How to Establish Data Governance Strategies in Times of Change

Post Date: 06/24/2020
feature image

Need management advice for Groups? Watch our webinar “How to Ensure Operational Governance for Office 365 Groups” today!

Read other #ShiftHappens Conference session recaps below:

This week it was my great pleasure to co-present at AvePoint’s annual #ShiftHappens conference with my friend, colleague, and the Chief Data Officer at Mastercard, JoAnn Stonier. JoAnn leads the organization’s data innovation efforts while navigating current and future data risks.

As such, she oversees the curation, quality, governance, and management of the company’s extensive data assets as Mastercard increasingly looks to deepen the strategic value it can provide its merchant, banking, and government customers and cardholders through its expanding data-driven products and capabilities.

Our topic “Proactive data strategies in unprecedented times of change” could not have been more relevant or timely given the current state of the world. Shift has truly been happening all around us—not only from the global pandemic, but also from cultural, political, and technological upheavals as well.

As Deepak Chopra said, “All great changes are preceded by chaos.” In fact, because of the pandemic, commerce across the globe slowed to a crawl in a matter of weeks:

  • Businesses went virtual or closed
  • Individuals stayed home and purchased less
  • Society moved at a glacial pace

In response to the pandemic, businesses moved quickly to execute their crisis plans—but as we look back over the past 14 weeks, we’ve learned much about how shift happens and how to prepare for what comes next.

JoAnn spoke at length about Mastercard’s response, including their initial response to ensure continued operations of Mastercard’s business globally while continuing to serve their banks, merchants, governments, and other customer needs.

Looking for data governance insights? Check out this post: Click To Tweet

This included key steps followed by many other organizations (including AvePoint) to activate business continuity plans globally, shift to virtual working environments, and enhance capabilities to meet data demands. As JoAnn said, “increased volume and timeliness demands required new approaches to data governance, quality, and access rules and processes.”

With the sudden shift for many organizations to an almost entirely remote workforce, a rapid “ready or not” acceleration into the use of cloud technologies and a virtual explosion of data came close behind.

Practically, however, whether data is generated by and within your organization or collected by your organization from a third party (customer, vendor, partner, other), the only way you can effectively protect it is by understanding it. Does it contain customer information, employee information, intellectual property, sensitive communications, personally identifiable information (PII), health information, financial data, etc.?

data governance

Data without controls can create operational, privacy, and security gaps that could put company assets at risk. Only after you know what it is, who can and has accessed it, and where it is can you then make decisions about where it should live. Data in a highly secure system may need fewer controls than data located in a cloud environment or a broadly available corporate intranet or web site. Data sovereignty rules also dictate what controls are needed, including what should be kept on-premises, when you can or should go to the cloud, and the location of the data.

In conclusion, while the technology and workforce landscape may be shifting around us, JoAnn concluded that “basics” really do matter. The work that Mastercard has done to build the pillars of good data governance based on principals of an individual’s rights to and for their own data, and corporate responsibility to maintain ethical and responsible data principals for security, privacy, transparency, control, accountability, integrity, innovation, and social impact, has resulted in Mastercard’s ability to weather the storm and continue to innovate responsibly and with integrity. In fact, they will be publishing a series of whitepapers on best practices for data governance later this year that will be available to the public.

To learn more about our fantastic guest speakers, click here to visit the #ShiftHappens Conference homepage

Want to keep up with our #ShiftHappens coverage? Be sure to subscribe to our blog!


Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: Twitter:

View all posts by Dana S.

Subscribe to our blog