Written by Morgan Bright
Data has evolved from a byproduct to the backbone of business transformation, largely driven by the opportunities created by AI. Yet, data governance—the policies and practices ensuring data is managed securely, accurately, and compliantly—often remains an afterthought.
We spoke with Annie Phan, a leader in data transformation and former business analyst at McKinsey & Company, why businesses must urgently revisit their data governance practices. Currently the Chief Data Officer at Lavendr and leading data-driven initiatives at Fanatics, Annie explains why robust data governance frameworks can make or break a business, especially in the face of expanding AI technologies and tightening regulations.
Thank you for joining us, Ms. Phan. Data governance has always been important, but in 2021, only 64% of organizations had data governance programs. What’s driving today’s increased urgency?
The urgency is very real. We’re witnessing a perfect storm of technological advancements and regulatory changes that should make data governance a priority for any business. One of the biggest drivers is the explosion of AI technologies, particularly gen AI. Businesses are handling data in ways they never have before, both in volume and frequency. Without proper governance, this opens up a Pandora’s box of potential issues—everything from biased AI models to data breaches and non-compliance with privacy regulations.
Look to the GDPR fines in Europe as a sign of what’s to come. Meta was hit with a $1.3 billion penalty for violations. That price tag is a powerful reminder that companies must take compliance seriously, or risk massive financial and reputational damage. The investment in proper data governance might seem high upfront, but when you look at the risks of non-compliance, it’s a pretty intuitive choice.
Let’s talk about compliance. How does the changing regulatory landscape, particularly in the U.S., impact data governance strategies?
The U.S. regulatory landscape is unique, and especially difficult, because of its patchwork nature. While we don’t yet have a federal privacy law like GDPR, individual states are stepping in with their own regulations. For example, California’s CPRA, which builds on the CCPA, has set the bar by enforcing much stricter consumer rights and transparency around data usage. Other states like Colorado, Connecticut, and Utah have enacted similar laws, and the momentum is clearly growing.
For businesses, this means multi-state operations are facing a compliance minefield.
Each state’s laws come with slightly different requirements, so companies must adapt their governance frameworks to ensure compliance across the board. And let’s not forget domain-specific regulations like HIPAA or FedRAMP. This is where early investments in data governance pay off. Early, robust governance structures can scale with your business more effectively, ensuring that your data practices are compliant across all jurisdictions.
And the beauty of a well-managed governance system is that it does more than tick compliance boxes. It can help eliminate data silos and improve data integration across departments, too. This becomes very important when organizations start looking to implement more complex analytics, especially with AI and machine learning (AI/ML) models, which rely heavily on clean, high-quality data.
In your experience, what are the common pitfalls you’ve seen companies encounter with data governance during digital transformation?
One of the biggest pitfalls I’ve seen is that companies treat governance as an afterthought. There’s often a mindset of “we’ll figure it out later,” but that’s a dangerous game. I’ve seen that businesses tend to focus on deploying new technologies without first ensuring that their data is clean, secure, and well-managed. This is especially dangerous when it comes to AI/ML, since their outputs rely on data quality. These technologies can amplify biases or introduce serious errors if they’re built on inconsistent or inaccurate data.
Another common issue is data silos. Many organizations still have departmental data silos, where different teams manage data inconsistently. Without a centralized governance framework, it’s nearly impossible to ensure data quality across the board or to create a single source of truth. This often leads to miscommunication and interdepartmental frustration, which could have been avoided with stronger governance practices from the outset. There’s a real “people cost” to not prioritizing governance early on.
For companies just starting to address data governance, where should they begin?
Foundational elements first: assess where your data is coming from, who is responsible for it, and what policies are in place to protect it. My advice is to focus on high-impact areas first, like customer data or financial records, which are often subject to the strictest regulations and tend to have the most significant consequences if mishandled.
From there, I recommend adopting a “shift left” approach. This means integrating data governance into your processes from day one, rather than scrambling to fix things later. Addressing data quality, security, and compliance early on will save you from costly headaches down the road. I’m a big proponent of automation. With AI-driven automation tools available now, there are great options to help handle the heavy lifting for data monitoring and auditing.
And finally, training is non-negotiable. Data governance isn’t just an IT or legal domain. Really drill that in! It’s a company-wide effort. Everyone, from business users to technical teams, must understand their role in governance and how it directly impacts the business’s success. Don’t wait for an auditor or a breach to make that clear—make sure everyone is aligned from the start.
Governance as a Business Priority
With regulations tightening, data sources growing, and AI integration accelerating, businesses can no longer afford to treat data governance as an afterthought. As Annie Phan explains, from building centralized data frameworks to training company-wide teams, data governance is the foundation on which any successful digital transformation is built.