We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Introducing Principles-Based Data Governance

Originally published July 1, 2009

There is growing agreement on the need for data governance, but I find that enterprises are often ambivalent about actually implementing it. The recognition of the need for governance iscounterbalanced by a worry that a vast amount of bureaucracy will have to be set up, and that this bureaucracy will be unjustifiably expensive, inefficient, and might not deliver any results. Thelatter point seems to be particularly worrying. Most, if not all, of the large financial sector companies that are now in trouble apparently had robust and well-funded GRC (governance, risk, andcompliance) functions. Something evidently went very wrong across a wide spectrum of these enterprises. What guarantee, therefore, is there that an essentially similar approach for data governancecould do any better?

What are Principles?

One way that I believe we can overcome these twin objections of inefficiency and ineffectiveness is to take a principles-based approach to data governance. Before looking at how such an approachcan be implemented, it is first necessary to come to grips with what principles really are, and that involves a small digression.

"Principles" is a word that is thrown around a lot, and is used to mean all sorts of different things, such as laws of the universe or moral commandments. However, in the sense used here, it meanswhat the metaphysicians call "absolute presuppositions." Metaphysics (also known as ontology) is the science of being. It is not held in high regard today, for a variety of reasons, but has avaluable corpus of work that can be drawn on. According to metaphysics, an "absolute presupposition" is a proposition that cannot be further analyzed – it can only be accepted by anindividual as true or false. This key insight is followed by a second, which is that all of us operate within a framework of absolute presuppositions, and that one of the jobs of metaphysics is (orwas when it was an active area of study) to precisely identify what these are in every area of human activity. This is because it is very rare for the absolute presuppositions to be formally stated.Strangely, people can behave in certain ways without knowing why they are doing so.

Even so, some principles are well known. Take, for instance, the following propositions from the U.S. Declaration of Independence:

All men are created equal

All men are endowed by their Creator with an unalienable Right to Life

The first is a direct quote; the second is a specific formulation from the enumeration of certain rights. The text that precedes them says:

"We hold these truths to be self-evident"

What this means is not to say that we are not going to allow debate on the principles, but rather it recognizes that we have reached a boundary beyond which no further analysis is actually possible.Each of us has to either accept or reject the principles – there is no higher framework within which these propositions are located that allows us to deduce or induce if they are true or not.Intuitively, we know this is the case. Many of us have tried to argue over an absolute proposition only to feel frustrated that we cannot "prove" to someone else that it is true or false. We shouldnot blame ourselves – it simply cannot be done.

Principles versus Rules

Returning from our digression, we can now look a little more deeply at the challenges of data governance. It seems to me we have two major options in approaching data governance, which is tomake it principles-based or rules-based. These two options are not fully mutually exclusive, but they are distinct. They can be basically understood as follows.

A principles-based governance approach will clearly articulate the principles an enterprise adopts for data governance. It will ensure that all stakeholders understand, adopt, and practice theseprinciples.

By contrast, a rules-based governance approach will attempt to formulate policies. For each policy, a set of rules will then be designed and implemented. It is expected that all stakeholders willunderstand the rules and obey them.

Those who advocate the rules-based approach will probably object if told that their policies are in fact based on principles. Perhaps this is true in some cases, but my experience is that the"principles" are never articulated. By contrast, those who advocate the principles-based approach sometimes seem to think that simply stating the principles is all the work they need to do. Thereis a lot more, and business processes and infrastructure need to be developed to support a principles-based approach, just as much as for a rules-based approach. Stakeholders need help in gettingthings done, and the rules-based approach at least tries to incorporate such support. A principles-based approach should not be an excuse for abandoning such efforts.

It is important to understand how data governance programs will run, depending on whether they are principles-based or rules-based. A principles-based governance program essentially empowers theindividual, and emphasizes individual responsibility. It asks individuals to think hard about what they are doing in every situation and make a best effort to apply the principles they have assentedto.

A rules-based approach assumes that every situation can be foreseen in advance, and the individual can be supplied with a set of precise instructions on how to react to each situation to produce anoutcome that the enterprise has also specified.

Which is Better?

I would submit that the rules-based approach has distinct limitations. It is definitely good in certain situations where high levels of discipline are essential. Legislatures, armies, prisons,and the like need rules, but these are hardly similar to data management environments. We all know that it is possible to fully obey rules and produce perverse outcomes. We have seen the result inour economy of mortgage brokers, rating agencies, securitizers, bankers, and regulators doing precisely that. Furthermore, it is not possible to foresee every situation in advance and devise rulesfor it. Data is almost unique in being an abstract thing that represents something else. It can be distorted in an infinite number of ways, which, even if they could be thought of in advance, are sointertwined with other considerations that it would be impossible to figure out how to manage them by sets of rules. Attempting to do so would be so resource-consumptive that the task could never befully completed.

The principles-based approach has a limitation in that individuals must agree with the principles. They cannot simply say that they agree but work in practice to a different set of covert principles.If this difficulty can be overcome, then the same human ingenuity that can be used to circumvent pre-specified rules can be used to find ways to adhere to principles of data governance in unusual anddifficult circumstances. Nobody gets any real satisfaction in knowing they are following rules; but people can be genuinely delighted when they know they have used their initiative to apply sharedprinciples they believe in.


We often talk about different "cultures" of an organization and try to form descriptions of them. I believe that it is better (although more difficult) to formalize the set of data governanceprinciples under which an enterprise operates. There is no escaping such a set of principles, and we can be absolutely certain one exists in every enterprise. We may discover existing principles suchas:

No individual is accountable for the quality of data values they produce

No software acquisition involves conforming to an enterprise architecture

No analysis artifact is updated after a project ends

A principles-based data governance approach will seek to replace poor existing principles with better ones and empower stakeholders to implement them without prescribing how it should be done. Thiswill avoid creating a bureaucratic overhead and will give the enterprise a reasonable way to implement effective data governance. Space only permits an introduction to the topic here. A lot moreneeds to be said on it, and I will be following up in future articles.
  • Malcolm ChisholmMalcolm Chisholm

    Malcolm Chisholm, Ph.D., has more than 25 years of experience in enterprise information management and data management and has worked in a wide range of sectors. He specializes in setting up and developing enterprise information management units, master data management, and business rules. His experience includes the financial, manufacturing, government, and pharmaceutical industries. He is the author of the books: How to Build a Business Rules Engine; Managing Reference Data in Enterprise Databases; and Definition in Information Management. Malcolm writes numerous articles and is a frequent presenter at industry events. He runs the websites http://www.refdataportal.com; http://www.bizrulesengine.com; and
    http://www.data-definition.com. Malcolm is the winner of the 2011 DAMA International Professional Achievement Award.

    He can be contacted at mchisholm@refdataportal.com.
    Twitter: MDChisholm
    LinkedIn: Malcolm Chisholm

    Editor's Note: More articles, resources, news and events are available in Malcolm's BeyeNETWORK Expert Channel. Be sure to visit today!

Recent articles by Malcolm Chisholm



Want to post a comment? Login or become a member today!

Posted July 12, 2009 by Lawrence Dubov


Thank you!

I totally agree with the idea of the article and in fact have been using the Principle Based approach on many types of initiatives, not just for Data Governance. Starting with Principles is always a good idea!


In the context of Data Governance it would be great to have a template list of Data Governance principles that an enterprise can use as a framework for discussions and setting program expectations. I think DG principles should be aligned with the DG framework of choice. This may include DG Architectural Principles, DG Organizational Principles, DG Security and Visibility Principles, DG Data Quality Principles, etc





Is this comment inappropriate? Click here to flag this comment.

Posted July 8, 2009 by Len Silverston


Thank you for your excellent article where you make the important distinction between principle-based and rules-based data governance.

I think that your point about a principle-based approach being much more empowering is a key factor to success in data governance. There are many sources that discuss the empowerment that occurs when people move towards commonly agreed principles and the fallacy of governing by tightly defined rules. For example, In Sun Tzu’s classic “The Art of War” (which I believe describes principles that are related to any field), there are many quotes regarding this such as “In the art of war, there are no fixed rules, these can only be worked out according to circumstances.” Li Chiian, fl. 7trh century AD.

I look forward to more on this subject,

With appreciation,

Len Silverston

Is this comment inappropriate? Click here to flag this comment.

Posted July 2, 2009 by George Allen

When you started on metaphysics I almost fell asleep, but the content of your article is very valuable.  Transforming this argument into a directive for an organization is difficult because people do tend to fall into either the principle or rules camp, by nature or experience, and often do not know which they actually are.

And in IT infrastructure, most of the governance is rule-based, not principle based, so it becomes even more difficult to elaborate a principle based approach.

Thanks for the thoughts.  It will help me a great deal in advising my colleagues.


Is this comment inappropriate? Click here to flag this comment.