← All Episodes

Episode 15

Challenges and Strategies in Implementing AI with Data Governance

37 min

About This Episode

In episode 15 of Data & AI Heads, host Ian Allison speaks with Miguel Guillen, who leads data strategy and data governance operations at Zoom and brings over 15 years of experience at Microsoft, AWS, and Pepsi. The conversation centers on the practical challenges organizations face when feeding data into AI systems and large language models, and why strong governance cannot be an afterthought when the pressure to ship AI is high.

Miguel breaks down the critical differences between governing structured and unstructured data, explains a tiered approach to data restriction that starts with hard regulatory lines like HIPAA and works down to general information, and shares how AI agents and automated classification tools can accelerate governance work without replacing human oversight. He illustrates the limits of automation with a concrete real estate address example, showing why a small but meaningful percentage of edge cases always requires human judgment.

The episode closes with a practical three-part framework: robust policy frameworks anchored in GDPR and CCPA, tight alignment with business goals, and the optional but valuable addition of data stewards embedded inside business teams. Miguel argues that sustainable AI implementation requires a cultural shift in which every employee who touches data understands their role in maintaining its quality, framing data as the new gold and personal accountability as the foundation of trustworthy AI outcomes.

Key Takeaways

  1. Feeding large language models without governance controls is a real organizational risk: structured data has established permission and masking tooling, but unstructured data such as flat files, images, and documents lacks those same guardrails and requires explicit classification before ingestion.
  2. A tiered data restriction model works from the most sensitive level outward: start with hard regulatory lines such as HIPAA patient records and social security numbers, move to company policy restrictions like salary data, and work down to unrestricted general information.
  3. AI classification agents can dramatically accelerate data governance for unstructured documents, flagging PII patterns at scale, but Miguel cautions that false positives and edge cases mean human reviewers must remain in the loop, citing a real example where a misconfigured filter suddenly generated 10,000 flags instead of the expected few thousand.
  4. A practical governance framework for AI implementation has three layers: first, robust policy frameworks built on GDPR, CCPA, and industry standards; second, alignment with business goals so data is neither locked down to the point of uselessness nor opened so broadly that it creates legal exposure; and third, data stewardship roles embedded within business teams when resources allow.
  5. For structured data, Miguel recommends automated data validation rules, scalable pipelines using formats like Parquet, and an AI-readiness mindset that progressively replaces manual steps with agents while keeping human checkpoints intact.
  6. For unstructured data, proper metadata tagging is essential because data must be both discoverable and traceable, and landing zones in cloud environments like AWS S3 or Azure should feed into organized, validated pipelines rather than acting as permanent storage.
  7. Data accountability must shift from a narrow IT or data-team responsibility to an organization-wide culture: every employee who touches data is a steward of its quality, and Miguel uses the analogy of holding a bag of gold to make that responsibility tangible.
  8. The positive case for distributed data accountability is not just risk avoidance: when frontline users tag and enrich data correctly, data scientists and AI models can extract progressively more value, improving model accuracy from, for example, 75 percent to 80 or 85 percent quality thresholds.

What We Cover

Structured vs. unstructured data governance for AI Tiered data restriction and PII masking strategies AI agents and automated document classification GDPR and CCPA compliance in AI implementations Policy frameworks and business alignment for data governance Data stewardship models and embedded SME roles Human oversight in agentic AI workflows Building a data-accountability culture across the organization

Frequently Asked Questions

Why is unstructured data harder to govern than structured data when feeding AI models?

Structured data such as databases and tables comes with established permission systems, user-based access controls, and masking tooling developed over decades of data warehousing practice. Unstructured data, including flat files, text documents, images, and videos, lacks those built-in controls, making it easy to feed directly into large language models without applying any security or compliance filters. Miguel Guillen emphasizes that organizations must apply the same tiered restriction logic to unstructured data, starting with hard regulatory no-nos like patient records and social security numbers, before any of it reaches a model.

How can AI agents help with data classification and governance without removing humans from the process?

AI classification agents can scan large volumes of documents, recognize patterns like credit card numbers and generic PII, and flag items for review, allowing a small team to cover ground that would otherwise require many more people. Miguel Guillen describes a workflow where an agent flags items once, a human reviews and confirms them, and then the agent is instructed to report future matches automatically rather than requiring repeated review. However, he cautions that false positives still occur and edge cases remain, citing an example where a misconfigured filter produced 10,000 flags in a single day, which required human investigation to resolve. The recommended posture is two people supported by ten agents, not a fully autonomous pipeline.

What is the three-part framework Miguel Guillen recommends for governing data in AI implementations?

Miguel recommends a two-plus-one framework. First, establish robust policy frameworks grounded in GDPR, CCPA, and relevant industry standards, because these provide stable, non-negotiable guardrails. Second, align data governance decisions with business goals, since locking data down so tightly that the business gains no value defeats the purpose, while opening everything up creates legal exposure. Third, when budget and headcount allow, introduce data stewards, either dedicated hires or subject-matter experts identified within existing business teams, who take on responsibility for data quality, tagging, and compliance reporting for their specific data sets.

Who should be accountable for data quality when an AI model or agent produces a bad outcome?

Miguel Guillen argues that accountability is distributed across everyone who touches the data, not concentrated at the point of AI output. The mindset that data quality is solely the data team's or IT department's responsibility needs to change. He recommends identifying data SMEs within each business unit and giving them lightweight stewardship responsibilities, such as quality rule monitoring and ingestion reporting, so that problems can be traced back through the data lineage to the specific point of failure. The goal is to build a culture where each person treats the data they handle like a bag of gold they are personally responsible for while it is in their possession.

What practical governance steps apply specifically to structured data pipelines intended for AI use?

Miguel Guillen outlines three steps for structured data. First, implement automated data validation rules that run consistently and only need manual review when a new data set is onboarded. Second, build scalable pipelines using optimized file formats such as Parquet so that data movement does not require manual intervention at each step. Third, adopt an AI-readiness mindset by continuously asking whether manual steps can be replaced by agents or automated filters, reducing the human effort required while maintaining quality checkpoints at critical junctures.

How does Zoom or a similar large organization handle the balance between AI innovation speed and data governance compliance?

Based on Miguel Guillen's experience leading data strategy and governance at Zoom, the balance is maintained through the combination of stable policy frameworks, close alignment with what the business actually needs from its data, and embedded data stewards who serve as the bridge between governance rules and day-to-day operations. Executives pushing for rapid AI adoption and governance teams enforcing compliance are not inherently opposed; the framework exists to find the operational middle ground where innovation can move quickly without creating legal exposure or data breaches. Removing governance entirely in pursuit of speed is described as a path to the wild west, where data breaches and lawsuits become inevitable.

Why does data governance still require human judgment even when mature AI classification tools are available?

Even well-trained classification tools produce false positives and miss edge cases that require contextual reasoning machines cannot yet provide. Miguel Guillen illustrates this with a real estate address example: a new property development may have an address assigned by an agent before it appears in any official database, including USPS and Google, meaning no tool can confidently validate or reject it. A human must make a judgment call based on timing, business context, and available evidence. This type of outlier, small in volume but consequential in impact, means human oversight remains essential in any AI-assisted data governance workflow.

About the Guest

Miguel Guillen

Miguel Guillen is a data strategy and data governance leader with over 15 years of experience across enterprise technology, consumer goods, and cloud platforms. He has held roles at Microsoft, AWS, and Pepsi, and currently leads data strategy and data governance operations at Zoom. His expertise spans structured and unstructured data management, regulatory compliance including GDPR and CCPA, AI readiness, and the design of scalable data pipelines. Miguel is a practitioner advocate for distributed data accountability, embedding governance responsibilities within business teams rather than siloing them in central IT functions, and for the thoughtful integration of agentic AI tools into governance workflows without removing human oversight.

Connect on LinkedIn →

More Episodes