5. . Fast growing and multiple fundraising, campaigning and marketing
programmes;
Service user information, HR systems, finance systems, fundraising CRM and
operations systems;
Multiple office locations;
How does Guide Dogs ensure its data is being dealt with in a
compliant and comprehensive way across the organisation?
Data Governance will set policy that the organisation will follow as it
establishes architectures, implements best practices, and addresses
requirements.
Governance can be considered the overall process of making this work.
5
6. we need to do more than manage data;
we need a governance system that sets the rules of engagement for
management activities
6
10. Some issues:
Over 30 data collection points maintained in 3 or
more Guide Dogs central systems
People Data managed separately in at least 6
systems – Individuals on more than one system
not recognised as such
Overall quality of Guide Dogs data unknown
Security needed tightening in some systems
10
11. Other areas to consider…
Policies and procedures
Compliance
Culture of awareness
Information and principles
11
14. Terms of Reference
The Governance Board will:
Identify and Allocate or Resolve Issues
Agree High Level Definitions, for, eventually, all data elements
Agree Criteria for Acceptable Data Quality
Review Results of Data Quality Monitoring
Manage Stakeholder Care and Communications
Agree Data Security Requirements i.e. the roles that should have access rights to
data, becoming the ultimate ‘sign off’ for access requests (delegated for Business as
Usual)
Ensure and Monitor Compliance with Legislation - Confirm the data sensitive to
legislation (e.g. Data Protection Act, Records Retention or Payment Card Industry
Data Security Standards) and agree how it is managed
14
15. DGB Meetings
Agenda
Working groups
Presentations, feedback and sign off
Data related activities (to do list!)
15
16. Issue Recommended Resolution Decision Made / Priority Complex Target
Issue Description Impact Owner Status
Nbr Action(s) Required (H,M,L) (H,M,L) Date
1 General
Check if there are real requirements,
if so investigate reasons for not We will actively
Pockets of spreadsheets exist (e.g.
Uncontrolled data held outside adding to core systems. If the 'hunt down'
breeding centre) because:
of systems has potential functionality is not available plan the occurences in
- Data is not trusted
1.2 Spreadsheets security, DPA and records provision by including requirements in Finance, H M JC Ongoing
- Required functionality apparently does
retention exposure. Accuracy enhancements or new systems, if not Operations,
not exist
is also suspect use training and or persuasion! Clean Fundraising, HR and
- End user doesn’t trust security
and add data to the appropriate External Comms
data store
2 Data Quality
No data quality audit however, in GDI
data changes applied are audited as a Investigate current,
Define Quality measures and
result of triggers on most tables, Fetch has identify gaps, cross
Guide Dogs cannot rely on the introduce data audits to measure
date and who changed (and sometimes functional
2.1 Audit accuracy of data as there is no quality and introduce a link to H M JC In progress
created) on all tables, some have history requirements and
reliable way of measuring it. individuals appraisal. Include as an
to show what it was changed from. There measures for
objective in new job specs
is no apparent sanction over poor data reporting
entry.
Data
4
Protection
Subject Access Requests are still being
held on a spreadsheet (accessed by NG
and JF).
There was an initial request to get this
Lack of security, backup
Subject Access information stored on Ascent, however Investigate the best place for this Outstandin
4.7 routines etc make this data L M NG
Request because of the effort and the number of data and migrate it g
vulnerable
requests that are submitted in a year
(around 10-20), a recommendation was
made for users to continue to use the
spreadsheet.
DPA Breaches How should we classify and report on DPA Review current criteria, enhance as Outstandin
4.9 Regulatory exposure M M NG
Reporting breaches necessary and update reports g
Personal Details are emailed to and from
Finance
- Payroll summary from HR to Finance for
Emailed sign off Regulatory and reputational Replace each type of mail with a Allocate and
4.10 M L
Personal Data - Supplier (Employee Expenses) Bank exposure more secure option prioritise
Details confimed back to supplier
- Bank Details Changes sent from HR to
Finance to update SAGE
Records
5
Retention
16
18. Chief Information Officer
Data Protection Officer
Head of Legal
Safeguarding Manager
Business users – all areas; Finance, HR,
Fundraising, Marketing, Operations
Information Systems
Database Managers
18
22. Introduction of Data day
Planning to run the ICO Think! Privacy campaign
Suppressions Management
Debating the day to day management of each
of the data governance elements
New streamlined board structure
22
24. Dama – UK Chapter http://www.damauk.org/
Audit your existing processes
Be clear about what and why
Identify your risks and challenges
Prioritise
24