Data Governance is the umbrella discipline that ensures an organization's data is accurate, accessible, secure, and used appropriately. Where information security focuses on protecting data from unauthorized access, and privacy focuses on the rights of individuals whose data is processed, governance is broader: it covers ownership, lineage, quality, classification, retention, policy, and stewardship across every data domain.
A mature data governance program rests on three legs: roles (who owns which data, who can decide on its use), policies (the standards, definitions, and rules that govern the data), and operations (the tooling and processes that make those policies enforceable rather than aspirational). The absence of any one of the three is what produces "shadow data" — systems and datasets that nobody is accountable for and nobody is governing.
In the era of generative AI, data governance is becoming load-bearing for a wider set of business outcomes than ever before. Training data quality determines model accuracy. Data classification determines what can be used in prompts. Lineage determines whether an AI output can be explained or audited. Organizations whose data is not governed cannot meaningfully govern their AI.