“In 2013 Gartner was contracted to provide a review of the Information Security Practices of Employment and Social Development (ESDC). Among their recommendations was one with respect to “improving governance”. In the course of researching that recommendation in more detail and exploring related strengths and weaknesses across the continuum of ESDC’s management of information security, it became apparent that a key driver of risk was inconsistent or inadequate enterprise leadership, policy, and process in the area of data management”. Data Governance Discussion Paper, Gartner for ESDC IITB, March 20, 2014.