June 30, 2005 10:47 ET

IBM Forms Data Governance Council

American Express, Merrill Lynch, World Bank and Others Join IBM to Tackle Security, Privacy, Compliance and Business Intelligence Challenges

ARMONK, NY -- (MARKET WIRE) -- June 30, 2005 -- IBM today announced it has formed the Data Governance Council with dozens of leading companies, institutions and technology solution providers -- in a global effort to develop a 'blueprint' of common solutions which go beyond traditional monikers of security, privacy, compliance, and operational risk to form a new category for businesses called Data Governance.

Data Governance is the process by which companies govern appropriate access to their critical data, by measuring operational risk and mitigating security exposures associated with access to data. The Data Governance Council will look to redefine the management of data governance policy, the impact of policy on business processes and practices, and the enforcement of policy in IT infrastructure, content and organizational behavior.

The council is developing a blueprint for the governance and protection of personal and organizational data within and between enterprises, and is evaluating how organizations can implement this data governance blueprint using IBM and business partner solutions and research concepts.

Companies today have difficulty measuring the value of their data, including the types and probability of risks around data loss, and have no standard way to mitigate these risks. As a result, all data is protected the same way: low quality data is over-protected and high value data is under-protected. Companies need to integrate data security policies into business processes, to use quantitative methods to assess risk and to allocate essential resources to protecting critical data resources in high value business transactions.

"Increasingly, companies are seeing alarming rates of data theft. We need a better approach to overseeing appropriate access to critical information at all levels to help minimize this threat," said Robert Garigue, chief information security officer, Bank of Montreal. "The Council's ultimate goal is to transform data governance and compliance from yearly audits to real-time, change-driven, on demand business processes that continually assess risks, update policies and manage resources across the enterprise."

According to early findings by the Data Governance Council, the top governance challenges today are:

--  Security, privacy, compliance, and risk challenges need to be
    addressed with common solutions and standards
--  Significant disconnect between organizational and IT roles and
    behavior, which causes potential exposures
--  Policy and Business Rules not linked to business processes or IT
--  Few technologies available today to solve complex issues
--  No common methods for meta-data classification and IT integration
--  Controls are deployed before long-term consequences are modeled

Data Governance Council members today include ABN Amro, ActivCard, Airmagnet, American Express, Bank of Montreal, Bell Canada, Blueworld, Cadence Design, Centerprise, City of New York FISA and DoE, Consultrex, Corticon Technologies, Danske Bank, Deutsche Bank, Fidelis Security, Great American Insurance, Huntington Bank, Key Bank, Merrill Lynch, Mitratech, Navigant Consulting, Novartis, Government of Nassau County, Ping Identity, TIAA-CREF, TeliaSonara, North Carolina State University, Northwestern Mutual, Nova Southeastern University, the United Nations Development Program, SPS and the World Bank.

"One of the biggest problems for organizations is how to manage and control all the data that resides within a company these days, especially as more and more companies do business with each other online, extending into large data supply chains," said Steven Adler, chair of the Data Governance Council and program director, IBM Data Governance Solutions. "There is a clear need for common solutions and governance models to protect and share data on different levels. At the heart of the IBM Data Governance blueprint, is an initiative to bring a collection of proven technologies and collaborative methods to build consistency and quality control in governance, which will help companies better protect critical data."

For more about the Data Governance Council, please visit

About IBM

With 80 years of leadership in helping businesses innovate, IBM is the world's largest information technology company. IBM is a leading provider of e-business solutions and is dedicated to helping companies, Business Partners and developers leverage the potential of e-business on demand across a wide range of businesses and industries. The company offers a host of cross-industry and industry-specific solutions designed to meet the needs of companies of all sizes. For more information on IBM, please visit:

Contact Information