A practical guide to defining roles, limits, and clean pathways for information.
A practical guide to defining roles, limits, and clean pathways for information.
January 12, 2026
•
Read time
Most companies talk about data governance the way they talk about insurance. It is something you invest in to avoid catastrophe. Something you do for regulators, auditors, or board decks. A shield you hold up when someone asks uncomfortable questions about privacy and security.
That framing is incomplete and it is why governance efforts so often become performative. They end up producing policy PDFs, access request workflows, and compliance theater. The business still does not trust its own information, and the teams who need speed feel punished for doing the work.
Real governance is an operating system for trust.
Trust then is created by repeated experiences where the right people see the right information at the right time, and the information behaves consistently. The fastest way to destroy trust is to let access evolve through improvisation. When access makes no sense, everything else becomes suspect. People stop asking “is this correct?” and start asking “who changed this?” or “who is hiding something?” That is how organizations drift into politics.
If you want durable trust, start where trust actually begins: with access.
Most leaders treat access control as a security problem. That is a narrow view. Access control is also a language. It is a set of decisions that communicates what matters, what is sensitive, what is authoritative, and what is safe to act on.
When access is sloppy, your information pathways become sloppy. People learn that “the system” is not a source of truth but a battleground. Teams create shadow copies, private dashboards, and unofficial spreadsheets. The data itself does not become less accurate. It becomes less believable. That is the more expensive failure.
The uncomfortable truth is that you can have technically correct data and still operate in a low-trust environment. If your access model is arbitrary, the organization interprets the information as arbitrary.
That is why governance is fundamentally about coherence. It is not about restricting people. It is about ensuring that what people can see aligns with what they are responsible for, what they are allowed to change, and what they are expected to defend.
Access is the shape of trust.
Every governance system fails when it begins with tooling. Tools are downstream. The upstream question is always the same. Who is allowed to make meaning?
Every organization already has an answer. It is just implicit and inconsistent. A finance analyst changes a revenue definition inside a dashboard. A data engineer quietly modifies the “customer” join logic. A product manager creates a new segmentation field with no shared interpretation. Everyone is acting in good faith. The system becomes incoherent anyway.
Governance is the act of making the role boundaries explicit.
A data owner is not someone who “uses the data a lot.” A data owner is the person who can defend its meaning when challenged. They are accountable for how it is defined, what assumptions it contains, and what changes are allowed.
A steward is the person who maintains the integrity of the pathways, who ensures metadata stays accurate, who keeps the definitions aligned, who knows where the bodies are buried.
A custodian is the person responsible for the platform’s behavior, for whether access rules hold, for whether logs exist, for whether failures are visible.
These roles are how the organization prevents meaning from being edited by accident.
You do not need a governance council to begin. You need role clarity that survives growth.
Access models tend to develop like coral reefs. Useful at first, then increasingly chaotic. A group gets created for a project that never ends. Permissions are granted “just for a week.” Contractors keep access because removing them is tedious. The CFO wants visibility into everything and the fastest path is full warehouse access. That single decision is repeated ten times over, and suddenly everyone has everything.
This is how companies become blind. Not because they lack information, but because they lack structure. When everyone has everything, nothing feels authoritative. Every number feels negotiable. Every dashboard feels like one of many, and the organization begins to operate by persuasion rather than evidence.
Governance is what restores information architecture. It creates clean pathways that preserve provenance and meaning.
A clean pathway has a visible origin, a controlled transformation layer, and a stable interface for consumption. It also has a clear model for who can do what at each layer. Who can read raw. Who can alter semantic models. Who can publish metrics. Who can certify truth.
When that pathway exists, access control stops being a friction point. It becomes a map of the organization’s epistemology. It tells you what the company believes.
There is a predictable failure mode in modern data organizations. The people who can change the truth are not the people who are accountable for its consequences.
A junior analyst can edit a dashboard. The change propagates into leadership decisions. When decisions go wrong, the analyst is not blamed, and leadership does not even know the change occurred. The system becomes fragile because authority and accountability live in different places.
This is where governance needs to be opinionated.
If you want trust, you need to align authority and accountability. The ability to define a metric must sit with a role that has both domain credibility and responsibility for downstream outcomes.
If you treat every metric as a free-for-all, you are telling the organization that definitions are optional. You are making truth negotiable.
That turns it into entropy.
Leaders often demand broad access because they want speed. They are not wrong to want speed, but broad access is a false economy.
Convenient access creates hidden downstream cost. The cost appears as rework, reconciliation, and debate. It appears as teams building their own metrics stacks. It appears as meetings spent arguing over whose dashboard is correct. It appears as quiet mistrust that eventually becomes organizational paralysis.
The fastest organizations are not the ones with unlimited access. They are the ones where access is coherent enough that people trust what they see without needing political validation.
This is a hard truth for founders. At the beginning, speed comes from permissionlessness. At scale, speed comes from constraint.
You cannot build a high-trust system by giving everyone everything. You build it by ensuring that each layer is accessible to those who need it, modifiable by those who are accountable for it, and readable in a way that preserves meaning.
Some might that that the most underappreciated benefit of governance is not security. But in reality, it is noise reduction.
Most companies are loud internally because they are uncertain. When the information system does not provide stable truth, humans compensate. They create narratives. They interpret selectively. They argue. They build duplicates. They demand meetings to reconcile reality.
A well-governed system reduces internal noise because it creates stability. It makes it harder to publish conflicting truth. It makes it easier to find the authoritative version. It makes it clear where definitions live. It makes changes visible.
The quietness that comes from governance is operational clarity.
When access shapes trust, trust shapes speed.
Most access control designs fail because they treat reading and writing as the same thing. They are not.
Reading is about visibility. Writing is about altering meaning.
A scalable governance model allows broad read access to curated, semantic layers. It allows narrow write access to the logic that defines meaning. It makes publishing harder than consuming, because publishing creates externalities.
This is the mindset shift most organizations need. They think governance is about restriction. It is about protection of meaning.
When meaning is protected, more people can safely consume. When meaning is unprotected, consumption becomes risky and access must be restricted.
You can feel the difference immediately. In high-trust organizations, people read and act. In low-trust organizations, people read and doubt.
If you want to know whether your governance is real, ask a simple question.
When a metric changes, who knows?
If the answer is “it depends,” governance is not real. If the answer is “someone probably knows,” governance is not real. If the answer is “it changes all the time,” governance is not real.
In a well-governed system, metric change has a visible pathway. It has an owner. It has a rationale. It has a timestamp. It has downstream notifications. It has a version history.
That is what makes trust durable. Not the absence of change, but the clarity of change.
This is where I will be direct. Governance is an executive discipline.
The data team can implement the system, but only leadership can enforce the social contract. Only leadership can decide what is sensitive, what is shared, what is sacred, and what is owned. Only leadership can stop rewarding shortcuts that undermine coherence.
If leadership treats governance as an inconvenience, the organization learns that truth is secondary to speed. That lesson will haunt you as the company grows.
Good governance is clean. It is a small number of explicit decisions that reduce ambiguity. That is what makes it powerful.
Trust then emerges because your information pathways are coherent. People know what they are looking at, who owns it, what it means, and what can change.
Strong governance reduces noise. It strengthens every decision built on top of it.
And it begins with a simple premise: trust grows when access makes sense.
About the Art
Vermeer's The Art of Painting (c. 1666–1668) separates observer, subject, and process with intention. The curtain, the painter’s position, and the subject’s stillness create a hierarchy of access. You are allowed to see the act of creation, but not to interfere with it. This distinction maps directly to governance models that scale: broad read access, narrow write authority. The system stays coherent because meaning is produced in one place and consumed elsewhere. The painting is calm because boundaries are respected. That calm is exactly what strong governance produces inside organizations.
Credits: https://en.wikipedia.org/wiki/File:Jan_Vermeer_-_The_Art_of_Painting_-_Google_Art_Project.jpg
The core ideas that keep data, models, and pipelines from drifting.
A practical guide to understanding flow, dependencies, and where things break.
Simple patterns that keep teams moving without friction.
