Archos Labs
AI Readiness

Five Data Decisions Founders Get Wrong

Rob Angeles3 min readPublished
Share
Figure with one key facing three identical doors labeled the same, each hiding a different room. One shadow beneath all three

Data governance isn't an enterprise program. For founders, it's five decisions that determine whether your AI outputs are usable and your customer data is safe.

Your CRM has three versions of the same customer. Your AI summarization tool is pulling from all of them. The output looks confident. It is wrong about two of the three accounts, and you have no way to know which one.

That is a data governance failure. It took no negligence to create it, just default settings and a few contractor logins that never got cleaned up.

The decisions you're already making by accident

Founders are not skipping data governance. They are doing it constantly, by default, with no awareness that the defaults compound. What gets stored, where it lives, who can read it, what format it takes, and how it connects to the tools that run on top of it — those are governance decisions. The research linking poor data control to weaker machine learning performance and higher operational risk in small firms is not describing enterprise failures. It is describing what happens when a ten-person team uses four SaaS tools with no shared logic about how a customer record should look.

The OECD, NIST, and ISO frameworks treat data quality and access accountability as preconditions for trustworthy AI output. Not scaling milestones. Preconditions. That framing matters because it places the problem upstream of the model, not inside it.

When the vendor's model isn't the problem with the vendor's output

Here is the counterargument worth taking seriously: you are using GPT-4 via API, a CRM with built-in deduplication, and a no-code automation tool. The vendors have engineering teams. They handle input validation. Why add a governance layer on top of infrastructure built by people smarter than you?

Because the model processes what you send it. OpenAI's model does not know your customer records are duplicated. Salesforce's deduplication only works on data inside Salesforce. The contractor you gave admin access to in February, who exported a list to a personal Google Sheet before offboarding, is outside every vendor's jurisdiction. The five decisions this article describes sit entirely on your side of the API call. No vendor touches them.

What the five decisions actually are

Canonical record ownership: one system holds the authoritative version of each entity. Everything else reads from it, does not write to it independently.

Access tiering: not everyone needs write access. Not every contractor needs any access. The research connects undifferentiated access directly to elevated operational risk.

Format consistency: if a date field accepts four formats, your AI tool will treat them as four different signals. Pick one. Enforce it at input.

Data provenance: know where each dataset came from and when. Without provenance, you cannot audit an AI output that surprises you, and you cannot remove data you later learn was collected improperly.

Retention limits: data you do not need is liability you are carrying for free. Delete it on a schedule. The schedule does not need to be sophisticated. It needs to exist.

None of these require a data team. None require a steering committee. They require one person to make a decision and write it down somewhere the rest of the team can find.

What this looks like when it breaks

I have watched a founder spend three weeks trying to debug why their AI-generated sales emails were addressing the wrong contacts at the right companies. The model was fine. The contact-to-account mapping in their CRM had been broken since a CSV import eight months earlier, and no one had set a canonical record rule. Three weeks of debugging a data entry problem from 2023.

That is the real cost. Not a compliance fine. Not a breach. Just three weeks of a founder's time chasing a ghost that a single format rule would have prevented.

Share
Rob Angeles

Written by

Rob Angeles

Most consulting engagements split the thinking from the doing. Rob doesn't. Principal Consultant at Archos Labs, he owns the full stack — assessment, architecture, delivery — across retail, financial services, healthcare, and government.

Search across all essays