KPMG's Insights on Data Governance in the Age of AI

KPMG urges stronger AI-era data governance, flags synthetic data quality risks

KPMG released a report on data governance “in the age of AI,” arguing that governance programs need to evolve as AI becomes embedded in business operations and as synthetic data is used more widely. The report emphasizes transparency and accountability in data practices, positioning these as prerequisites for operating safely under tightening privacy and data protection expectations.

While the report notes synthetic data can reduce reliance on real personal data and support privacy and compliance goals, it also highlights practical risks—especially around synthetic data quality and integrity. KPMG’s framing is that governance must cover not only access and privacy safeguards, but also the controls needed to ensure synthetic data remains fit for purpose and doesn’t introduce downstream issues for AI systems.

• Auditability becomes a product requirement. Data teams will increasingly need to prove lineage, privacy posture, and compliance across AI pipelines—not just assert it—especially when synthetic data is part of training or testing workflows.
• Synthetic data shifts risk, it doesn’t remove it. Using synthetic data may reduce exposure to direct personal data handling, but poor utility or integrity can still create operational risk (e.g., degraded model performance) and compliance risk (e.g., inability to justify data decisions under regulatory review).
• Quality controls need to sit inside governance, not outside it. Privacy engineering and ML teams should treat synthetic data validation (utility checks, integrity checks, and fit-for-purpose testing) as governed controls rather than ad hoc evaluation.
• Compliance teams will ask for evidence, not narratives. As regulations tighten, governance programs that can document accountability and decision-making are better positioned to avoid penalties and reputational damage.