Data Catalogues: The Unsung Heroes of Organisational Privacy
Data catalogues provide a unified and searchable view of an organisation’s data and data sources. They are not (yet) widely adopted, but given their immense benefits, we expect most organisations will eventually implement a data catalogue. Here’s why they are the unsung heroes of organisational privacy:
How Do Data Catalogues Work?
Data catalogues leverage metadata to create a taggable and searchable inventory of an organisation’s data assets.
Metadata refers to data that describes or gives information about other data. Some of us will be familiar with it through our iPhones, which use metadata to suggest albums and create memory videos.
On a personal scale, this helps organise photos and delete duplicates. On an organisational level, data cataloguing is transformational. It allows for a better understanding and analysis of data, drastically improved operational efficiency, reduced risk, and improved privacy compliance.
Using Metadata to Catalogue Data Assets
Metadata is extremely customisable, and organisations can tag data assets with almost any information or keywords they wish. That said, the metadata that’s usually collected and stored for privacy and security purposes include technical, administrative (or process), and business metadata.
Technical metadata describes the form of the metadata, not the content itself. It includes information like the file type (eg. .doc, .jpeg, .pdf), the file size, how and where it is backed up, and whether it is compressed or encrypted.
Administrative metadata provides information about the data’s history and lineage. This includes how and when it was created, who has access, information about licensing or restrictions, where the data was sourced, who has accessed the data and when, and incident logs.
Business metadata gives information about the data’s value to the business. Examples of business metadata include customer lifetime value, tags like ‘financial data’ or ‘customer data’, data owners, data quality metrics, and security classifications. This is the category where privacy professionals use the same language as business leaders.
Data Catalogues in Practice
Some applications of data catalogues include:
- Facilitating data mapping.
- Identifying sensitive data and applying adequate protections.
- Implementing access control measures.
- Data masking and anonymisation.
- Tracking data retention.
- Data deletion and cleaning.
- Improving data discovery and sharing.
- Helping identify data relating to an individual in response to data subject requests.
- Data lineage.
The Process for Adding Metadata to Create a Data Catalogue
The process itself for creating a data catalogue may look like this:
- Generating a data inventory.
- Auditing the data for quality.
- Cleaning/standardising the data assets.
- Documenting the metadata, including data lineage and lifecycle.
- Creating a data catalogue.
- Tagging the metadata to make it easily searchable.
- Integrating the data with data tools.
- Training your team to use the data catalogue, including any steps they should take to ensure data assets remain up-to-date and accurate.
- Maintaining and monitoring the catalogue to ensure it remains efficient, effective, and accurate.
Challenges to Consider When Cataloguing Data Assets
To be effective for privacy compliance, data catalogues must cover any and all data sources where personal information and/or sensitive information is collected and stored. This can make implementation and maintenance challenging.
Other common pain points we see during the data cataloguing process include generating helpful tags, navigating data ownership and collaboration, ensuring data governance and quality, increasing adoption of the data catalogue, and ensuring the data catalogue is used sufficiently to achieve value.
If your organisation needs assistance creating or improving its data catalogue, reach out. Our privacy professionals are available to help.