Guide dogs


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Guide dogs

  1. 1. Data Governance at Guide DogsPresented by: Jane Huntington - Data Manager Maria Novell - Head of Individual Giving
  2. 2. Introducing…Data Governance Why.. How.. Who.. Where are we.. Where next.. 2
  3. 3. Data Governance Definition 3
  4. 4. Why?Data Governance 4
  5. 5. .  Fast growing and multiple fundraising, campaigning and marketing programmes;  Service user information, HR systems, finance systems, fundraising CRM and operations systems;  Multiple office locations; How does Guide Dogs ensure its data is being dealt with in a compliant and comprehensive way across the organisation?  Data Governance will set policy that the organisation will follow as it establishes architectures, implements best practices, and addresses requirements.  Governance can be considered the overall process of making this work. 5
  6. 6.  we need to do more than manage data; we need a governance system that sets the rules of engagement for management activities 6
  7. 7.  New CEO Guide Dogs Change Programme 7
  8. 8.  New CIO  IT Strategy 8
  9. 9. Results from Data Discovery Exercise 9
  10. 10. Some issues: Over 30 data collection points maintained in 3 or more Guide Dogs central systems People Data managed separately in at least 6 systems – Individuals on more than one system not recognised as such Overall quality of Guide Dogs data unknown Security needed tightening in some systems 10
  11. 11. Other areas to consider… Policies and procedures Compliance Culture of awareness Information and principles 11
  12. 12. How?Data Governance Board 12
  13. 13. May 2011First Data Governance Board meeting held 13
  14. 14. Terms of ReferenceThe Governance Board will: Identify and Allocate or Resolve Issues Agree High Level Definitions, for, eventually, all data elements Agree Criteria for Acceptable Data Quality Review Results of Data Quality Monitoring Manage Stakeholder Care and Communications Agree Data Security Requirements i.e. the roles that should have access rights to data, becoming the ultimate ‘sign off’ for access requests (delegated for Business as Usual) Ensure and Monitor Compliance with Legislation - Confirm the data sensitive to legislation (e.g. Data Protection Act, Records Retention or Payment Card Industry Data Security Standards) and agree how it is managed 14
  15. 15. DGB Meetings Agenda Working groups Presentations, feedback and sign off Data related activities (to do list!) 15
  16. 16. Issue Recommended Resolution Decision Made / Priority Complex Target Issue Description Impact Owner Status Nbr Action(s) Required (H,M,L) (H,M,L) Date1 General Check if there are real requirements, if so investigate reasons for not We will actively Pockets of spreadsheets exist (e.g. Uncontrolled data held outside adding to core systems. If the hunt down breeding centre) because: of systems has potential functionality is not available plan the occurences in - Data is not trusted1.2 Spreadsheets security, DPA and records provision by including requirements in Finance, H M JC Ongoing - Required functionality apparently does retention exposure. Accuracy enhancements or new systems, if not Operations, not exist is also suspect use training and or persuasion! Clean Fundraising, HR and - End user doesn’t trust security and add data to the appropriate External Comms data store2 Data Quality No data quality audit however, in GDI data changes applied are audited as a Investigate current, Define Quality measures and result of triggers on most tables, Fetch has identify gaps, cross Guide Dogs cannot rely on the introduce data audits to measure date and who changed (and sometimes functional2.1 Audit accuracy of data as there is no quality and introduce a link to H M JC In progress created) on all tables, some have history requirements and reliable way of measuring it. individuals appraisal. Include as an to show what it was changed from. There measures for objective in new job specs is no apparent sanction over poor data reporting entry. Data4 Protection Subject Access Requests are still being held on a spreadsheet (accessed by NG and JF). There was an initial request to get this Lack of security, backup Subject Access information stored on Ascent, however Investigate the best place for this Outstandin4.7 routines etc make this data L M NG Request because of the effort and the number of data and migrate it g vulnerable requests that are submitted in a year (around 10-20), a recommendation was made for users to continue to use the spreadsheet. DPA Breaches How should we classify and report on DPA Review current criteria, enhance as Outstandin4.9 Regulatory exposure M M NG Reporting breaches necessary and update reports g Personal Details are emailed to and from Finance - Payroll summary from HR to Finance for Emailed sign off Regulatory and reputational Replace each type of mail with a Allocate and4.10 M L Personal Data - Supplier (Employee Expenses) Bank exposure more secure option prioritise Details confimed back to supplier - Bank Details Changes sent from HR to Finance to update SAGE Records5 Retention 16
  17. 17. Who?Data Governance Board 17
  18. 18.  Chief Information Officer Data Protection Officer Head of Legal Safeguarding Manager Business users – all areas; Finance, HR, Fundraising, Marketing, Operations Information Systems Database Managers 18
  19. 19. Where we are now… Data Governance Boad 19
  20. 20. Complete On-going OutstandingCompliance Subject Data Access Audit Requests DPA Training Record Data Retention Breach Management Procedure PCI Volunteering Compliance 20
  21. 21. Where next?Data Governance Board 21
  22. 22.  Introduction of Data day Planning to run the ICO Think! Privacy campaign Suppressions Management Debating the day to day management of each of the data governance elements New streamlined board structure 22
  23. 23. Where do you start? Data Governance Board 23
  24. 24.  Dama – UK Chapter Audit your existing processes Be clear about what and why Identify your risks and challenges Prioritise 24
  25. 25. Thank you… 25