Mark Milone, former Boeing attorney turned data strategy leader talks data governance, why it's important in today's world, and why it's so misunderstood
You recently joined Blueprint to develop our data governance products and services, but you actually have a background in law, correct?
Yes, I’m an attorney but I always practiced in technology. I started doing contractual work and advising on intellectual property and then eventually moved into cyber security and privacy.
How did you make the switch from law to data governance?
Back when I was working at Boeing, I was the lead attorney supporting the Chief Information Officer for about ten years. About 6 years ago, Boeing started a big digital transformation initiative where they were trying to change the way that they built and engineered planes by leveraging data from the planes to influence the entire process from design to manufacturing to supply chain.
One of the key initiatives was standing up our first data analytics platform, but they were having challenges getting engineers to bring data into the platform. When you work in certain industries people are very cautious about who they let access their data, especially when you’re working with the government – data is much more sensitive.
The CIO approached me to see if I could help. Eventually, I came to realize that the problem was really about governance. But nobody called it “data governance” at that point, and no one really knew what it was. It was just a roadblock that they couldn’t figure out how to break through.
I eventually worked my way through the problem and found a path forward for the company and received a Boeing Recognition Award from the CEO for my efforts. I then proposed that I stand up a group to do the topic justice and really make an impact on Boeing’s digital transformation – and that is what led me from law into this space.
How would you define data governance?
My formal definition of data governance is that it’s the formalization of authority and control over the definition, production and use of data. What that really means is when you talk about governance people are used to talking about it in the context of things like corporate governance and risk and compliance, and really what it’s about is: How do you exercise authority and control over data so that you can show that it’s properly managed?
Part of the challenge right now is that governance has a bad connotation for companies, especially on the business side, because they see governance as a roadblock. A lot of people who are in this arena tend to come from compliance functions. They like to think of it in terms of risks, but I like to think of it as managing the data, and if the data has some sort of risk associated with it – then you manage the risk.
For example, people understand that if you collect personal data, it is subject to certain laws, which means it will have some risk, which means you will have to control that risk, and you control that risk through governance.
What would you say to people or companies that have similar concerns to those initial employees at Boeing that were nervous to put their data onto their new platform?
I would say that governance is really the first step to getting value from the data. Although you need to think about the risk piece, there is also a reward, or value to the data that needs to be recognized. Data governance is what brings that value piece. This is where things like data quality come in. The conversation becomes less a matter of ‘We have this data and there’s some risk associated with it,’ and it becomes more a matter of ‘We have some outcome that we want to reach, and we need to know if we reached it, so we need to have the right data to determine if we’re doing the right things.’
And that’s where it starts becoming valuable. As you get employees used to understanding data and working with data, they get much more comfortable with managing it. When that happens, it becomes easier to bring other people from compliance functions along, because you show them you know how to manage it and that you’re a good steward of the data, and it just makes all those conversations easier.
For companies that are nervous to access their data for security reasons, how much of a risk is there?
I always say that data behaves the way people behave. If you come from a company that has a certain type of culture, that’s going to be reflected in how they deal with their data. If they have a very risk-averse culture, then you know that the data is probably going to be locked up in certain systems. It’s going to be hard to make that data available and have people start looking at it to figure out what kind of insights they can glean, and it’s going to be hard to have that data drive actions when it’s locked up in the system.
So companies should be looking at their data more in terms of the rewards as opposed to the risks?
When you’re talking about data governance, or data strategy, when thinking about your strategy, you should be saying, ‘Here we are today. We know our current state, we know we want to be somewhere else tomorrow, so let’s figure out what are the steps that we need to get to that future state?’ And if you don’t think about the culture then a lot of these data initiatives, including data governance initiatives, will not succeed.
If people at the company understand why it’s important to manage the data and make sure that they’re controlling the data properly, then they see the value of that, and then they have confidence that the data is of high quality and that whatever decision they make based on the data they can trust. Then that, in turn, will generate higher quality data, higher confidence in the decisions you make from the data, and it becomes a good cycle.
How do you use your law background in your role as a data strategy leader currently?
I think that the value of my legal background is really a matter of communication. A lot of this role is understanding the different needs and the different pain points of a diverse group of people and figuring out a way to have them all agree on a point of view and a path forward.
That’s really where the law background has helped. As an attorney, negotiating and being able to get people heading in the same direction is extremely crucial when working in data governance.
Why is data governance important in today's world?
I think that we’re now seeing on a national level some of the failures in governing our data and a breakdown in the confidence of data that gets presented to us all the time. There is a lack of confidence – we saw this for instance with COVID. People were questioning how you know if the numbers were really going up and down, and then knowing where to find legitimate sources of data was tough.
Another example would be all the misinformation and disinformation on social media and a failure to really have a point of view and an approach to make sure that on a national level we know how to get legitimate sources of information to make decisions. There is a real lack of trust today and I think some of it can be traced back to the fact that we don’t understand what data is feeding some of our leaders and their decisions, whether they are leaders of companies or leaders of countries. If we don’t understand what data sources and information those decisions are made on, then you lose that trust and that’s not a good thing.
What excites you the most about data governance?
It’s still a very young field and it’s just starting to become understood so there are a lot of complicated problems that people are working their way through. We’re just starting to get our arms around it now, so it still requires a lot of creative problem-solving and that’s what I like to do.
What do you think the benefit is of having a company like ours partner with a company like Ethos Privacy?
I think that having both of those points of view is very important because when you think about data practices and you think about how these practices have matured over time, it all started with cyber security, which is where I got my start. I wrote one of the first legal books on cyber security law way back in 2006.
You can think of it as security laid the foundation, privacy then came in to tell you how to use certain types of data, and then governance evolved out of that to tell you how to use that data to achieve business value.
Blueprint is there creating the systems that allow the data to move more efficiently. Then we have Ethos Privacy coming in with the privacy disciplines, and then we have what I do, which is making sure that you can manage the data to achieve outcomes and manage the risk associated with sensitive types of data. Having experts from data engineering, data architecture, data security and the whole stack from the ground up working together and empowering each other to move quickly and solve challenges quickly – that is a very powerful thing.
Ready to establish data governance within your business?
Mark and our expert team of engineers, architects and security analysts can help you establish your data strategy today