IT Governance vs Data Governance: Which Should You Prioritise?

Arvind Mehrotra
6 min readAug 8, 2022

The pace at which we generate — and utilise — data is constantly growing. In India alone, the data volumes will grow massively in the next few years; total wireless data usage has already increased to 32K petabytes in the first quarter of 2022.

McKinsey predicts the dominance of a data-driven enterprise by 2025. At the same time, intelligent workflows and human-machine interactions characterise enterprise ops. Similarly, Gartner expects the range of data operations to diversify by 2025, moving from big to small and wide data applications. Naturally, it necessitates a robust data governance function — but should we abandon IT governance altogether? Let us examine this question in more detail.

Understanding the difference between IT Governance and Data Governance

It is easy to conflate the two since information technology (IT) governance, and data governance both fall within an enterprise’s strategic umbrella of information governance. However, in my experience, they are best treated as two distinct functions.

IT governance is a set of processes, tools, activities, and decisions that ensure an organisation’s technology investments can support business goals, manage risks, stay compliant, and drive innovation. It ranges from managing the enterprise network to security systems, collaboration tools, servers, digital facility management, and much more.

Today, with nearly every facet of enterprise ops becoming digitised (e.g., attendance systems), the ambit of IT companies extends beyond the purview of computers and mobile devices to encompass IoT, the cloud, and the edge.

Data governance, in contrast, is a subset of IT governance that solely deals with the data assets generated by IT systems without delving into any of its surrounding assets. It guides decision-making around data storage, retention, security, analytics, privacy, and data sharing.

Data collection requires input from business units to understand how data collection happens by various business applications, SaaS applications, third-party data sources and others. The responsibilities of these roles can include the following:

· Database analysts (DBA) and other data management professionals develop appropriate naming conventions and schemas to describe the data.

· Data engineers help identify best practices to store and stage data across various databases, data warehouses, data lakes or long-term archives. They also help set up and manage master data management (MDM) tools to track data properties, lineage, and quality.

· Data engineers and data scientists find ways to weave this data into various analytics tools, decision engines and business apps using the appropriate data science and machine learning tools.

· Security and resilience experts create and vet the infrastructure and processes to protect the data from leaks, theft, corruption and ransomware.

· A data protection officer (DPO) oversees best practices and tools to delete information when no longer required reliably or in response to a data elimination request.

A chief data officer (CDO) may work with various others to understand the requirements and intersection points of processes spanning a variety of data tools. In addition, organisations can benefit from a clear data governance leader or committee overseeing the entire process, identifying gaps and improving the overall value. Data governance setup is off one or two-member teams and could be a cross-functional skill subsumed within IT or business functions.

When to Prioritise Data Governance?

In my experience, not all businesses require data governance, mainly because a data strategy cannot directly create dollar revenues corresponding to investments. Instead, as Morgan Stanley CDO, Jeffery McMillian, puts it, data is simply an enabler. It is only when the following use cases emerge that data governance requires special attention:

High volumes of unstructured data — When handling big data, it is essential to have a data governance strategy that can guide what data you collect, its sources, the consolidation process, and how insights are generated and utilised.

The proliferation of privacy issues — Certain industries — like banks and e-commerce — handle customer data, which is increasingly fraught with privacy issues. Proper data governance will ensure compliance with GDPR, CCPA, etc., while monetising the information.

AI/ML production — When using data to produce artificial intelligence (AI) and machine learning (ML) models, data governance is essential. It ensures individual privacy and minimises the risk of bias while maintaining AI/ML training accuracy.

Regulated industries — Enterprises operating in regulated sectors like defence, healthcare, education, etc., must have a data governance plan. It reduces effort at the time of audits.

When to Prioritise IT Governance?

While IT governance is always needed in some form, specific use cases demand special attention. For example, if you have faced any of the following scenarios at your company, then it may be a good idea to funnel more resources towards IT governance:

A distributed digital landscape — A large remote working team, several onsite outlets, field workers, etc., imply a distributed digital landscape outside of the enterprise perimeter. IT governance helps maintain visibility and control while also supporting further expansion.

A large number of IT partners — If your company works with many technology vendors, networking partners, consultants, and so on, then you need an IT governance policy to minimise third-party risk.

Ongoing digital transformation — At the time of digital transformation — whether you are automating a process, modernising a system, or switching to the cloud — IT governance is essential. It future-proofs the project for long-term sustainability.

Tech dependencies in business processes — Companies that rely on technology for their core business, such as an e-commerce store or a web app provider, cannot do without IT governance. It is central to business continuity and service availability to customers.

How to Achieve the Right Synergy

Ultimately, the question of IT governance vs data governance is not an either-or. As your enterprise grows, both functions will become equally important. That is why it is essential to find a synergy between the two, starting with clear ownership and communication between the owning stakeholders. I recommend having an experienced Data Protection Officer (DPO) take charge of data governance. At the same time, the Chief Information Security Officer (CISO) manages IT control in conjunction with the Chief Information Officer (CIO).

While some of the resources dedicated to these functions may overlap, this clear line of ownership and accountability will help achieve excellence. If you want to continue the conversation or share your thoughts and observations, please email me at



Arvind Mehrotra

Board Advisor, Strategy, Culture Alignment and Technology Advisor