Where data governance and information governance intersect, and why it matters
Digital capabilities and risks have evolved (fueled even further by artificial intelligence and cyberattacks), so local governments are facing increased pressure to responsibly manage information and data. A prior article covered how the history of data evolved to create chaos, as well as best practices to address data sprawl. We are continuing the journey of data governance to understand where information governance and data governance intersect, and how to leverage both.
While information governance (IG) and data governance (DG) are often used interchangeably, they serve distinct yet complementary roles. Understanding the differences and how they work together is vital for managing your organization’s digital capabilities. This understanding is also crucial for developing a governance strategy that focuses on trust, compliance, and improving operational efficiency.
What’s distinct about information governance?
Information governance encompasses a broader view, focusing on the policies, procedures, and compliance frameworks that govern how information is created, stored, used, and disposed of. This includes structured and unstructured data, documents, records, emails, and digital communications. Information governance components include:
- Records management, which focuses on records ownership and where the data is stored
- Regulatory compliance, which ensures that retention, location and security are applied correctly in order to meet federal, state and local regulations, like Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI), Criminal Justice Information Sharing (CJIS), etc.
- Policy creation, which includes putting pen-to-paper for what your local government has decided needs to be followed
- Lifecycle management, which focuses on backup, recovery and destruction of information and data
Information governance provides a comprehensive framework of strategies, policies, and procedures designed to maximize the value of all local government information. This ensures it effectively supports compliance requirements and strategic business goals.
The nuances of data governance
While information governance is focused on policies and procedures, data governance is concerned with the quality, security, and usability of data. Data governance provides the framework to ensure data is accurate, accessible, and protected. Key components include data quality, metadata management (data about the data, such as owner or date created), data stewardship, security, access controls, and privacy.
Another way to look at data governance is to see it as the formal management of data within your enterprise. Its core objective is to ensure your data, whether structured or unstructured, is available, reliable, secure, and usable at all times. Data governance requirements include setting processes, standards, and roles to oversee how data is collected, stored, accessed, and ultimately discarded.
Understanding the difference between data governance and information governance
From a personal perspective, most of us have Internal Revenue Service (IRS) data. When we submit a tax return, the accuracy of that data is our responsibility. However, the location, protection, and access to that information is now the responsibility of the third-party provider. Take it one step further; it’s five years later and you need to find some detailed supporting documentation. Where is it located? Is it in a file cabinet, on a computer, on a USB drive? If you don’t follow a standard approach to governing the information, you may waste countless hours looking.
With this real-world example, one can see that different rules are needed to allocate resources effectively, meet compliance requirements, and improve decision-making. Otherwise, you may experience costly risks like data breaches or regulatory fines. Another way to understand the differences is to refer to the chart below that shows how security is handled in both information governance and data governance.
Security Responsibilities
| IG Covers | DG Covers |
|---|---|
| Acceptable use policy | Access to the data |
| Security incident policies | Encryption of data in a database or file |
| Records retention policy | Transporting of data through email or other digital means |
Together, information governance and data governance help support compliance with laws and regulations, risk mitigation through structured oversight, operational efficiency by reducing duplication and errors. Ultimately, this brings public trust through transparency and accountability.
To better illustrate the distinctions, think of information governance as the house and data governance as the foundation. Information governance sets the rules and structure, while data governance ensures that the data within that structure is reliable and secure. Together, they enable better data-driven decisions, support disaster recovery and business continuity, and align with public records laws and digital transformation goals.
Creating a data governance framework for local government
Now that we have established that information governance is the strategy and that data governance is the operational structure, let’s discuss where to start.
- Conduct a governance audit. This includes the development of a data asset inventory, as well as review of documentation, to ensure that policies and procedures are in place and practiced. Here is a simple chart to demonstrate inventory.
| Asset Name | Description | Owner | Format | Update Frequency | Security Level |
|---|---|---|---|---|---|
| Property tax records | Records of property tax assessments and payments | Tax collector department | Database | Monthly | Medium |
| Road maintenance logs | Logs detailing road repairs and inspections | Public works | Spreadsheet | Weekly | Low |
| Human services case notes | Case notes related to human services programs | Human services office | Document | Daily | High |
| Budget reports | Annual financial budgets and reports | Finance department | Spreadsheet | Annually | Medium |
- Designate data stewards. Due to variations in subject matter expertise across various government departments, it’s best to have data stewards (or individuals in those respective areas) be responsible for the oversight of the data itself. However, it is best to rely on a central IT resource, often referred to as the data custodian, to ensure the technical aspects (such as secure locations and backup procedures) are implemented.
- Consider using open-source tools for records and data management. For those with limited budgets, using locally installed, open-source tools can help smaller government entities get control of their information and data. And while it may take time to build IG & DG into the budget, consider spreadsheets to help demonstrate quick wins.
- Align policies with regulations like the European General Data Protection Regulations (GDPR ↗) or local public records acts. Depending on the state, local governments may have different requirements for the protection of information and data. Check with your state department responsible for data privacy and records management to ensure that your policies are in line and do not conflict.
- Ask your organization these questions: Do you have policies for managing sensitive information? Are roles for data custodianship and stewardship clearly defined? Are tools in place for monitoring data quality and compliance?
Data governance and information governance in local government
From a practical perspective, Allegheny County, Pennsylvania provides a great example for how data governance and information governance combined provide positive public service outcomes. Through their CountyStat team, located within the Office of the County Manager, they lead the county’s data management, analyses, and performance improvement efforts across all departments.1 Behind the quality data are the information governance processes managed by technical support to ensure reliability and compliance. This approach supports the plethora of data available to the public covering human services, criminal justice, economic development and budgets.
Unifying data governance and information governance
Data governance and information governance are not competing concepts. They are interwoven threads in the fabric of responsible data management. By aligning both, local governments can build resilient systems that support compliance, transparency, and innovation.
To help you remember the difference, here is a poem (created by GenAI):
“Two Guardians of the Digital Realm”
In the realm of bytes and endless streams,
Two guardians watch our coded dreams.
One guards the meaning, one guards the measure,
Together they keep our data treasure.
Data governance builds the frame,
Defining standards, rules, and name.
It checks for truth, ensures precision—
The steward of structure, the heart of vision.
Information governance takes the stage,
Where law and ethics set the gauge.
It guards who sees, how long we keep,
And what to share or bury deep.
Distinct they stand, yet intertwined,
Like lock and key, their aims aligned.
For trust and value both depend,
On IG and DG—each a friend.
To learn more about how CAI helps local government agencies with data governance, fill out the form below.
Endnotes
- Allegheny County. “Data, Analytics, and Reports.” https://www.alleghenycounty.us/Government/Departments-and-Offices/Department-Directory/County-Manager/Data-Analytics-and-Reports. ↩
