By Trina Anderson, KAUST Data Governance Lead
In today’s world, information is recognized as a commodity. Google, Facebook, Amazon, and other leaders in the data realm have shown us how profitable the collection and exchange of information can be. As with any desirable commodity, there are operational expenses with its management and risks both tangible and intangible to its loss, modification, exposure, or unavailability.
Commercial and academic organizations around the globe recognize the need to treat their data and information in the manner similar to how other more tangible assets have traditionally been managed. This includes establishing accountabilities for data, assigning ownership, and establishing policies and processes to facilitate discovery, protection, availability, ethical usage, and quality of the organizations’ data.
This move toward treating data as assets is generating new job opportunities. Data governance experience is becoming a mainstream skillset. A quick search of LinkedIn on January 31, 2023 revealed 52,508 job posting “hits” across North America, Asia, South America, Europe, Africa, and the Middle East when positions in those regions were filtered on “full-time” and “data governance”. Many different international and industry professional organizations are promoting awareness of, and strategies for implementing, key functions of Data Governance. Some examples include American Records Management Association (ARMA), International Standards Organization (ISO), DAMA International (The Global Data Management Community), Data Governance Professional Organization (DGPO), US National Institute of Standards and Technology (NIST), and the International Association of Privacy Professionals (IAPP). Opportunities for training, conferences and certifications related to data governance are growing.
In the past, implementing a data governance program was a good business practice; today, it’s the law in many countries.
According to the United Nations Conference on Trade and Development’s website “Data Protection and Privacy Legislation Worldwide”1, “137 out of 194 countries have put in place legislation to secure the protection of data and privacy.” Individuals aspiring to be global entrepreneurs need to be aware of the local data laws on e-transactions, cybercrimes, consumer protection, and personal data in the countries where they intend to do business. Entrepreneurs need to research and consider the impacts on their business of these local data and privacy laws. To be successful and profitable, they should include in their operating plans mitigations that reduce those risks.
Locally, Saudi Arabia has published several regulations and controls related to data management and data protection. These laws aim to align the Kingdom with other leading global economies, and support Vision 2030 objectives by making Saudi a more attractive location for economic investment. Some examples of regulations include the Personal Data Protection Law2, National Data Governance Policies3, Data Management and Personal Data Protection Standards4, Essential Cybersecurity Controls5, Data Cybersecurity Controls6, The Saudi Cybersecurity Higher Education Framework7, E-Commerce Law8, and Guidance on the Review and Approval of Artificial Intelligence and Big Data based Medical Devices (“AI Guidelines”)9.
New technology is driving accumulation of data at unanticipated speeds. Artificial Intelligence and machine learning tools generate vast amounts of raw and processed data. Proactive governance practices are needed to plan and budget for storage costs and enable the sharing, access, and identification of specific content within these vast data stores. Without data governance processes, it is difficult to fully maximize the utilization and monetization of the data.
The global data environment is changing. Commercial and academic organizations should implement internal programs that adhere to local law and international and industry best practices. As critical, academic institutions should prepare their graduates for the opportunities and responsibilities related to data management and its impact on their areas of study. KAUST is starting to prepare itself and its graduates for these changes through the efforts of Institutional Reporting and Data Governance (IRDG), Information Security Office (InfoSec), Resilient Computing and Cybersecurity Center (RC3), the University Library, and many departmental and lab-based data governance and data management efforts. For more information on data governance, contact irdg@kaust.edu.sa.
References
1 “Data Protection and Privacy Legislation Worldwide.” https://unctad.org/page/data-protection-and-privacy-legislation-worldwide. UNCTAD, 14/12/2021.
2. “Personal Data Protection Law.” https://laws.boe.gov.sa/boelaws/laws/lawdetails/b7cfae89-828e-4994-b167-adaa00e37188/1. Arabic only.
3. “National Data Governance Policies.pdf”. https://sdaia.gov.sa/ndmo/?Lang=en&page=SectionPolicies#. National Data Management Office. 05/05/2020.
4. “Data Management and Personal Data Protection Standards.pdf.” https://sdaia.gov.sa/ndmo/?Lang=en&page=SectionPolicies#. National Data Management Office. January 2021.
5. “Essential Cybersecurity Controls (ECC – 1: 2018).” https://nca.gov.sa/en/legislation?item=191&slug=controls-list. National Cybersecurity Authority. 2018.
6. “Data Cybersecurity Controls (DCC-1:2022).” https://nca.gov.sa/en/legislation?item=317&slug=controls-list. National Cybersecurity Authority. 2022.
7. “The Saudi Cybersecurity Higher Education Framework (SCyber-Edu).” https://nca.gov.sa/en/legislation?item=199&slug=frameworks-and-standard-list. National Cybersecurity Authority.
8. “E – Commerce Law.” https://mc.gov.sa/en/Regulations/Pages/details.aspx?lawId=aaa4d4cf-ca57-41ff-a3f9-aa8500a3512c&hw=e-commerce, Ministry of Commerce. 17 July 2019.
9. “Guidance on the Review and Approval of Artificial Intelligence and Big Data based Medical Devices.” https://www.sfda.gov.sa/sites/default/files/2023-01/MDS-G010ML.pdf. Saudi Food and Drug Authority. 29/11/2022.
