PM-23 Data Governance Body
Establish a Data Governance Body consisting of pm-23_odp.01 with pm-23_odp.02.
A Data Governance Body can help ensure that the organization has coherent policies and the ability to balance the utility of data with security and privacy requirements. The Data Governance Body establishes policies, procedures, and standards that facilitate data governance so that data, including personally identifiable information, is effectively managed and maintained in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidance. Responsibilities can include developing and implementing guidelines that support data modeling, quality, integrity, and the de-identification needs of personally identifiable information across the information life cycle as well as reviewing and approving applications to release data outside of the organization, archiving the applications and the released data, and performing post-release monitoring to ensure that the assumptions made as part of the data release continue to be valid. Members include the chief information officer, senior agency information security officer, and senior agency official for privacy. Federal agencies are required to establish a Data Governance Body with specific roles and responsibilities in accordance with the [EVIDACT](#511da9ca-604d-43f7-be41-b862085420a9) and policies set forth under [OMB M-19-23](#d886c141-c832-4ad7-ac6d-4b94f4b550d3).
- EVIDACT Foundations for Evidence-Based Policymaking Act of 2018 (P.L. 115-435), January 2019.
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
- OMB M-19-23 Office of Management and Budget Memorandum M-19-23, *Phase 1 Implementation of the Foundations for Evidence-Based Policymaking Act of 2018: Learning Agendas, Personnel, and Planning Guidance* , July 2019.
- SP 800-188 Garfinkel S (2016) De-Identifying Government Datasets. (National Institute of Standards and Technology, Gaithersburg, MD), Second Draft NIST Special Publication (SP) 800-188.
Related controls 8
- AT-02 Literacy Training and Awareness L M H P
- AT-03 Role-based Training L M H P
- PM-19 Privacy Program Leadership Role L M H P
- PM-22 Personally Identifiable Information Quality Management L M H P
- PM-24 Data Integrity Board L M H P
- PT-07 Specific Categories of Personally Identifiable Information L M H P
- SI-04 System Monitoring L M H P
- SI-19 De-identification L M H P