Unless you are living under an iceberg in the middle of Nanuvut, you’ve probably heard or seen the popular buzz phrase: “Data is the new oil”.
Lately, every time I hear it, I can’t help but ask [read: overthink] whether that’s true, what does it mean for everything downstream that depends on data? Is data, by itself, as a stand-alone enough to create real, sustainable value?
Instead, I think about it this way: if data is the crude oil, then surely information is the refined fuel, and knowledge is the vehicle (or engine) that moves us forward….driving innovation, collaboration, and progress (hopefully with a bit of laughter and conversation along the way)!
However, just like any vehicle, the journey can only go as far as how well we protect and maintain what powers it.
In today’s digital era, are organizations really treating data, information, and knowledge as the mission-critical assets they are?
For the last two semesters, I’ve had the privilege of studying data, information & knowledge at Columbia University. Over this time, a real distinct image and depth od understanding has grown. These terms are no longer abstract concepts in everyday jargon but real, strategic resources that need active stewardship. And….as AI systems take a more central role in business processes, the stakes get higher. Today, strong data governance and protection aren’t just smart, they’re non-negotiable. They’re what keep data trustworthy, information accurate, and knowledge usable in ways that are both ethical and impactful.
All of this directly influences how effective and fair AI models are, and ultimately, whether they deliver long-term value. So how do we protect these core assets while still pushing ahead with AI-driven growth?
Well, it starts with understanding the often inappreciable difference between data, information, and knowledge and treating the nuance with care it deserves. Building a solid data governance framework is key, especially for staying compliant….but I believe that’s only half the equation. Pair it with smart knowledge management strategies, and you’ve got a foundation for AI systems that don’t just meet regulatory and ethical standards; they actually help you hit your business goals!
In this article I’ll explore the critical differences between data, information, and knowledge; and why they matter more than ever in building a future-ready AI strategy. I’ll look at how these layers interact, and how strong governance, and well-designed knowledge management frameworks can amplify AI’s ability to protect and harness these strategic assets.
Defining the Assets: Distinguishing Data, Information, and Knowledge
Let’s start at the base: data – this is the raw, unprocessed stuff – numbers, text, images, audio, sensor readings. Essentially, it is isolated facts without structure or context. Organizations collect mountains of it every day from various sources. On its own, data has little strategic value. It’s just noise until it’s organized and analyzed with intention.
That’s where information comes in. When data is processed, cleaned, structured, and interpreted, it becomes information. It answers the “who,” “what,” “where,” and “when”, adding context and relevance. Information gives organizations the clarity needed to spot trends, evaluate performance, and make informed decisions.
A great example of this transformation in action comes from NASA’s Apollo missions. As highlighted in Hoffman, E. J., Kohut, M., & Prusak, L.’s The Smart Mission: NASA’s Lessons For Managing Knowledge, People, And Projects MIT Press ((2023), NASA had to manage and make sense of massive streams of telemetry data in real time. Their ability to convert raw data into actionable information, insights that could be immediately understood and acted upon, was essential to mission success. Without that structured layer of information, decision-making would have been delayed, or worse, misinformed.
Here’s the kicker: information still isn’t the endgame.
Knowledge, the application of information in context, is where true strategic value is unlocked. It’s the “how” and “why” behind organizational decisions. It enables foresight, innovation, and learning. And this is where many organizations hit a wall. The challenge isn’t finding information; it’s knowing how to use it effectively.
Jacobson and Prusak nailed this in The Cost of Knowledge Harvard Business Review (2006). They pointed out that while companies throw money at data lakes and search tools, they often ignore the harder problem: helping employees interpret, internalize, and apply what they find. Without a system that supports the conversion of information into knowledge, AI strategies will fall flat.
Data & Information Governance: Building AI on a Solid Foundation
In the current regulatory climate, where AI laws regulations are quickly gaining momentum (think the EU’s AI Act, Canada’s Artificial Intelligence and Data Act (AIDA), and China’s administrative AI measures and draft AI law – let’s leave the US out for now) there’s no room for improvisation. Any AI strategy worth implementing must be rooted in compliance from inception.
It starts with the basics: privacy and data protection laws (*surprise, surprise*). Regulations like the General Data Protection Regulation (GDPR) in Europe define strict rules around how personal data is collected, used, stored, and shared. They demand transparency, informed consent, and user rights like data access and erasure. Fall short, and the consequences are real and costly; fines, reputational damage, and lost trust.
But this is just the floor, not the ceiling. Stay with me!
Emerging AI-specific regulations are now pushing beyond privacy to demand explainability, accountability, and fairness in AI systems. That means AI strategies, as companies begin to develop them, cannot just tack on compliance as an afterthought. These requirements must be built into your data governance frameworks by design and by default; from data collection all the way to model deployment and monitoring.
A robust data and information governance framework provides the infrastructure needed to manage assets across the AI lifecycle. This includes:
- Data classification and role-based access controls to ensure only the right people have access to sensitive information;
- Metadata management to track data provenance, lineage, and context;
- Adequate security protocols including encryption to protect data in transit and at rest; and
- Bias detection and mitigation tools embedded into the pipeline to uphold fairness and compliance
The goal is to be proactive, ensuring end-to-end data and information protection throughout the entire AI system lifecycle.
Too often, organizations view compliance as a one-time checklist; however, true governance is continuous. It’s about enabling accountability, building trust, and ensuring that the data feeding AI systems remains reliable, traceable, and protected. In an era where regulation is rapidly evolving, I’m sorry to say compliance is not just a legal necessity; it’s a strategic differentiator [Please, for the love of God, make friends with your legal & compliance teams].
Knowledge Management as a Strategic Enabler
Built on this, AI can elevate how organizations leverage data and information assets to create, share, and apply knowledge; but only if it’s embedded within a broader knowledge management (KM) strategy. As Davenport and Prusak emphasized decades ago in “Working Knowledge: How Organizations Manage What They Know” Harvard Business Press (1998), it’s not just about collecting knowledge, it’s about integrating it into workflows, decision-making, and the organizational fabric.
This distinction becomes clear when we look at some of the really popular high-profile corporate failures.
Take the Equifax data breach, for example; months before the breach, a critical vulnerability in Apache Struts was known internally and a patch was available. However, due to poor asset classification and unclear accountability, the vulnerability remained unaddressed.
Why? If this was so easily fixable? Why? This wasn’t just a technical failure; it was simultaneously a failure of both data governance and knowledge management. It was a lack of strategic oversight and a consequence of operational neglect. The knowledge existed, but there were no mechanisms to escalate, share, or even act on it. It’s a classic example of how fragmented responsibility can undermine even well-resourced organizations. This aptly illustrates the risk of fragmented responsibility and poor data stewardship despite available internal knowledge.
A closer look at most data breaches will demonstrate that the failures weren’t necessarily just technical or with data governance, but due to lack of cross-functional action, ownership, and proper knowledge management. Valuable internal knowledge existed, but there were no effective mechanisms to capture it, share it, or act on it in time. These aren’t just cautionary tales; they’re reminders of what happens when knowledge is siloed, and feedback loops are broken.
To avoid these breakdowns, organizations must treat knowledge management as a core part of their data and information governance, and AI strategy. That means designing systems (and cultures) that not only protect data and information systems, but that also help knowledge flow.
Key KM practices that align with AI strategies include:
- Codifying expert insights into training datasets to improve model accuracy and contextual relevance
- Building knowledge graphs that map relationships across teams, domains, and data sources
- Using intelligent search and recommendation engines to connect employees with the right expertise
- Creating space for tacit knowledge sharing, through intentional workspace design, collaborative rituals, mentorship programs, and cross-functional learning events
Tacit knowledge (i.e., what people know but may not formalize) is often the most strategic and the most underleveraged. AI can’t access it unless organizations build cultures and environments that encourage people to capture it, speak up, reflect, and collaborate. Proper knowledge management isn’t just infrastructure – it’s a mindset. (And as Ed Hoffman states – “People! People! People!).
Without it, AI tools risk becoming impressive but disconnected—technically powerful, yet strategically shallow.
Putting It All Together: A Smarter Foundation for AI
As artificial intelligence becomes embedded in the core of how organizations operate, success won’t come from tech alone. It will come from how well leaders steward their data, information, and knowledge assets. Each plays a distinct role in shaping how AI is trained, deployed, and adapted over time, and each requires its own systems of stewardship.
- Data must be accurate, secure, and governed from the start.
- Information must be structured, contextual, and actionable.
- Knowledge must be shared, applied, and continuously evolved to keep pace with change.
To fully realize the benefits of AI while minimizing risk, organizations must invest in:
- Robust data governance frameworks that manage the entire AI data lifecycle
- End-to-end regulatory compliance processes embedded by design and default
- Comprehensive knowledge management strategies that turn insights into action
Together, these mechanisms don’t just protect critical assets; they amplify organizational intelligence, enabling continuous learning, strategic agility, and long-term innovation.
Call me optimistic – but I don’t believe AI will ever replace human insight. However, with the right foundation, it will become one of its most powerful enablers. The challenge is not just to build AI systems, but to build systems that are ready for AI ….. systems that connect data to decisions, insights to impact, and knowledge to the future.