 3 into a concept matrix and an ontology for a comprehensive data governance understanding. Section 5 concludes with a discussion of findings, limitations and indications for further research.
Our study followed qualitative research to build a path to systematize data governance concepts. We adopted a structured approach of systematically evaluating both academic and grey literature from various sources, utilizing the systematic literature review methodology by Rowley & Slack [11] and a modified PRISMA scheme by Page et al. [12]. Relevant literature was retrieved from databases such as PubMed, IEEE Explorer, Springer Link, ACM Library, and Sage journals, using keywords like “Data Governance,” “Information Governance,” “Health Data Governance,” “Clinical Data Governance,” and “Medical Data Governance”. Advanced filters (discipline, publication date from 2000 to 2023, and language) refined the search, resulting in 65,555 papers. After removing duplicates, non-English papers, and irrelevant ones, 506 papers remained. Further exclusion based on publication date reduced this to 127 papers. Abstract and title analysis narrowed it to 25 papers. A snowball search added 4 more research papers and two grey literature sources, totaling 31 papers for the research.
The next step involved screening for definitions and explanations of data governance and its five major components: principles, policies, roles, processes, and building blocks. Insights from this screening was used to develop a data governance concept matrix and an ontology. The concept matrix helps identify fundamental concepts discussed in the literature and highlights areas of consensus and contention. The ontology then maps the relationships between these concepts, providing a comprehensive understanding of data governance.
The review of foundational concepts aims to enrich the discussions on effective data governance by offering insights and guidance to researchers, practitioners, and policymakers. Khatri & Brown distinguish between data management and governance, where the first involves making and implementing decisions within an organization, and the second determines who has the authority to make these decisions and the rules guiding them. Data governance complements data management with overarching decisions and rules [5]. To understand the ‘governance’ aspect of data governance, Micheli et al.'s definition emphasizes a network of participants with distinct roles in the governing process of a system [13]. The further literature analysis revealed definitions that link data governance with accountability in decision-making regarding an organization's data assets [14], [15], [16], [17], [18]. Alhassan et al. and the European Commission (EC) define data governance in terms of establishing roles and responsibilities within key decision areas, while Micheli et al. highlight the interactions among stakeholders to generate value from data through access, control, sharing, and use [1], [10], [13]. Four scholars recognize data governance as a set of policies, processes, and standards, with Eke et al. also mentioning principles. These definitions also include concepts such as data integrity, quality, availability, accessibility, usability, consistency, auditability, and security, along with data stewardship and other responsibilities associated with data management [8], [19], [20], [21]. Other pivotal concepts are data privacy, sharing, and ownership. All these aspects collectively contribute to a holistic understanding of data governance concepts and components.
Building on Cheong & Chang's data governance framework [22], we identified five major components of data governance: roles, policies, principles, processes and building blocks. Khatri & Brown relate principles with policies as guiding elements to achieve data principles [14]. They suggest that clearly defined processes help realize these principles by providing coherence in business operations, both internally and externally [15]. Effective data governance relies on establishing and enforcing policies, hence identifying policies and processes as main components of data governance [8]. Utilizing technology enables the automation and expansion of data governance standards, policies, and processes. Various definitions also suggest roles and responsibilities as principal components of data governance activities [23], [13]. Cheong et al. define data governance as the governance of people and technology, emphasizing the correlation between roles and technical building blocks [22]. Table 1 presents an ontology for the five major components to understand the interplay among these components, aiding in a deeper understanding and effective implementation of data governance practices. Each component represents a fundamental aspect of data governance, and understanding their relationships is crucial for designing and implementing effective data governance frameworks.
At its core, data governance encompasses a set of major components and subconcepts that collectively define its essence. Key sub-concepts, such as data quality, security, and privacy, contribute to the comprehensive framework of data governance. This framework is not static but a dynamic interplay of these crucial facets. Scholars have assigned varying degrees of importance to these sub-concepts in their work. Some have delved deeply into specific areas, while others have addressed them more superficially. This diversity in focus adds richness and complexity to the discourse on data governance, reflecting the nuanced perspectives.
The literature review provided valuable insights into the interplay and relationships of sub-concepts of data governance. The key sub-concepts identified are as follows:
Data Ownership: Some definitions assign responsibility to a designated data owner, while others attribute it to the data steward or producer [28]. The EC emphasizes data owners' duty to maintain data quality and limit unnecessary access restrictions [10]. Data Access: The foundation of data accessibility rests upon the ability of data beneficiaries to evaluate diverse data classifications [8]. Panian emphasizes that data accessibility ensures the timely availability of data as necessitated [8], [14]. Data Security involves measures to protect data's accessibility, authenticity, availability, confidentiality, integrity, privacy, and reliability [23]. Liddell et al. include also pseudonymization, encryption, resilient storage, and compliance assessment [29]. Panian underscores secure access to data [8]. Legal Compliance: Data governance is key for aligning with regulatory and corporate requirements, automating tasks, and reducing costs [8], [30]. This requires comprehensive oversight to uphold compliance standards at all organizational levels [15]. Data Accuracy is defined as the fidelity and validity of data values [7]. Equity and Inclusion: It requires effective governance to foster fairness in the accessibility, utilization, and analysis of data [31]. Along this, data should only be gathered, used, or disclosed as necessary for specific objectives, avoiding inappropriate discrimination and advocating a human rights and equity perspective in governing data use [20]. Data Privacy involves gathering, distributing, safeguarding, and utilizing data to ensure privacy and confidentiality of affected individuals and organizations [7]. Accountability refers to clearly defining roles and responsibilities in data governance to ensure successful implementation and enforce accountability [22]. Data Quality includes dimensions like accuracy, timeliness, relevance, completeness, trustworthiness, and contextual definition [22], [34]. Data quality depends on the ability to meet usage requirements and to generating value [7], [14]. The contextual nature of data quality depends on specific usage contexts and industry requirements [35]. Data Value is the value generated from data through aggregation, analytics, and business intelligence, benefiting diverse stakeholders [36]. Stakeholders may gain value in various forms (economic benefits, public welfare, and citizen empowerment) [13]. Data Standardization entails establishing uniform rules, guidelines, and protocols for data collection, storage, and dissemination [7], [37]. Data Sharing requires agreements among stakeholders and aligning data sharing towards a common goal [22]. A structured framework shall support to define the purpose and management of shared data. Data Management involves collecting, analyzing, and understanding data, ensuring security, establishing sharing protocols, removal processes, participant communication, and disseminating findings [17]. Data acquisition, purification, conversion, integration, and quality assurance are essential activities for maintaining data quality [7]. Data Modeling is a fundamental concept in achieving effective Data
Management, alongside other tasks such as data capture, purification, conversion, deduplication, integration, corrective actions, migration, and overall data management [15].
Data Architecture involves delineating enterprise data elements and constructing an enterprise data model across conceptual, logical, and physical tiers. To establish a robust Data Architecture, it is necessary to identify the data requirements of the enterprise and establish architectural principles, criteria, and directives [23].
Data Lifecycle is defined as encompassing defining, gathering, generating, employing, preserving, archiving, and expunging data [14]. Abraham et al. extend this concept, emphasizing the identification of business processes using data and examining information flow to identify redundancies in data storage [23]. Metadata depicts the fundamental or structural delineation of data content, quality, condition, or other attributes, including data definitions, types, relational nature, available collections, collectors, and similar elements [7], [38].
Business Goal Alignment: Effective data governance ensures alignment between data strategies and business objectives, emphasizing tangible value and reusability [3], [15]. Addressing data quality is crucial for meeting these aims. Actors/Stakeholders encompass individuals, institutions, organizations, or groups impacted by data governance and value creation [13], [39]. They can be both creators and consumers of data, and they can span diverse sectors including private, public, academia, scientific, civic organizations, activists, social entrepreneurs, and citizens [40].
Data Trusts are structured frameworks for overseeing data access [41]. Public Data Trusts (PDTs) is a model of data governance wherein a governmental entity accesses, amalgamates, and utilizes data pertaining to its populace [13], [42]. Data Interoperability frameworks facilitate data exchange based on standardized conventions, highlighting the importance of data governance in managing metadata and orchestrating technical processes for intersystem data transfer connectivity [7].
Data Stewardship refers to key intermediaries between business needs and technical aspects, involving commitment, collaboration, and accountability in data asset management [18]. Data stewardship provides a more dependable framework for data management, fostering trustworthy data utilization and sharing [16].
Data Risk Management is crucial for effective data governance. It involves identifying and mitigating risks related to data release and transfer, such as patient safety, privacy, fraud, and regulatory compliance [7].
De-identified Data is information with individual identifiers removed to enable data exchange while protecting privacy [43]. According to the OECD, it is data that is no longer unidentified [9].
The matrix lists publications chronologically from 2007 to 2023 in rows and arranges sub-concepts by their prevalence in columns. The symbol '★' indicates whether a subconcept is mentioned without detailed explanation, or focused '✓' with a thorough discussion. Absence of a sub-concept in a study is shown by an empty cell. The matrix aims to clarify the extent to which a publication addresses specific sub-concepts.
The concept matrix provided insights into which sub-concepts are mentioned more frequently, and sub-concepts with lower frequencies evolving more recently. One reason for the varying frequencies could be that the early data governance field was heavily influenced by data management [14]. Therefore, sub-concepts already well-established in data management, such as data quality and data security, were more frequently addressed by researchers.
With this understanding, we developed an ontology to systematically organize and integrate the diverse sub-concepts of data governance in a UML class diagram as shown in Figure 1. Ontology is a structured representation of knowledge about a domain, its concepts and their relationships. It offers a clear and organized way to capture and communicate the understanding of a specific subject area [27].
Data governance is taken as the main concept which is related to the eight highly frequent sub-concepts labeled as Class A: Data sharing, Data access, Data quality, Legal compliance, Data Privacy, Data standardization, Accountability and Data security via an aggregation relationship. This aggregation shows that the sub-concepts in Class A build the main concepts of data governance.
The sub-concepts in Class B were not observed to have a direct link to the main concept of data governance but are related to sub-concepts of Class A via a directional association relationship. This relationship defines that Class B sub-concepts assist the sub-concepts in Class A in achieving better data governance in an organization. The labels used to define the relationships between the sub-concepts are as follows: “Establish” relates to creating or defining the basis of a sub-concept or structure. “Ensure” implies the use processes like encouragement verification, as well as quality control to ensure the security, reliability, and accuracy of sub concept. “Require” indicates the requirements or dependencies needed for a process to be carried out successfully. “Manage” involves organizing and controlling resources. “Include” relates to various components, sections, or sub-sets of sub-concept. “Assess” involves evaluating and appraising sub-concepts to determine their significance, relevance, and quality regarding a certain context. Lastly, “Facilitate” refers to the process of improving the consistency, efficiency, and usability of processes or activities. For example, data management ensures that the data collected is of high quality which will facilitate more value from the data [14]; actors/stakeholders are required in data standardization, which establishes the standards for data of organizations [22]. Setting standards for the data ensures high quality of metadata which facilitates better interoperability [7]. Data sharing requires also metadata. While such a relationship was not observed in literature, we added it in the ontology (red arrow).
Data governance is researched for nearly two decades, with numerous contributions shaping its development. This study systematically examined scholarly viewpoints to address the first research question. To answer the second question, we analyzed concepts of data governance, revealing their interconnections through an extensive literature review. Key sub-concepts and major components were identified, highlighting their interconnectedness and mutual support. The study identified gaps in the literature, such as the link between data sharing and metadata. The ontology offers a nuanced understanding of the concepts, which represent a collective contribution to a robust data governance framework. This research enhances the ongoing discourse on effective data governance and provides a solid foundation for its advancement in the digital age.
Reflecting on the key findings, five major components of data governance were identified: principles, processes, policies, roles, and building blocks. Key sub-concepts such as data interoperability were also determined. Understanding how these components and sub-concepts interrelate is crucial. For example, achieving data interoperability requires clear principles as a foundation, followed by policies to govern practices, processes to operationalize policies, and defined roles for accountability. Each component contributes to the overarching objective of effective data governance. Building blocks, including IT infrastructure and foundational elements, support the implementation and maintenance of processes, providing technical capabilities for interoperability. The five major components—principles, policies, processes, roles, and building blocks—need to work together harmoniously. Principles guide policies, which are to be executed through processes, overseen by defined roles, and supported by building blocks. This integrated approach ensures effective achievement of key subconcepts like data interoperability within the data governance domain. Further research is needed to evaluate the accuracy and applicability of the ontology with its concepts in different data-intensive domains.
The limitations of this research include the scope and depth of the literature reviewed and the complexity of the data governance landscape. Despite a comprehensive approach, some relevant literature may have been missed, potentially affecting the results. Additionally, as data governance continues to evolve, new concepts and relationships may emerge, requiring continuous refinement of the understanding. The study finds a limited and generic definition of concepts within data governance. Yet, the findings can be utilized to build a comprehensive framework for data governance across multiple fields due to the clear understanding of the concepts identified and explained. By offering a structured and interconnected view of data governance components and sub-concepts, this study lays the groundwork for more detailed and specific frameworks to be tailored to different organizational contexts. [10] European Commission, “Data governance and data policies at the European Commission Executive summary,” 2020. Accessed: Feb. 13, 2024. [Online]. Available: https://commission.europa.eu/publications/data-governance-anddata-policies-european-commission_en [11] J. Rowley and F. Slack, “Conducting a literature review,” Management Research
News, vol. 27, no. 6, pp. 31–39, Jun. 2004, doi: 10.1108/01409170410784185.
[12] M. J. Page et al., “The PRISMA 2020 statement: An updated guideline for
reporting systematic reviews,” BMJ, vol. 372. 2021. doi: 10.1136/bmj.n71.
[13] M. Micheli, M. Ponti, M. Craglia, and A. Berti Suman, “Emerging models of data
governance in the age of datafication,” Big Data Soc, 7 (2), 2020.
[14] V. Khatri and C. V. Brown, “Designing data governance,” Commun ACM, vol. 53,
no. 1, pp. 148–152, Jan. 2010, doi: 10.1145/1629175.1629210.
[15] P. Brous, M. Janssen, and R. Vilminko-Heikkinen, “Coordinating
DecisionMaking in Data Management Activities: A Systematic Review of Data
Governance Principles,” in Proceedings of Electronic Government. LNCS 9820,
Spr
IFLA Journal, 42 (4), pp. 303–312, 2016, doi: 10.1177/0340035216672238. [18] K. Weber, B. Otto, and H. Österle, “One Size Does Not Fit All---A Contingency
Approach to Data Governance,” J Data and Inform Quality, 1 (1), pp. 1–27, 2009. [19] D. O. Eke et al., “International data governance for neuroscience,” Neuron, vol.
110, no. 4, pp. 600–612, F
Manag, 14 (3), pp. 188–194, 2006, doi: 10.1111/j.1365-2934.2006.00590.x.
[26] Rebecca. Sutton and Overseas Development Institute., The policy process : an
overview. Overseas Development Institute, 1999. Accessed: Feb. 13, 2024.
[Online]. Available: https://www.files.ethz.ch/isn/104749/wp118.pdf
[27] A. Castro, V. A. Villagrá, P. García, D. Rivera, and D. Toledo, “An
ontologicalbased model to data governance for big data,” IEEE Access, vol. 9, pp. 109943–
109959, 2021, doi: 10.1109/ACCESS.2021.3101938.
[28] K. E. Griffiths, J. Blain, C. M. Vajdic, and L. Jorm, “Indigenous and Tribal Peoples
Data Governance in Health Research: A Systematic Review,” Int J Environ Res
Public Health, 18 (19), p. 10318, 2021, doi: 10.3390/ijerph181910318.
[29] K. Liddell, D. A. Simon, and A. Lucassen, “Patient data ownership: who owns
your health?” J Law Biosci, vol. 8, no. 2, Aug. 2021, doi: 10.1093/jlb/lsab023.
[30] E. Demir, “Big Biological Data: Need for a Reorientation of the Governance
Framework,” in IEEE Conf Comput Intellig in Bioinform & Computat Biology
(CIBCB), I
Genet, vol. 53, no. 1, pp. 2–8, Jan. 2021, doi: 10.1038/s41588-020-00742-6.
[33] J. Kuzio, M. Ahmadi, K.-C. Kim, M. R. Migaud, Y.-F. Wang, and J. Bullock,
“Building better global data governance,” Data Policy, 4 (4), p. e25, 2022.
[34] P. Ochang, D. Eke, and B. C. Stahl, “Perceptions on the Ethical and Legal
Principles that Influence Global Brain Data Governance,” Neuroethics, vol. 17,
no. 2, p. 23, Jul. 2024, doi: 10.1007/s12152-024-09558-1.
[35] S. Juddoo, C. George, P. Duquenoy, and D. Windridge, “Data Governance in the
Health Industry: Investigating Data Quality Dimensions within a Big Data
Context,” Applied System Innovation, 1 (4): 43, 2018, doi: 10.3390/asi1040043.
[36] J. S. Winter and E. Davidson, “Big data governance of personal health
information and challenges to contextual integrity,” Information Society, vol. 35,
no. 1, pp. 36–51, Jan. 2019, doi: 10.1080/01972243.2018.1542648.
[37] S. Octaviana, P. W. Handayani, and A. N. Hidayanto, “Health Data Governance
Issues in Healthcare Facilities: Perspective of Hospital Management,” in 10th Int
Conf Inform and Comm T