Why HR Needs Data Governance: 5 Steps for Leadership

What does HR have to do with data? What can HR do to secure employee data? How can HR take the lead on a data-heavy project?

Data GovernanceHR’s duties have essentially doubled with technology.

While HR’s core functions have remained the same, the process of tracking it all has drastically changed with the rise of Big Data.

The department’s impact was once immeasurable and only considered a “cost center.” Administrators struggled to act as employee advocates and were pressured for decades to prove the worth of a human capital investment.

With recent transformations, HR is in a position to bring many new opportunities to businesses.

Why is data part of HR’s duties?

Big Data has opened up a throne-sized seat at the table. Lucky for HR, it can be first in line to step up.

Control over data once relied on the ability to design, automate and generate reports, which fell squarely on tech-savvy leaders within IT. Now the process is simple enough for anyone to reach in and pull insights.

The goal of recent updates to HR technology was to enable self service. At the get-go of implementing a solution, the delivery of people-related data is automated. It’s easier and faster for HR to generate reports and use the data for a variety of purposes.

One great example is with hiring:

Recruiters may care most about tracking time to hire, but executives at the table care more about the quality of the hire.

Doug Rippey with HRIzons advises HR leaders should meet with other business leaders and discuss the types of reporting they’d like to see. If the quality of the hire can be drilled down to a data point, it’s up to HR to investigate it.

Another reason why HR must take ownership of confidential data is because of the notorious lack of accountability. When it comes to controlling a company’s digital assets, compliance standards must be fleshed out. HR’s role expanded with the infamous Community Health Systems (CHS) data breach last August, where 4.5 million patient records were leaked. The breach falls under the Health Insurance Portability and Accountability Act (HIPAA), making it HR’s problem as the role of compliance and legal expert.

The complication is that the security of people-related data requires only specialized personnel within HR to have access. Constructing a data governance policy originates with which people need access to what data, and that’s something IT can’t take charge of.

Even when IT is tasked with moving data, serious internal consequences can occur, such as Mafaz Mazeen with OrangeHRM noted could cause unexpected problems during HR software implementation.

Distilling the value of an employee into data is a tricky process, but it’s necessary to put together a plan for talent management.

What to look out for when responsible for data?

When it comes to the shared responsibility of data, breaches around the world might send HR running back to the table feeling clueless.

However, HR should already know what to do just by reflecting on their own people. Companies lose data (usually) because employees leak it. Those leaks may not be intentional, but they must be controlled through company policy.

The biggest example HR should look out for is “spear-phishing,” where hackers gain passwords through deceiving emails. A targeted employee could innocently open a message, click through to a login box and enter classified credentials. This gives the outsider everything needed to get into the system.

Intel Security revealed that 95% of cyber attacks on enterprise business are carried out through spear-phishing. Another type of spear-phishing is cleverly named “whaling,” where the targeted employee is a high-level executive.

We’ve discussed phishing in another article on securing cloud data. To stop it, every employee should check the following features whenever opening an email:

  • The email address of the sender
  • The URL of the webpage requesting information
  • Any “About” or “Contact Us” links on the page that seems deceiving

Email addresses are easy for attackers to find online. If employees know what to look for when receiving suspicious mail, your data is secure.

Once you know how to control spear-phishing, it’s time to protect yourself against the other 5% of attacks.

How can HR take the lead on data governance?

While there are a myriad of strategies for developing a data-driven culture today, creating a data governance policy is fairly straightforward. There are specific procedures involved with transferring and extracting data, but they’re only within the framework of setting up the software.

Managing the full process requires a diverse team. Here, we’ve broken it down into five basic steps and included what HR must do to help:

1. Develop an organizational scope

Map out the company’s C-suite and organization leaders while tracing their accountability upward to identify who takes ownership over the sources of data.

HR’s Role: Ensure that each business unit is well represented from the get-go. Be ready to organize heated meetings regarding the value of your company’s data.

2. Establish a Data Governance Council

Data stewards are a mix between IT and business leaders. When it comes to people-related data, this is where HR must focus to see that responsibilities are met with the right skills. Gather a representative sample and get them on the same page.

HR’s Role: Update employee profiles to reflect the responsibilities of council members. Be sure to notify everyone that becoming part of the project is a type of promotion and a step forward for their career. Title changes may be in order depending on the depth of the project.

3. Define the goals and life cycle of collected data

Identify who must have access to what analytics and limit any unnecessary access. When data moves through its lifecycle, it will be claimed as “owned” across business units. Map out how data will be transferred between users. (Note: For this reason, all solutions must be able to integrate with one another.)

HR’s Role: Administrators must consider how the sources of people-related data draw back to performance factors. At this point, HR may need to re-evaluate core job duties to better support the bottom line. The data must be able to reflect the performance of your employees in a way that connects directly to the rest of the business.

4. Create a test group before going live

Feedback from the initial test group will be vital in discovering what must be worked on before scaling out. The group must have goals and key performance indicators (KPI) to report on success without additional help. Once the pilot group is able to independently use the data that’s relevant to them, it’s time to roll out the solution.

HR’s Role: Be sure that the test group doesn’t take full control over the conversation around data governance. While its feedback will be important for fixing any unforeseen issues, its priorities may not be relevant to other teams.

5. Scale out access

Set benchmarks with each new team allowed access and leave room for gradual improvement. Over time, each user should have no problem accessing necessary data, and the business will recognize set data points throughout each solution.

HR’s Role: Continually check access to data to make sure it aligns with how employees are affecting the bottom line. Be sure this data is secure, particularly data involved with performance, compensation and benefits. HR is directly accountable for that data’s confidentiality.


Much of what is prioritized by a data governance policy comes with the process of implementing an enterprise solution.

If your organization presently doesn’t have a set of enterprise solutions, implementation is a great way to shift toward a data-driven mindset.

If your business already has an enterprise solution, but no data governance policies, they need to be put in place ASAP to shore up any vulnerabilities.