Data Management Software

As assorted and diverse information structures with varied privacy policies prevail in the IT scenario covering all over the world, technical control and logging mechanisms are required to enforce and monitor privacy rules, laws and by-laws to ensure accountability for information use. While several technologies address privacy protection in enterprise IT systems, they are categorized into two primary divisions, namely, Communication and Enforcement. Policy Communication platform for Privacy Preference is P3P which is a standard for communicating privacy practices as well as matching them with the preferences of individuals. Policy Enforcement, however, covers the Extensible Access Control Mark up Language or XACML, which along with its Privacy Profile is the standard for expressing privacy policies in a machine-readable language that a software system can use in enforcing the policy in enterprise IT systems.

Though the Enterprise Privacy Authorization Language or EPAL is fairly similar to XACML, it is not an industry standard while Web Service Privacy or WS-Privacy will be a specification for communicating privacy policy in web services only.

Despite several measures taken to catch hold of electronic offenders in the United States, data privacy is not highly legislated there. Credit report generation of individuals for employment, housing, purchase of consumer durables are accepted norms in many states to which nobody seems to object, no matter how much the federal government tries to restrict the practice. Apart from meager regulations involving children’s privacy protection (Children’s Online Privacy Protection Act) and HIPPA, there is hardly any all-encompassing law in the United States, restricting the use of personal data. Probably the First Amendment that protects free speech in the US gives rise to conflicts with any attempt on part of the government to restrict privacy even in the electronic age. The matter seems to gain more momentum in the light of many countries where privacy works as a tool to suppress free speech.

In order to demonstrate compliance with the European Commission directives on corporate privacy matters, the Safe Harbor Arrangement was developed by the US Department of Commerce which tried to simplify relations between them and the European Business Community at large. However, the US Supreme Court at last granted the right of privacy to individuals in Griswold v. Connecticut but barring California, very few US states recognize or encourage an individual’s right to privacy. An unassailable right to privacy is enmeshed in the California Constitution’s Article 1, Sec.1 while the California legislature has taken several legal measures to protect the right. The California Online Privacy Protection Act of 2003 mandates all commercial websites or online services that collect personal information on California residents through web to post a privacy policy on the site as also to comply with its policy. However, with the enactment of further laws and regulation protecting the privacy of all American citizens, data privacy and security is now seeing better days in the US.

Compared to the fate of US citizens in matters relating to the right of data privacy, the average Canadian seems to fare well. The Personal Information Protection & Electronic Documents Act in Canada went into effect (in relation to federally regulated organizations) on January 1, 2001 while it became fully effective in relation to all other organizations on January 1, 2004. Such regulation has also brought Canada into compliance with the requirements of the European Commission’s directive on the subject.

The data privacy and security system in Europe, however, is far more advanced than what it is in North America. The right to data privacy is rigidly regulated in most of Europe. Right to respect for one’s ‘private and family life, his home and his correspondence’ subject to few restrictions is amply provided in Article 8 of the European Convention on Human Rights (ECHR). The European Court of Human Rights interprets the Article 8 in the light of unlawful gathering of personal information that often extends to collection of medical data or particulars of personal expenditure. Sate interference with a person’s privacy is only allowed by the Court if three conditions are fulfilled – (1) the interference is in according with local law; (2) pursues a legitimate goal and (3) it is needed in a democratic country.

Apart from legislative interference, private enterprises often posed threat to data privacy in some European nation states while automated processing of data became pervasive. In order to put a rein on such electronic crimes, the Convention for the protection of Individuals with regard to Automatic Processing of Personal Data within the Council of Europe in 1981 and accordingly:-

• The old Data Protection Act 1984 was repealed and replaced by Data Protection Act 1988 in the United Kingdom. The new law is far more stringent about maintaining and protecting the secrecy of private data.
• In Germany, both the Federal Government and the state bodies had enacted data protection legislations for the benefit of common man
• France adopted its present legal structure for providing protection of personal data that is almost foolproof.

However, experience have shown that mere enactment of law can hardly address the menace in which hackers are disrupting the functioning of significant research activities, indulging in unauthorized withdrawal of large amount of money from banks by duplicating the encryption in Debit Cards and are also selling personal information to whosoever is willing to buy.

Data warehouses prove useful to business houses for improving customer services but if quality data is not available, the whole purpose is lost. What really happens is something like this. Organizations will at first spend adequate time and energy ensuring the quality of data, but that initial importance on quality dies away as time passes, resulting in ‘dirty data’ flooding the data warehouse. And as a result, the business suffers.

Coming down to data integrity, which also means the state of its consistency and precisionMessage Authentication Code, Message Integrity Code or MAC implies some relationship with its quality. This integrity is often ensured by the using a number that is known as . With reference to security of the information in general, integrity indicates the very validity of the data which, however can be affected by malevolent altering as happens in the case of an attacker changing the account number in the bank transaction or forging of a document. Also, it can involve accidental altering through error in transmission or due to a hard disc crash.

This is why data security has today become such an important issue. To ensure that data quality is upheld, data security has to be enforced and so not all people in an organization has access to the data. There may also be cases where certain people have access to data for just a short time, and after their needs are fulfilled, the access is withdrawn.

Data integrity may be imposed in a system by a succession of rules or integrity constrains while three kinds of such constrains form a part of the rational data model namely, Domain Integrity, Referential Integrity and Entity Integrity. The first one is related to the idea of a Primary Key. The Entity Integrity clarifies that each table should have the Primary Key as also that the columns or column chosen as Primary Key must be exclusive and not a void.

The Referential Integrity relates to the idea of a Foreign Key while it clarifies that the value of any Foreign Key is only in one of the two states. The normal phenomenon suggests that the value of the Foreign Key will refer to the value of a Primary Key in the database. Often this depends on the business rules when the value of the Foreign Key would be invalid. In such cases it may be presumed the relationship does not exist between objects represented or that the relationship is of unknown quality.

So far as Domain Integrity is concerned, it needs all relational database columns to be declared to a defined domain and the primary data unit in a relational model will be the item data. Such data is atomic or Non-decomposable. A domain usually stands for a set of values that are the same and as such consists of groups of values from where the actual value appears in a column.

MD5 hash values are an example of data integrity in cryptography while the various byte blocks work as numerical summation of the data item’s content. When the data changes, MD5 hash does not give the same result.

Strange but nevertheless true, many business houses have failed and would perhaps continue to fail because the management and control of data quality is not given the priority it deserves. However most businesses today realize the value of data and thus maintaining data quality and integrity is given the importance it deserves. Of course, building an effective organization-wide data management strategy may prove to be a difficult job. However, most US trade and commerce are no more based on world-wide framework and unless adequate attention is given to maintaining data quality and integrity, even home market may collapse any day.

• Increasing the consistency and buoyancy in making decisions
• Decreasing the regulatory fine hazards
• Exploiting the income generating potential of relevant data
• Ameliorating data security
• Delegating accountability in information eminence

Data governance however, aims at improving the quality of data by way of establishing a team consisting of the leadership, business managers and data stewards who are responsible for the accuracy, consistency and totality of the available data. The team so assigned often employs some form of tactic for tracking and improving quality of data like the Six Sigma as also tools for data mapping, cleansing, profiling and also monitoring data.

Initiatives in data governance are also aimed to achieve several objectives that include transparency for the external and internal customers of a company as is done in supply chain management, complying the relevant regulatory by-laws, improving operations during corporate mergers, as also aiding the competence of knowledge employees by eradicating confusion and error factors. Instances of several data governance steps being inspired by endeavors in the past to improve information quality are not rare.

As far as implementation of data governance initiatives are concerned, they often vary in range and also in origin. A mandate may sometime arise to begin an enterprise broad enough, while another may arise to start a pilot project or several projects that are restricted in objective and scope. These are usually aimed to resolve the present issues or simply for demonstrating value. Also, often an initiative may originate at lower down the rung and would be for setting up through a limited scope for demonstrating value to the potential sponsors who are higher in the organization.

Data governance usually needs tools though it was declared at the Data Governance Conference held in Orlando, Florida in December 2006 that it mostly communication on which the topic resides. Taking this clue, vendors try to position their products as data governing tools, focusing areas of various data governing initiatives. But sad to say, they are usually found inappropriate while some of them marked governance tools actually address governance needs.

Also, in most companies, there are some areas in reference data which proves crucial for the main business. Take for example financial management where the identification of investment opportunities is of great importance. However, closer examination often reveals that the data is not the same in quality and usage all through the organization. Ingrained definitions that are specific to individual businesses complicate the issue further. Then there are political pressures and internal lack of trust that often changing the color of the given data. Data governance in such scenarios may take the form of MDM or Master Data Management program.

Sometimes, large multi-national companies utilize shared data among its white collar executives in order to market a much awaited product or services before the due date. This obviously causes strain in their existing data governance system. But how one of the world pharmaceutical leaders, Pfizer had solved the problem is given here as a case-study.

Since data governance is proving more and more popular with most medium and large organizations in the United States, this treatise will prove rather inactive if some of the major data governance organizations are not revealed here. The IBM Data Governance Council is a body that consists of companies, corporations, Technology Solution providers and institutions who have the related objective to create quality control and consistency in governance for companies to better protect their crucial data.

The DGS-COP or the Data Governance & Stewardship Community of Practice is a vender-neutral group that is open to practitioners, stakeholders, academics, consultants and vendors. It provides many helpful implements to its members that include case-studies, dashboards, maturity models and online events.

People also obtain valuable help through attending Data Governance Conferences that are held in the US as well as in Europe every year where various institutions and companies show case their models for the benefit of attendees.

Data is not anymore the simple business information of a few years back. It can mean a lot more today in this complicates market place. And that is why terms such as data governance have evolved – and we can only expect that its importance will be on the rise in the years to come.