Guide dogs

Data Governance at Guide Dogs

Presented by: Jane Huntington - Data Manager
Maria Novell - Head of Individual Giving

Introducing…

Data Governance

 Why..

 How..

 Who..

 Where are we..

 Where next..

2

Data Governance Definition

3

Why?
Data Governance

4

.  Fast growing and multiple fundraising, campaigning and marketing
programmes;

 Service user information, HR systems, finance systems, fundraising CRM and
operations systems;

 Multiple office locations;

How does Guide Dogs ensure its data is being dealt with in a
compliant and comprehensive way across the organisation?
 Data Governance will set policy that the organisation will follow as it
establishes architectures, implements best practices, and addresses
requirements.

 Governance can be considered the overall process of making this work.

5

 we need to do more than manage data;

 we need a governance system that sets the rules of engagement for
management activities

6

 New CEO

 Guide Dogs Change Programme
7

 New CIO

 IT Strategy
8

Results from Data Discovery Exercise

9

Some issues:
 Over 30 data collection points maintained in 3 or
more Guide Dogs central systems
 People Data managed separately in at least 6
systems – Individuals on more than one system
not recognised as such
 Overall quality of Guide Dogs data unknown
 Security needed tightening in some systems

10

Other areas to consider…

 Policies and procedures

 Compliance

 Culture of awareness

 Information and principles

11

How?

Data Governance Board

12

May 2011
First Data Governance Board meeting held

13

Terms of Reference
The Governance Board will:

 Identify and Allocate or Resolve Issues

 Agree High Level Definitions, for, eventually, all data elements

 Agree Criteria for Acceptable Data Quality

 Review Results of Data Quality Monitoring

 Manage Stakeholder Care and Communications

 Agree Data Security Requirements i.e. the roles that should have access rights to
data, becoming the ultimate ‘sign off’ for access requests (delegated for Business as
Usual)

 Ensure and Monitor Compliance with Legislation - Confirm the data sensitive to
legislation (e.g. Data Protection Act, Records Retention or Payment Card Industry
Data Security Standards) and agree how it is managed
14

DGB Meetings

 Agenda

 Working groups

 Presentations, feedback and sign off

 Data related activities (to do list!)

15

Issue Recommended Resolution Decision Made / Priority Complex Target
Issue Description Impact Owner Status
Nbr Action(s) Required (H,M,L) (H,M,L) Date

1 General
Check if there are real requirements,
if so investigate reasons for not We will actively
Pockets of spreadsheets exist (e.g.
Uncontrolled data held outside adding to core systems. If the 'hunt down'
breeding centre) because:
of systems has potential functionality is not available plan the occurences in
- Data is not trusted
1.2 Spreadsheets security, DPA and records provision by including requirements in Finance, H M JC Ongoing
- Required functionality apparently does
retention exposure. Accuracy enhancements or new systems, if not Operations,
not exist
is also suspect use training and or persuasion! Clean Fundraising, HR and
- End user doesn’t trust security
and add data to the appropriate External Comms
data store
2 Data Quality
No data quality audit however, in GDI
data changes applied are audited as a Investigate current,
Define Quality measures and
result of triggers on most tables, Fetch has identify gaps, cross
Guide Dogs cannot rely on the introduce data audits to measure
date and who changed (and sometimes functional
2.1 Audit accuracy of data as there is no quality and introduce a link to H M JC In progress
created) on all tables, some have history requirements and
reliable way of measuring it. individuals appraisal. Include as an
to show what it was changed from. There measures for
objective in new job specs
is no apparent sanction over poor data reporting
entry.
Data
4
Protection
Subject Access Requests are still being
held on a spreadsheet (accessed by NG
and JF).
There was an initial request to get this
Lack of security, backup
Subject Access information stored on Ascent, however Investigate the best place for this Outstandin
4.7 routines etc make this data L M NG
Request because of the effort and the number of data and migrate it g
vulnerable
requests that are submitted in a year
(around 10-20), a recommendation was
made for users to continue to use the
spreadsheet.
DPA Breaches How should we classify and report on DPA Review current criteria, enhance as Outstandin
4.9 Regulatory exposure M M NG
Reporting breaches necessary and update reports g
Personal Details are emailed to and from
Finance
- Payroll summary from HR to Finance for
Emailed sign off Regulatory and reputational Replace each type of mail with a Allocate and
4.10 M L
Personal Data - Supplier (Employee Expenses) Bank exposure more secure option prioritise
Details confimed back to supplier
- Bank Details Changes sent from HR to
Finance to update SAGE
Records
5
Retention

16

Who?


17

 Chief Information Officer
 Data Protection Officer
 Head of Legal
 Safeguarding Manager
 Business users – all areas; Finance, HR,
Fundraising, Marketing, Operations
 Information Systems
 Database Managers

18

Where we are now…

Data Governance Boad

19

Complete On-going Outstanding

Compliance Subject
Data Access
Audit Requests
DPA
Training

Record Data
Retention Breach
Management Procedure

PCI
Volunteering
Compliance
20

Where next?

21

 Introduction of Data day
 Planning to run the ICO Think! Privacy campaign
 Suppressions Management
 Debating the day to day management of each
of the data governance elements
 New streamlined board structure

22

Where do you start?


23

 Dama – UK Chapter http://www.damauk.org/
 Audit your existing processes
 Be clear about what and why
 Identify your risks and challenges
 Prioritise

24

Guide dogs

More Related Content

What's hot

Similar to Guide dogs

More from Natalie Blackburn

Guide dogs