Elevate the power of your work
Get a FREE consultation today!
Intelligence by design: The governance foundation for scalable AI
Blogs and Articles
AI is reshaping how organizations use data across its lifecycle. As it becomes embedded in everyday operations, teams must rethink how governing AI, data, and information converge. This shift presents both new risks and a powerful opportunity for information professionals to evolve from compliance stewards to strategic enablers of responsible AI.
With AI quickly becoming integrated into core, everyday operations in business units and departments across organizations, they are discovering that AI success depends less on algorithms and more on governed data. To build trustworthy systems at scale data and information governance must be embedded into AI initiatives and governance policy from the start.
This was the focus of our February Education Series webinar, where I was joined by:
- Kelly McIsaac, Associate Vice President, Data Risk Policies and Standards, TD Bank
- Jarrett Garcia, Senior Director, Architecture, Enterprise IT, Iron Mountain
- Brian O’Flynn, Director, Marketing Technology & AI, Iron Mountain
Together, we explored what it takes to align governance frameworks, manage expanding risk, and position oversight as a strategic enabler of responsible AI adoption.
Bringing information and data governance together
As AI adoption accelerates, the success of these initiatives depends on the quality of the data that fuels them. For that reason, disciplined data governance has become a key part of the AI conversation, encompassing data quality, lifecycle, access, and regulatory alignment. Because AI models are trained on enterprise data, and likely external sources as well, governance weaknesses are amplified and can quickly scale risks far beyond their original source. Growing expectations around sustainability further reinforce this shift, requiring teams to clearly articulate how AI systems are used and how decisions are governed.
You cannot have AI without data, which means you need to have data governance and information governance. You cannot have one without the other.
Importantly, AI outputs remain subject to retention schedules, privacy regulations, and compliance obligations. As Kelly noted, governance is no longer just a downstream clean-up activity. It must be embedded at design—before models are trained and deployed—driving closer coordination between information governance and data governance functions.
Extending governance across the data supply chain
Enterprise data is increasingly moving beyond traditional system boundaries as organizations work with external vendors that provide AI-enabled solutions. As Jarrett described, this expands the “blast radius” of where data travels, bringing additional parties into the governance equation. Oversight must now extend across a broader data supply chain to include vendor assessments, model transparency, and structured risk scoring—especially when customer or regulated data is involved.
You can't just unlearn a specific record once it's been vectorized into an AI model.
This expanded ecosystem introduces longer-term compliance considerations. If models are trained on information that should have been archived or deleted, remediation can be complex and costly. As AI ecosystems expand and grow more interconnected, governance must extend beyond internal controls to ensure accountability across the full data supply chain.
AI governance is a cross-functional imperative
Deploying AI at scale requires coordinated governance, as initiatives cut across IT architecture, legal interpretation, privacy obligations, information security controls, and business operations. These interdependencies require shared visibility into how systems and applications are deployed, how data is used, and where risk resides. In this environment, clearly defined ownership and accountability are critical to ensuring AI use cases are evaluated and governed consistently.
You can’t have governance exist in a bubble.
To support this coordination, many organizations are formalizing governance through cross-functional boards and structured oversight models. The panel described collaborative forums that bring technical and risk leaders together to evaluate use cases and assess exposure. In regulated industries, frameworks such as the “three lines of defense” are used to clarify risk ownership, while data owners and data stewards validate that data is fit for purpose before it enters AI systems.
From risk management to strategic advantage
For years, information and data governance have largely been viewed through a defensive lens—focused on compliance, retention, and risk mitigation. Now, AI is reframing that role by exposing data quality issues immediately and tying them directly to model accuracy and decision-making. In this environment, AI makes governance a visible driver of performance and the foundation for trustworthy, high-performing systems.
AI has really changed the math. It's given us the ability for governance to be an offensive capability.
This shift places new emphasis on trusted data sources and disciplined validation. Rather than opening entire repositories to AI systems, organizations are increasingly certifying fit-for-purpose data sets aligned to specific use cases. Permissions must also carry through to AI agents, ensuring systems access only what a user is authorized to see.
While AI can assist with retention, classification, and surfacing records, accountability remains human—reinforcing that governance enables innovation, but people remain responsible for its outcomes.
AI readiness is governance readiness
The discussion made one point clear: AI amplifies the importance of governance. As organizations integrate AI more deeply into operations, information governance professionals move from downstream enforcement to upstream strategic influence. Those that embed strong data foundations and accountability frameworks into their AI strategies will be better positioned to scale responsibly and deliver trustworthy outcomes.
To see how governance leaders are operationalizing oversight to support AI innovation, visit Iron Mountain’s 2026 Education Series to watch the on-demand recording of “Intelligence by design: Setting the IG foundation for an AI-driven future.”