A guide to data governance for product teams

Data is one of the most valuable assets a company has. When data is organized, accurate, secure, and queryable, nearly every team can use it to drive better decision-making, improve ROI, and save companies millions. 

But what happens when data is not organized, accurate, and secure? Spoiler alert: It’s not good. 

Take Samsung as an example: In 2018, a “fat finger” data entry error cost the company $105 billion. 

Or Equifax’s 2022 credit score debacle, where a coding issue caused the company to calculate credit scores inaccurately by as much as 20 points. The issue caused Equifax’s stock value to drop by 5%, and the company was hit with a class-action lawsuit. The people affected were denied loans or offered higher interest rates—Equifax’s seemingly small data error had far-reaching consequences for both the company and its customers. 

That’s where data governance comes in. It’s the practice and process of managing data throughout its entire lifecycle, from acquisition all the way to safe disposal, so that it remains accurate, secure, and accessible to those who need it. Data governance also ensures that data is stored in compliance with all applicable laws and regulations. 

Every company needs data governance, but enterprises are especially vulnerable to data mismanagement due to the sheer volumes of data they produce. As we’ve just seen, the consequences of mismanaged data can be serious, costing a company millions in fines, lawsuits, and lost revenue. The only way to prevent that is data governance. 

Here’s an overview of what data governance is, important principles to consider, what effective data governance looks like, and how to get started. 

Data is valuable. Data governance keeps your data across systems consistent, accurate, and searchable. Effective data governance not only helps prevent errors and makes them easier to find and correct, but it also makes a company's data more accessible and actionable. That last part isn't as headline-grabbing, but it's equally as important.

Having the right data governance in place is important for streamlined operations—the time you’re wasting tracking down data sources and reconciling disparate data slows down business operations and frustrates analysts. 

Effective data governance will also improve data-informed decision-making by making your data more accessible and easier to analyze. 

Finally, data governance is key to ensuring compliance with various data protection laws, including the GDPR, the CCPA, and HIPAA, to name just a few.

“Data governance is crucial because it ensures your team gets the most value out of Mixpanel. Without it, projects can become messy, making it hard to find the data you need or trust the insights you’re getting. Governance solves these problems by keeping your data organized, reliable, and easy to navigate. It’s especially important in collaborative environments where multiple team members rely on analytics to make decisions.”

Data governance is built around several key principles. Together, they help keep data secure, accessible, trustworthy, and compliant. 

Using business data to drive strategy is only worthwhile if the data used is accurate and trustworthy. One of the core principles of data governance is data quality management, and any data governance plan must include processes and mechanisms to keep data clean, accurate, and audited regularly to ensure it remains relevant. 

Most companies want to use data to drive their decision-making, and the only way to do that is to give more people across more teams access to that data. But data democratization comes with increased risks, too: More people accessing data means more potential leaks and the chance of accidentally changing data or introducing errors. 

That’s why both data ownership and data access should be clearly defined and regularly reviewed, giving people access to data to perform analysis when they need it, without giving access or editing privileges to people who don’t. 

The flip side to data accessibility is maintaining data security to prevent unauthorized access or misuse. Data should be stored securely to protect it from attacks, and data permissions (who can view it and edit it) should be limited to people who need it and reviewed periodically. 

Another important and often overlooked component of data security is timely and regular data disposal. Keeping data that’s no longer needed increases the possibility of leaks and errors. There are regulations around how long to keep data and when to dispose of it, so make sure to check which ones apply to your company before moving forward. 

As the amount of data that companies handle has increased, the risks associated with careless data handling have gone up as well. Governments and regulatory agencies have enacted laws to protect consumers from the consequences of data breaches, especially when PII, or personal identifiable information, is involved. 

Companies need to comply with all applicable laws and regulations regarding data governance for all of the countries they operate in or risk hefty fines. Some legislations, like the GDPR, even go across borders to protect the data of all European citizens, even if it’s handled outside of the EU. Companies are responsible for regularly auditing their own data governance practices to ensure they remain compliant. 

Various organizations concerned with data security and data governance have created frameworks to guide companies in setting up their own data governance practices. 

For example, information security non-profit ISACA created the COBIT framework to optimize enterprise IT governance. The framework helps large organizations manage their information and technology structures, including tools, integrations, and building processes for data governance and compliance. 

DAMA, the global data management community, has developed a framework known as the Data Management Body of Knowledge (or the DAMA-DMBoK). Originally published in 2018 and most recently revised in March 2024, the DAMA-DMBoK brings together insights and guidelines from world-leading experts in data governance and information security.

The Data Governance Institute (DGI) created the DGI Data Governance Framework, built around delivering value to the organization through data governance. PwC published the PwC Enterprise Data Governance Framework, which “considers the current and next-generation data landscapes and upcoming data governance challenges,” and McKinsey has its own recommendations to design data governance that brings value. 

The specific framework you choose matters less than having a framework in place—without one, it’s easier to miss important considerations or create a data governance program that doesn’t fit all of your company’s needs.  

Like any large data project, implementing data governance comes with its own set of challenges. Managing large volumes of data is always complex, and today, even smaller companies generate tremendous amounts of data daily. 

Businesses with too many legacy systems will face integration challenges, and companies with entrenched processes might encounter resistance to change. That’s especially true when teams are accustomed to handling data a certain way. 

Storing data in different tools can create data silos and ownership issues, which can impact everything from compliance to the ability to use company data. 

Building and implementing a comprehensive data governance framework can also be a big lift. Not all companies have the resources they need to invest in the process—which can require things like new tools and training for employees. 

Finally, one of the biggest challenges to data governance is a lack of leadership buy-in. Without executive support and modeling good data governance practices (like following the framework and guidelines you’ve created, using approved tools, etc.), you’ll be hard-pressed to get the rest of your company to do so—which is why leadership buy-in and support is one of the foundations of effective data governance. 

So yes, it can be challenging. But even so, data governance isn’t really optional, as the consequences of mismanaging data are simply too serious. Once companies hit a certain size, they have to start thinking about data governance programs.

Implementing a data governance program from scratch will feel overwhelming. Below is a step-by-step breakdown of how to build one for a product analytics implementation. Much of the approach here can translate to other types of data implementations and processes.

If you belong to a smaller, more nimble organization, select a primary data governance owner, who may be the owner of the initial analytics implementation. You should also choose a backup data governance owner who can quickly and easily step into the lead role if the primary owner cannot take responsibility. 

If you belong to a larger organization, create a data governance team or governing council with a lead from each functional business unit leveraging this data (e.g., Product, Marketing, Analytics, Data Science) so that each team is well represented. This will also help to break down silos that may exist across teams.

Once your data governance owner or team is in place, make sure that you have a shared implementation spec to document new events and properties. You’ll already have one if you worked through your initial analytics implementation, but if you don’t, feel free to copy our implementation spec template (and reference our industry-specific implementation specs linked in the same article). 

Before launching a new product feature (whether in alpha, beta, or to all users), the product manager responsible for the launch should establish the right metrics (to hold him/herself accountable) and submit a request to the data governance owner or team. The data governance owner or team can then build out the events and properties required to measure progress against these metrics.

When documentation is complete, the data governance owner or team can review these new events and properties with the product manager. If you have a designated Mixpanel Professional Services account team, you can also have them review and provide feedback on the new events and properties.

Either way, get sign-off that the events and properties actually map back to quantifiable business metrics and are ready to implement!

The data governance owner or team can now relay to the technical lead(s) that they can proceed with development, translating the events and properties in the implementation spec into triggers within the product’s source code. The process here may vary drastically depending on internal processes, but it typically starts with the creation of an engineering ticket by the data governance owner or team.

The data governance process doesn’t end once the track calls have been added to your product’s source code. Now’s the time to engage in quality assurance processes to ensure that the data being collected is accurate and aligns perfectly with the new events and properties documented in your implementation spec. 

Once you’ve confirmed that the data is accurate, you can deploy to production!

If you use Mixpanel, the data governance owner or team can add descriptions of all new events and properties in Lexicon and organize data for clarity and discoverability. This will help everyone across your organization (who may or may not have been part of the implementation process) understand what data is being collected. That way, they can run analyses within Mixpanel and make data-informed business decisions.

And last but not least…

We hope that this step-by-step guide helps you implement the data governance process that maintains the health of your implementation and helps you measure progress against key metrics so you can make data-informed business decisions and build products that people love.

“Implementing a data governance program might seem daunting, but it can be straightforward. Start by defining what ‘good’ looks like for your data—decide on naming conventions, required metadata like descriptions, and any other standards your team needs. Next, set up processes to ensure new data aligns with these standards, such as event reviews. Finally, establish a routine to maintain your data quality, regularly monitoring existing events to prevent degradation caused by changes in your applications.”

Data warehouses, BI tools, and most platforms that handle data will have some built-in data governance features. 

Any data governance effort should include the creation and maintenance of a data catalog, like the Mixpanel Lexicon, where events and properties are clearly defined. Event and property definitions help your entire team understand what your data means, so everyone stays on the same page.

As mentioned previously, data governance means restricting access to data to those who don’t need it (to keep it secure), while making sure that everyone who does need to can view or edit it, depending on their permissions. 

Features like Data Views allow you to manage data access for a group of users within a single Mixpanel project—here’s some advice on how to implement Data Views and Classification (which allows you to hide properties from certain users), along with a few use cases.  

As more data analysis becomes more accessible to more users—what’s often referred to as data democratization—the possibility of introducing errors also increases. Keeping data clean and monitoring data volume for drastic changes and anomalies is key for effective data governance.