By Laini Byfield
Governance
Governance answers: who decides, who audits, who can change rules, and how people can challenge outcomes.
How authority and challenge flow
In a governed small data system, authority flows downward from those who set rules to those who operate programs. Challenge flows upward from the data subject to the appeals layer. Both directions must exist — a system with authority but no challenge path is not governed. It is just powerful.
Authority flows down. Challenge flows up. Every data subject must have a path to both.
Resources
Ethics vs privacy
Why Small Data Ethics is broader than privacy — committees are one mechanism, not the full frame.
Ethics boards
Scope, membership, authority, and what “review” should mean in practice.
Review committees
A pragmatic option for operational systems — faster than boards, still accountable.
What governance requires in small data
Who can change rules vs. who can run loads vs. who can approve exceptions. These must be different people or the control is decorative.
Record source files, load dates, and rule versions. An outcome that cannot be traced to its inputs cannot be contested or repaired.
A clear appeals process with defined evidence standards and timelines. “We have an appeals process” is not governance. A process with a documented path and a response commitment is.
Suppression and aggregation rules for reporting. When a cohort is small enough that individuals are identifiable in aggregate data, governance requires a documented suppression standard.
A board that can only advise is not governance. Governance requires the authority to say no, demand changes, and require a repair plan when systems fail.