Data governance: Data management for AI systems

This sub-guideline is part of the guideline Data governance. Refer to the main guideline for context and an overview.

This sub-guideline focuses on effective data management, which is a crucial aspect of implementing AI systems in parliaments. It emphasizes that staff must understand the key steps for establishing effective data management practices, including creating governance policies, managing metadata, ensuring data quality and protecting personal information. By following these recommendations, parliaments can build a solid foundation for trustworthy AI systems, enhancing their ability to make data-driven decisions and operate efficiently.

Parliaments that are planning to implement data management for AI systems should consider the following prerequisites, which are explained in more detail below: 

• Establishing a corporate data governance programme
• Establishing a data governance policy 
• Establishing a communication plan
• Implementing a metadata management process
• Implementing a data quality process
• Implementing a personal data protection process

In order to put in place an institutional data management programme to leverage AI systems, parliaments must establish a corporate data governance programme with clear roles and responsibilities, and adhere to general rules for executing data management processes. A corporate approach, aligned with parliament’s AI strategy, is the most effective way to ensure that data within future AI systems is compliant and managed effectively.

The first concern in any data governance implementation is to develop and publish a data governance policy that outline roles and responsibilities and determines the rules for the corporate data management processes.

In general, a data governance policy covers the following aspects:

• The organizational structure related to data governance
• The roles that will interact with data governance processes
• The competencies or job descriptions expected for each role
• The relevant data governance processes

Once the data governance policy in place, the next recommended step is to draw up a communication matrix showing, in detail, the interactions determined by the policy, encompassing the main roles and their responsibilities.

A metadata management process allows parliament to become acquainted with its own data assets, which is crucial for data governance. 

Parliaments should identify relevant information to be captured as metadata – based on the goals established by the organization’s corporate strategy – as well as the specific information considered useful for data management and data description.

Below are some examples of metadata that could be captured for parliament’s corporate data assets:

• Title (e.g. name of the bill or legislation + issue date)
• Description (e.g. date on which the bill or legislation was presented to the parliamentary board)
• Data owner (e.g. “Secretary of the Parliamentary Board”)
• Data steward (e.g. “Protocol Registration Officer”)
• Date format (e.g. “dd/mm/yyyy”)
• Information systems (e.g. “Protocol Registration System”)
• Main source (e.g.: “LegislationBills_DB”)
• Personal data (“Yes”/“No”)
• Sensitive data (“Yes”/“No”)

As Figure 1 below shows, having a clearly identified metadata repository is crucial for understanding aspects such as the following:

• What the correct meaning of each data item is
• Who the data owner is
• Who the data steward is
• Whether the data is sensitive
• Which processes depend on the data

Parliaments are advised to undertake continuous maintenance activities – such as frequent metadata review, validation and updating – in order to ensure that the metadata is precise, consistent and up to date.

The purpose of a data quality process is to ensure that data is managed in accordance with the rules laid down in the data governance policy. The main activities in this process are as follows:

• Data profiling:
  • Analysing data structure and contents
  • Identifying patterns, inconsistencies and anomalies in data
• Data quality requirements definition:
  • Establishing quality metrics and criteria (precision, completeness, consistency, uniqueness)
  • Defining business standards and rules to guarantee data compliance
• Data validation:
  • Applying business rules to validate data precision and consistency
  • Verifying whether the data meets the defined requirements
• Data cleansing/correction:
  • Fixing or removing incorrect, incomplete or duplicated data
  • Standardizing data formats
• Data integration:
  • Combining data from different sources and ensuring it remains consistent and correct
  • Solving data conflicts and eliminating duplications
• Data enrichment:
  • Incorporating additional information in order to increase data usefulness and completeness
• Data-quality monitoring:
  • Implementing continuous processes to monitor data quality
  • Using dashboards and reports to track data quality rates

The purpose of a personal data protection process is to ensure that parliament complies with privacy and data protection regulations, giving data subjects the necessary confidence to trust the institution with their personal data. The process dictates and influences how personal data is handled throughout its entire life cycle, encompassing the relevant strategies, skills, people, processes and tools.

The main steps in implementing a personal data protection process are as follows:

• Appointing a data protection officer
• Aligning the process with the expectations of senior parliamentary managers
• Assessing the maturity of parliament’s existing corporate data protection arrangements
• Adopting data security measures to raise this level of maturity
• Establishing an organizational structure for the governance of personal data protection
• Implementing a personal data inventory
• Reviewing contracts related to the processing of personal data
• Preparing a personal data protection impact report
• Establishing terms and conditions for personal data protection
• Implementing an incident management process

Parliaments that already use data will, to some degree, have existing data governance and data management processes in place. Rather than creating a burdensome list of new responsibilities for business stakeholders, it is advisable to try to match AI-related tasks to existing job routines.

The Guidelines for AI in parliaments are published by the IPU in collaboration with the Parliamentary Data Science Hub in the IPU’s Centre for Innovation in Parliament. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International licence. It may be freely shared and reused with acknowledgement of the IPU. For more information about the IPU’s work on artificial intelligence, please visit www.ipu.org/AI or contact [email protected].