Data Governance Framework
A Data Governance Framework defines who can decide what about which data — across the four core questions of data: (1) Definition (what does 'active customer' mean?), (2) Ownership (who is accountable?), (3) Quality (what SLA must this data meet?), (4) Access (who can read/write/share?). Governance is fundamentally a decision-rights system, not a tool. The classical model has three layers: Strategic (data council/CDO sets policy), Tactical (domain data owners arbitrate definitions), Operational (data stewards do day-to-day curation and exception handling). Without governance, every data project quietly relitigates basic definitions, every dashboard tells a different story, and AI/analytics investments produce contradictory conclusions confidently.
The Trap
The trap is governance theater: a 50-page policy document, a quarterly committee meeting, no real authority. Data council meets, agrees on principles, nobody changes their behavior, the document gathers dust. Real governance requires teeth — domain owners with veto power over conflicting definitions, consequences for non-compliance, and CEO-level backing when business units push back. The other trap is over-governance: a 12-step approval process for every new field, killing speed without improving quality. Effective governance is 'minimum viable governance' — governs the small percentage of data and decisions that actually matter (typically <20% of datasets) and lets the rest move freely.
What to Do
Build governance in three layers: (1) Charter a Data Council (CDO + 5-7 domain heads) with explicit authority over the top 20 enterprise data definitions and policies. Meet monthly with real decisions on the agenda. (2) Name domain Data Owners (one per critical domain — customers, products, finance, employees) with arbitration authority and KPI accountability. (3) Hire Data Stewards (1-3 per major domain) for day-to-day curation. Document the RACI: who is Responsible, Accountable, Consulted, Informed for each data decision. Publish a 1-page governance map; revisit every 6 months.
Formula
In Practice
JPMorgan Chase, after the 2012 'London Whale' trading incident (driven in part by inconsistent risk data across systems), built one of the most structured enterprise data governance frameworks in finance. They established a Chief Data Officer with C-suite authority, named Domain Data Owners across business lines, deployed thousands of data stewards, and built the 'Firmwide Data Office' with explicit authority to enforce data standards across all lines of business. The CDO reports to the CFO and has formal escalation authority to the CEO. Regulators now consider JPMorgan's governance a benchmark for global systemically important banks.
Pro Tips
- 01
Start governance with the top 10-20 enterprise definitions, not all data. Governing 'active customer', 'gross revenue', 'churn', and a dozen others well is far more valuable than governing 5,000 fields poorly. Most enterprises invert this and end up with broad coverage and zero depth.
- 02
Make non-compliance visible and uncomfortable. If a team ships a dashboard with a non-governed metric, the dashboard should display a 'NOT GOVERNED — local definition' badge. Social pressure beats formal enforcement for most behavior change.
- 03
The chair of the Data Council should NOT be the CDO — it should be the CEO, COO, or CFO. CDO-chaired councils get treated as IT meetings; business-leader-chaired councils get treated as business decisions. This is the single highest-leverage governance design choice.
Myth vs Reality
Myth
“Data governance slows the business down”
Reality
Bad governance slows the business down. Good governance speeds it up by eliminating relitigation: the third time three teams have argued for two weeks about what 'MAU' means, you've spent more time than 5 years of well-run governance would have cost. Speed and governance are correlated, not opposed, when the governance is minimum-viable and decisive.
Myth
“Governance is the data team's job”
Reality
Governance is the business owners' job, supported by the data team. If governance is delegated entirely to a CDO/IT team, business units treat outputs as 'IT's opinion' and ignore them. The most successful frameworks have business executives as data domain owners with real accountability — the data team enables, but business owns.
Try it
Run the numbers.
Pressure-test the concept against your own knowledge — answer the challenge or try the live scenario.
Knowledge Check
A bank's data governance council has met monthly for 18 months and produced a 60-page policy document. Definitions are still inconsistent across business units, and three different revenue numbers are presented in board meetings. What is the most likely root cause?
Industry benchmarks
Is your number good?
Calibrate against real-world tiers. Use these ranges as targets — not absolutes.
Data Governance Maturity Tiers
Global enterprises ($1B+ revenue), DGI / EDM Council surveysOptimized: Business-led, executive-chaired council, enforced
~10% of enterprises
Managed: Defined RACI, partial enforcement
~20%
Defined: Policy exists, weak enforcement
~35%
Reactive: Crisis-driven, no framework
~25%
None: No formal governance
~10%
Source: https://datagovernance.com/the-dgi-data-governance-framework/
Real-world cases
Companies that lived this.
Verified narratives with the numbers that prove (or break) the concept.
JPMorgan Chase
2013-present
After the 2012 'London Whale' incident exposed inconsistent risk data across business lines, JPMorgan built one of the most disciplined enterprise data governance frameworks in global finance. The CDO reports to the CFO with formal escalation to the CEO. Each business line has named Data Owners. The Firmwide Data Office has authority to enforce standards across all lines, with consequences for non-compliance. The framework has become the regulator-recognized benchmark for global systemically important banks (G-SIBs) under BCBS 239.
Catalyst Event
2012 London Whale ($6B loss)
Data Owners (Domain)
Hundreds across firm
Data Stewards (Operational)
Thousands
Regulator Recognition
BCBS 239 benchmark
Crisis-driven governance is real governance. The political will to enforce only emerges after a public failure. Don't wait — but if it happens, use it.
Capital One
2014-present
Capital One operates a multi-tier data governance framework with a Data Management Office (DMO), domain data owners across the bank, and a federated steward network. Every business line has a Data Quality lead accountable for tier-1 datasets. Governance decisions flow through a quarterly Data Council chaired by senior business leaders, not by IT. Standards are enforced via mandatory data product certification before any dataset can be consumed enterprise-wide. The framework underpinned the bank's successful migration to the cloud and to ML-driven decisioning.
Framework Tiers
Strategic / Tactical / Operational
Domain Data Owners
Named across all lines
Certification Required For
All enterprise-shared datasets
Council Cadence
Quarterly, business-chaired
Federated governance with central enforcement scales for large regulated enterprises. Certification gates make compliance enforceable rather than aspirational.
Hypothetical: Global Manufacturer
2020-2023
A $4B industrial manufacturer launched a data governance program with a 70-page policy, quarterly council meetings, and a hired CDO. After 36 months: definitions were still inconsistent across regions, the council was chaired by the CDO (not a business executive), and BU general managers ignored the policies because there were no consequences. The CDO left after the third year; the program was quietly de-funded. Total spend: $9M with effectively no behavior change.
Investment
$9M
Council Chair
CDO (not a business exec)
Enforcement Consequences
None
Behavior Change
None
Governance theater fails predictably. Without business-executive chairs, named accountability, and real consequences, no policy document changes behavior.
Decision scenario
Building Governance With Teeth
You're a new CDO at a $2B insurance company. The CEO has given you 18 months and a $5M budget to 'fix our data'. Three business units (P&C, Life, Commercial) operate semi-autonomously with their own data teams and conflicting definitions of customer, policy, and claim.
Budget
$5M / 18 months
Conflicting Definitions
~30 across BUs
BU Independence
High; CEO-level
Governance Maturity
Reactive (~stage 2)
Political Risk
High
Decision 1
You can either build a centralized policy framework first, or start with a Data Council. Each BU head will resist anything that limits their autonomy.
Hire a 20-person governance team and build a comprehensive 80-page policy document. Roll it out top-down in month 6.Reveal
Spend month 1 lobbying the CEO to chair the Data Council personally. Convene 3 BU heads + CFO. Force decisions on the top 15 definitions in months 2-9 with CEO arbitration authority. Tie BU bonuses to compliance.✓ OptimalReveal
Related concepts
Keep connecting.
The concepts that orbit this one — each one sharpens the others.
Beyond the concept
Turn Data Governance Framework into a live operating decision.
Use this concept as the framing layer, then move into a diagnostic if it maps directly to a current bottleneck.
Typical response time: 24h · No retainer required
Turn Data Governance Framework into a live operating decision.
Use Data Governance Framework as the framing layer, then move into diagnostics or advisory if this maps directly to a current business bottleneck.