Remember our (long) definition for Data
Governance? "Data Governance is a system of decision rights
and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods."
Yes, Data Governance is about enforcing rules. But just as important, usually, is ensuring that the right stakeholders are involved in making the rules.
Sometimes - especially for compliance-related rules - it's easy to know who should decide on a rule. But other times it's hard. And most organizations have lots of examples from their own histories of decisions that were made without input from key stakeholders. They can tell stories of the problems created when the right groups were not consulted.
So a best practice is that before any rule is created or any data-related decision is made, a prior decision must be addressed: who gets to make the decision, and when, and using what process?
This practice is called establishing "Decision Rights" for the decision.
It is the responsibility of Data Governance program facilitators to know (or discover) who should be involved in making different types of governance decisions. It is also generally a responsibility of the program to facilitate (and to sometimes document and store) the collection of decision rights that are the "metadata" of data-related decisions.
Visit the Decision Rights section of The DGI Data Governance Framework description for more information about decision making.