To get organisational support for data governance initiatives when companies are looking for quick value-add projects, the NRMA’s digital GM suggests not calling it data governance at all.

Harris Hutkin, general manager of digital and data, said data governance projects work best with whole-of-organisation buy-in and a clear understanding of the project’s goals - and sometimes that means not using the term “data governance.”
Speaking as part of a webinar on data governance in large organisations hosted by Protiviti, Hutkin said the NRMA initially approached data governance as a means of ensuring the security of sensitive customer data.
“It really began as a data security initiative, which makes a lot of sense, but that became a challenge when the business wanted to do things with that data.”
To balance data privacy with the business’ need for data-driven insights, Hutkin said it was important to manage expectations about the purpose of data governance from the get-go, reframing the initiative as an opportunity to better use data while also managing and protecting it, a process he called ‘data enablement’.
“One of the best things we did was to really talk about this as data enablement, and once we started talking about enabling our data, it really helped get everyone on board on with what we're trying to do and help set up a lot of the controls and processes.”
To maintain support for the project, Hutkin said his team focused on quick wins to show the value of data enablement and governance.
“When you're first starting on getting data governance started, people are really questioning what you're trying to do and why you're trying to do it, and the sooner you can get some quick wins happening, I think the easier it is for people to appreciate it.”
One of the quick wins at NRMA was integrating data governance as part of the insurer’s project approval process.
“Before we had that, if someone was looking to do something with our data, there wasn't much of a review process and most of it just fell on the fact that employees really understood the value of the brand and understood how to protect it - but there weren't necessarily formal mechanisms in place," he said.
“I think being able to make sure that that was in the contracts was key.”
To maintain momentum, the team worked within existing Agile and waterfall project management frameworks, rather than try to introduce new ways of working on top of new data governance.
Starting with customer data
Rather than try to solve data governance challenges in every domain across the business, the NRMA started its data enablement journey with a focus on customer data within its membership division.
“We chose that [use case] because it was our highest risk - and also highest value - opportunity," Hutkin said.
“We used that to get everything set up. Now, we're starting to look at how we apply that to our other operating businesses like with our holiday parks division, but we're also looking at other data domains - so thinking about our people data and our financial data as well.”
The company is also working to maintain governance awareness through continued communication with employees across the business, such as signage reminding employees about proper data practices, and an annual training course that must be completed by all staff.
Hutkin acknowledged that getting data governance initiatives off the ground at large organisations could be especially challenging in the current economic climate due to a lack of available funding and the large volume of staff working remotely.
However, he said that the health crisis and resulting increased use of digital technologies to reach customers and staff was also a chance for organisations to address data governance.
“Now’s a great time to be establishing some of those principles and getting things happening so that you don’t do something that you’ll regret later," he said.
Hutkin highlighted his recent trip to Queensland as an area in which data governance standards were well worth a revisit.
“I thought it was interesting that on the border pass, which I have to have affixed to the window of my car, it has my name and address and quite a lot of other personal information.
“This is just one example where organisations are trying to do the right thing but moving quickly and maybe making some [poor] decisions around customer privacy.”