IAPP Executive Describes Who Owns AI Governance
Fragmented AI governance ownership is a live challenge in government agencies too - APS practitioners may recognise the coordination gaps described.
Key points
- IAPP research finds no consistent model for AI governance ownership across organisations, with privacy teams often absorbing responsibility.
- Cybersecurity, data-governance, and privacy functions are all being pulled into AI governance work, creating coordination friction.
- This is a private-sector-focused interview with limited direct APS applicability, though the governance fragmentation pattern is familiar.
Summary
An IAPP interview with Ashley Casovan, managing director of the IAPP's AI Governance Center, finds that organisations lack a consistent model for AI governance ownership. Privacy teams frequently carry primary responsibility by default, with cybersecurity and data-governance functions also drawn in. Governance work spans policy activities such as translating principles into rules and establishing committees, as well as technical tasks including data-minimisation and consent assessments. The pattern suggests role ambiguity and resourcing shortfalls are widespread, though the interview focuses on the private sector.
Implications for Australian agencies
- Consider APS agencies developing or reviewing AI governance structures could use these patterns to benchmark how clearly they have defined ownership across legal, privacy, security, and operational functions.
- Monitor Teams tracking whole-of-government AI governance maturity may want to monitor whether IAPP produces more detailed research or frameworks that translate to public-sector contexts.
Implications are AI-generated. Starting points, not advice.
"IAPP Executive Describes Who Owns AI Governance" Source: Let's Data Science – AI Governance Published: 4 May 2026 URL: https://letsdatascience.com/news/iapp-executive-describes-who-owns-ai-governance-64324c43 An IAPP interview with Ashley Casovan, managing director of the IAPP's AI Governance Center, finds that organisations lack a consistent model for AI governance ownership. Privacy teams frequently carry primary responsibility by default, with cybersecurity and data-governance functions also drawn in. Governance work spans policy activities such as translating principles into rules and establishing committees, as well as technical tasks including data-minimisation and consent assessments. The pattern suggests role ambiguity and resourcing shortfalls are widespread, though the interview focuses on the private sector. Implications for Australian agencies: - [Consider] APS agencies developing or reviewing AI governance structures could use these patterns to benchmark how clearly they have defined ownership across legal, privacy, security, and operational functions. - [Monitor] Teams tracking whole-of-government AI governance maturity may want to monitor whether IAPP produces more detailed research or frameworks that translate to public-sector contexts. Retrieved from SIMS, 18 May 2026.