/2 min read
Critical is not the same as at risk
Two ideas that data stewards often blur into one. A data element can be critical and well controlled, or unimportant and quietly failing. Telling them apart is where useful data governance starts.
Most data work starts with a list. Someone asks which data matters, a workshop is held, and a spreadsheet of "critical" fields appears. It feels like progress. Then nothing changes, because the list answers the wrong question.
"Critical" and "at risk" are not the same thing, and treating them as one is how good intentions turn into shelfware.
Two different questions
Critical asks: if this data is wrong, how much does it hurt? It is about consequence. A customer identifier, a price, a dosage, a regulatory flag. These matter because a mistake is expensive, unsafe, or reportable.
At risk asks something else: how likely is this data to be wrong right now? It is about exposure. Two systems that disagree, a field three teams fill in differently, a rule that no one owns.
A field can be critical and perfectly healthy. A field can be trivial and quietly broken every day. The work you actually need sits where the two overlap: data that matters and is exposed.
Why the distinction changes what you do
When you only rank by criticality, you produce a long list and no order of attack. Everything important looks equally urgent, so nothing moves.
When you add risk, the list sorts itself. The handful of elements that are both critical and exposed are where a data steward should spend the next week, not the next year. Everything else can wait, on purpose, with a reason you can defend.
This is the difference between naming critical data elements and acting on data elements at risk. The first is a label. The second is a worklist.
How to tell them apart
You do not need a maturity model to start. For each candidate element, ask three plain questions:
- What breaks downstream if this is wrong? That is consequence.
- Where does this value come from, and how many places define it? That is exposure.
- Who would notice, and how long would it take? That is your blast radius.
When the answers are written down next to each other, the priorities are usually obvious, and you can move straight to a data quality rule or a shared business definition for the elements that earn it.
That is the whole point of practical data governance: fewer lists, more outcomes you can stand behind.
Try it on one element
Pick a single field you suspect is both critical and shaky. Walk it through the three questions above. If the answer is uncomfortable, you have found real work, and a reason to do it now.
enabledat is built to make that reasoning fast and repeatable, so you leave with a usable outcome instead of another spreadsheet. Request early access to the beta.