Smarter businesses start with smarter data governance

Data is the lifeblood of modern organisations. From tracking customer habits to monitoring operations, businesses use data every day to make informed decisions. 

But, with great value comes great responsibility. 

Poor data management doesn’t just slow your business down; it carries massive compliance risks. And New Zealand is no different - regulations like the Privacy Act 2020 and the Anti-Money Laundering Act 2009 set strict standards for keeping data secure. 

To break down the seemingly complex world of data governance into digestible steps, we’ll cover: 

• What data governance is and its importance 

• How to get started on this essential task 

• Ways to make implementation manageable for your team

  
  

What is data governance and why should you care? 

At its core, data governance refers to a framework for managing your organisation’s data. It ensures your data is: 

• Secure - protected from breaches 

• Private - meets privacy laws 

• Accurate - free of errors 

• Available - accessible when needed 

• Usable - structured for efficient decision-making 

Across industries like healthcare, finance, and tech, robust governance allows organisations to safely unlock the value of their information. 

Without oversight, you risk costly missteps like data breaches, loss of customer trust, and ‘data ROT’ (redundant, obsolete, trivial information piling up). 

New Zealand is no exception to these global trends. The Health Information Privacy Code highlights the need to safeguard sensitive health data, while financial institutions must comply with strict anti-money laundering protocols. 

Imagine your HR team accidentally stores employee pay records and IDs like passports on a local desktop or an unauthorised cloud platform. A breach of that sensitive data could lead to expensive legal action and significant reputational harm.

The 6-step data governance journey

Step 1: Data assessment 

Begin by taking a close look at your current environment. Ask: 

• What data is being collected, and why? 

• Where is it stored (e.g., on Google Drive, desktops, or internal systems)? 

• How sensitive is the information (e.g., customer passports, health details)? 

• How secure is your data and what risks come with how you're handling it now? 

For example, relying on weakly secured legacy systems is a red flag that needs addressing. Start tracking where data flows through your organisation and identifying risky areas. 

Step 2: Policies and guidelines 

Once your team has decided what good looks like for your organisation, build a clear roadmap detailing: 



• Acceptable data use practices - be clear about who can access specific types of data 

• Team responsibilities – educate staff about their obligations to protect sensitive data 

• Rules for sharing data – whether that be internally or externally 

  
  

Step 3: Data restructure 

Without a plan, data governance can feel overwhelming. The secret? Tackle it in manageable parts. Or as the saying goes, ‘How do you eat an elephant? One bite at a time.’ 



• Keep your data in a logical and organised structure 

• Create a clear plan to structure your data effectively 

• Ensure data is accessible to the right people and put tools with proper guardrails and processes in place 

• Evaluate and account for each of your data sources 

  
  

Step 4: Data leak prevention and information rights management 

Data leaks often happen when files intended for internal use are emailed externally or aren’t handled correctly. Keep your data safe and stay in control of your information by taking a few extra security steps: 



• Prevent accidental data leaks: Keep sensitive files, like driver’s license details, from being shared by mistake. 

• Apply appropriate security controls to sensitive data: Classify documents under categories like public, private, or confidential, and enforce tailored protections. 

• Explore additional security options:  For instance, documents can be encrypted, ensuring they remain unusable even if an employee leaves the company and retains a saved version. Additional safeguards can include disabling printing or blocking screenshots of critical files. 

  
  

Step 5: Data lifecycle management 

Many companies unknowingly pay for cloud storage packed with outdated files that should’ve been deleted years ago. 



• Identify outdated or obsolete data, like old health and safety policies 

• Add tags when creating a document to show when it needs to be reviewed, archived, or deleted 

• Cut down on ROT (redundant, obsolete, or trivial information) to keep your data management system clean and efficient 

  
  

Step 6: Organise with taxonomy and metatags

Make managing your data easier by setting up a clear taxonomy structure so information is simple to find. 



• What types of data or documents are you storing? 

• Are they easy to access when needed? 

• Enhance searchability by tagging your data with relevant categories, like quotes, marketing brochures, policies, or processes. 

  
  

Drive employee engagement for long-term success

Data governance isn’t just about IT systems - it’s about changing behaviours. And change can be tough, so resistance is normal and to be expected. 

To address this, make sure your whole organisation knows their responsibility when it comes to protecting sensitive data. Building a strong governance culture starts with helping everyone understand the risks of not taking action. 

3 quick tips for winning employee support: 

1. Communicate the why - Use real-world risks to show the ‘what’s in it for them’. For example, a breached database could cause service outages that impact their day-to-day jobs. 

2. Train regularly - Provide simple, engaging workshops or e-learning modules about tools and policies. 

3. Encourage ownership - Create a sense of accountability by rewarding employees who champion governance practices effectively in their teams. 

   
   

Your next step towards smarter data

Data governance might sound like a mammoth task, but with a phased approach and the right tools, it’s completely achievable. And it’s not just about reducing the risk of breaches - you’ll also unlock the real value of your data, helping you make smarter decisions and drive growth. 

If you’re feeling stuck or unsure where to begin, Yorb’s experts are here to help. Contact us for a consultation and take the first step toward building a smarter, more secure business.