Data Stewardship

Data is rapidly becoming one of the most valuable assets, driving innovation, improving public services, and shaping urban development. Yet, the true value of this data can only be unlocked if it is managed responsibly, diligently, and with foresight. This is where data stewardship comes into play—a critical practice emphasized by leading digital governments worldwide, from Canada's Digital Standards to New Zealand's comprehensive guidance on data.

Data stewardship is not merely a technical task; it's a foundational discipline within data governance, focusing on the day-to-day management and oversight of an organization's data assets. It ensures that data is consistently of high quality, accessible, secure, and compliant with all relevant policies and regulations throughout its entire lifecycle. In essence, data stewards are the guardians of your digital information, bridging the gap between high-level data strategy and its practical, ethical implementation.

What is Data Stewardship?

At its core, data stewardship is the active and continuous care of data assets. While data governance sets the overarching policies, standards, and roles, data stewardship is the operational arm that puts those rules into practice. It involves individuals or teams (often called "data stewards") who are assigned responsibility for specific data domains (e.g., customer data, financial data, land registry data) to ensure its integrity, security, and usability.

These stewards act as vital liaisons between business needs and technical capabilities, ensuring that data is managed not just for compliance, but also to maximize its strategic value. They answer critical questions like:

• What does this data mean?
• Can I trust this data?
• How can I use this data safely and effectively?

Why Good Data Stewardship Matters in a Connected Ecosystem

Good data stewardship is crucial to achieving interoperability, building public trust and ensuring that personal and sensitive information is handled responsibly.

• Ensures Data Quality and Reliability: Good stewardship means data is accurate, complete, consistent, and timely. This is crucial for making informed decisions, generating reliable reports, and building effective digital services that citizens can trust. Unreliable data can lead to poor policy choices, inefficient operations, and eroded public confidence.
• Drives Compliance and Mitigates Risk: Data stewards are on the front lines of ensuring adherence to data protection principles and emerging regulations, including Cambodia's own data privacy developments. By actively managing data, they help prevent breaches, unauthorized access, and misuse, significantly reducing legal and reputational risks.
• Fosters Trust and Accountability: When organizations demonstrate diligent care for data, it builds trust with citizens, partners, and stakeholders. Clear stewardship roles establish accountability for data quality and security, enhancing transparency in data handling practices.
• Unlocks Data's Strategic Value: High-quality, well-managed data is the fuel for innovation. Data stewards make data discoverable, understandable, and usable for analytics, AI, and new service development, allowing organizations to extract maximum value from their information assets.
• Enhances Operational Efficiency: Standardized data definitions, consistent metadata, and clear data flows reduce confusion, minimize errors, and streamline processes across integrated systems, leading to greater efficiency in daily operations.

Key Responsibilities of Data Stewards

Being a good data steward involves making responsible decisions at every stage of the data lifecycle. The process can be grouped into four main phases:

1. Discover

• Understand obligations: Familiarize yourself with the legal, regulatory, and policy frameworks that apply to your product or service. This includes privacy laws (like GDPR or PIPEDA), security protocols, and internal data governance policies. Knowing these requirements from the start helps prevent costly compliance issues later.
• Identify sensitive data: Not all data is created equal. Understand which data elements — such as names, health information, or location data — are considered sensitive. This clarity will shape how you collect, store, and protect information throughout its use.
• Classify data: Assign a security classification to the data based on its sensitivity and potential risks. This classification determines the appropriate handling procedures and security controls.
• Define data access: Not all data needs to be restricted. Identify which datasets (such as public service hours or statistical summaries) can be made openly accessible, supporting transparency and reuse.
• Clarify purpose: Be clear about why you’re collecting data. Your purpose should align with the goals of your product or service. Being explicit helps ensure that your data use is proportionate and justified — and helps build trust with users.
• Create a data management plan: This plan should outline how you will manage data through its full lifecycle — from collection and validation to storage, sharing, and eventual archiving or deletion. The more proactive this planning is, the smoother your operations will be later.
• Create a risk management plan: Alongside your data management strategy, consider ethical risks — for example, how your data could be misused, misinterpreted, or exposed. Set measurable safeguards and define how you'll track and respond to these risks.

2. Build

• Use proper tools: A robust EIM tool helps you standardize how data is collected, stored, and tracked. This makes your systems more reliable and auditable.
• Document thoroughly: Good documentation is the backbone of stewardship. Record what data you collect, why, and how it will be used. Use metadata repositories, glossaries, and audit logs to keep this documentation accessible and up to date.
• Limit collection: Adopt a data minimization approach: only collect what’s essential for delivering the service. Avoid storing optional or unrelated information just in case — it increases risk and complexity.
• Reuse data: Whenever possible, use existing data sources through data-sharing agreements or internal integrations. This reduces duplication and ensures consistency across services.
• Ensure transparency: From the user’s perspective, it should always be clear how their data is being used. Make this information accessible, understandable, and updateable. Provide user-friendly channels for inquiries or changes.

3. Test

• Store Personal Information Securely: Use appropriate encryption, access controls, and secure storage practices. Ensure your system complies with your jurisdiction’s policies on data protection and cloud storage, especially for sensitive or classified information.
• Get informed consent: Before collecting or using personal data, ensure you’ve obtained the user’s explicit and informed consent. Consent forms should be clear, simple, and easy to understand — no fine print tricks or confusing legalese.
• Enable oversight and Governance: Build in governance reviews and internal audits. These checkpoints ensure your product remains compliant and safe, and that ethical principles are being upheld in both the design and delivery phases

4. Monitor and Iterate

• Regularly Review Data Management Practices: Standards evolve, threats change, and systems grow. Periodically review your data management approach to make sure it still aligns with best practices, regulatory requirements, and user needs.
• Conduct Regular Data Audits: Review whether the data you're collecting is still relevant to the purpose you defined. If it’s no longer needed or appropriate, adjust your practices accordingly. Document findings and be transparent about the results with internal stakeholders — and, when necessary, with users.
• Foster a Culture of Responsibility: Data stewardship is a team effort. Everyone — from developers and designers to policy leads — should understand their role in managing data ethically. Provide training, clarify expectations, and encourage ownership at all levels.