Traditionally the term Crown Jewels referred to the ceremonial gems and artifacts used in celebration of great monarchies or religious organizations. However, in today’s world where cyber-crime and increasing government regulation supporting personal privacy, the term Crown Jewel Data has taken on a new meaning. In many organizations this term now means the data or information assets that are the most vulnerable to theft or accidental disclosure. Chief Information Security Officers, Chief Data Officers, and Chief Risk Officers now focus on identifying and tracking the data that could expose a company to financial penalty, operational risk, reputational risk or criminal prosecution. Personal Identifiers, HIPPA details, and undisclosed financials are just types of such data.
While it is fairly straightforward to agree what data should be protected, it is much harder to know the specifics around where the Crown Jewel Data actually resides. What are the specific classifications needed to align to government regulations? What is the process to classify our data? What is the system of record? Where are all the copies? Who has access to the data? Who should have access to the data? What is the record destruction policy?
The above is but a few of the questions needed for Crown Jewel Data management. What is needed is a fundamental awareness of the source, use, ownership, and storage location of the data. These are the basic properties of any successful Data Governance or Information Governance initiative, but the stakes are much higher when dealing with sensitive and confidential data.
Fortunately addressing Crown Jewel Data management does not take elaborate technology or massive projects. At the end of the day, gaining awareness of the source and use of data is simply a function of understanding the questions that need to be asked about the data, then having an approach to track and monitor the results. All aspects of Crown Jewel Data management can be defined in terms of business rules or metadata that classify data and associate the data to the business, the underlying data landscape, and existing operational controls. Such governance awareness is fairly easy to accomplish provided you understand the right questions that need to be asked.