IBM Forms Data Governance Council

American Express, Merrill Lynch, World Bank and Others Join IBM to Tackle Security, Privacy, Compliance and Business Intelligence Challenges

Select a topic or year

ARMONK, NY - 30 Jun 2005: IBM today announced it has formed the Data Governance Council with dozens of leading companies, institutions and technology solution providers -- in a global effort to develop a 'blueprint' of common solutions which go beyond traditional monikers of security, privacy, compliance, and operational risk to form a new category for businesses called Data Governance.

Data Governance is the process by which companies govern appropriate access to their critical data, by measuring operational risk and mitigating security exposures associated with access to data. The Data Governance Council will look to redefine the management of data governance policy, the impact of policy on business processes and practices, and the enforcement of policy in IT infrastructure, content and organizational behavior.

The council is developing a blueprint for the governance and protection of personal and organizational data within and between enterprises, and is evaluating how organizations can implement this data governance blueprint using IBM and business partner solutions and research concepts.

Companies today have difficulty measuring the value of their data, including the types and probability of risks around data loss, and have no standard way to mitigate these risks. As a result, all data is protected the same way: low quality data is over-protected and high value data is under-protected. Companies need to integrate data security policies into business processes, to use quantitative methods to assess risk and to allocate essential resources to protecting critical data resources in high value business transactions.

"Increasingly, companies are seeing alarming rates of data theft. We need a better approach to overseeing appropriate access to critical information at all levels to help minimize this threat," said Robert Garigue, chief information security officer, Bank of Montreal. "The Council's ultimate goal is to transform data governance and compliance from yearly audits to real-time, change-driven, on demand business processes that continually assess risks, update policies and manage resources across the enterprise."

According to early findings by the Data Governance Council, the top governance challenges today are:

Data Governance Council members today include ABN Amro, ActivCard, Airmagnet, American Express, Bank of Montreal, Bell Canada, Blueworld, Cadence Design, Centerprise, City of New York FISA and DoE, Consultrex, Corticon Technologies, Danske Bank, Deutsche Bank, Fidelis Security, Great American Insurance, Huntington Bank, Key Bank, Merrill Lynch, Mitratech, Navigant Consulting, Novartis, Government of Nassau County, Ping Identity, TIAA-CREF, TeliaSonara, North Carolina State University, Northwestern Mutual, Nova Southeastern University, the United Nations Development Program, SPS and the World Bank.

"One of the biggest problems for organizations is how to manage and control all the data that resides within a company these days, especially as more and more companies do business with each other online, extending into large data supply chains," said Steven Adler, chair of the Data Governance Council and program director, IBM Data Governance Solutions. "There is a clear need for common solutions and governance models to protect and share data on different levels. At the heart of the IBM Data Governance blueprint, is an initiative to bring a collection of proven technologies and collaborative methods to build consistency and quality control in governance, which will help companies better protect critical data."

For more about the Data Governance Council, please visit