PURPOSE AND BACKGROUND
ÃÛÌÒÊÓƵ University is a committed steward of its institutional data, providing a framework to ensure the security, privacy, integrity, quality, and governed usage of produced data throughout the data life cycle.
Institutional data are a critical component of ÃÛÌÒÊÓƵ University’s operations and decision-making process. Without proper governance, the University may engage in inefficient practices or be exposed to undue risk.
In response to Texas Senate Bill 475, the University has designated a Data Management Officer, formed a Data Governance Committee, initiated an internal review of all data systems and practices, and designed and instituted a set of data governance policies.
The Data Governance Committee was formed in Fall 2022 and is comprised of a robust cross-section of campus leaders. After the formation of working groups conceptually focused on policy, definitions, and data systems, a general data governance framework was developed. The framework focuses on quality processes by which people interact with data, the systems and technology facilitating and delivering data to stakeholders, the security of the data systems, the privacy of its users, and the overarching governance guiding the University in its data usage. The designed framework and subsequent data governance policies were endorsed and adopted by the committee and executive leadership for use across the University. The policies allow for greater fidelity of implementation for practices involving data systems and processes.
SCOPE
This policy applies to all faculty, staff, and students who leverage data systems and data produced by these systems on behalf of ÃÛÌÒÊÓƵ University.
CORE PRINCIPLES AND FRAMEWORK
The data governance policy is constructed along four core principles:
- A hierarchy of data governance and ownership.
- Processes that define data quality and the associated data certification processes.
- Established data security and privacy policies.
- A well-defined range of data definitions that span multiple systems and functional areas across the University.
STRUCTURE OF DATA GOVERNANCE AND OWNERSHIP HIERARCHY
Executive
- Data Executives
- Examples of key Data Executives include the University President, Provost, and Chief Financial Officer (CFO).
- Act as the ultimate authority and responsible party for the institution’s data.
- Provide approval for policies and guidelines generated by the Data Governance Committee.
Guidance and Strategy
- Data Management Officer
- Establishes and maintains data governance program.
- Classifies data.
Facilitates the Data Governance Committee.
- Posts high-value data sets to the Texas Open Data Portal.
- Data Governance Committee
- Determines data governance policies and guidelines for executive approval.
- Defines key terms to build a consensus language around data across the University.
- Catalogues and monitors University data systems to determine compliance, ownership, and need.
Stewardship
- Data Owner
- Acts as primary point of contact for their requisite system.
- Charged with overseeing data quality.
- Provides guidance for update parameters.
- Sets permissions for data access (covers ad hoc requests as well as larger system-level integrations).
- Data Stewards
- Act on behalf and, at times, under direction of the Data Owner.
- Serve as subject matter experts for their requisite system.
- Are responsible for day-to-day activities and maintaining the guidelines set by the Data Owner.
- Serve as a resource for Functional personnel.
Functional
- Data Specialists
- Report on data systems and support Data Consumers and Producers.
- May update data systems under direction of Data Owner.
- Work with Data Owners to resolve errors.
- Direct access to data systems.
- Serve as technical subject matter experts.
- Data Consumers
- Leverage data governance framework to guide usage.
- Provide feedback to Stewardship personnel as to data quality, format, and need.
- Data Producers
- Follow procedures defined by Stewardship personnel to load data in the proper format and context.
- Perform data corrections prescribed by Stewardship personnel.
Ancillary or External
- Vendors
- Provide data-related services.
- Auditors
- Conduct investigations into data systems and processes to determine fidelity of data and reporting.
DATA QUALITY AND CERTIFICATION PROCESSES
Data Producers and Consumers are expected to follow appropriate procedures when inputting and consuming system data. There is also an expectation that system data will be current, and any discovered inconsistencies or errors will be resolved in a timely manner to facilitate high data fidelity. Data Stewards, in conjunction with Data Specialists, should work to verify and vet outputs for quality, consistency, and integrity. All University data should adhere to the adopted Data Management Life Cycle.
1. Define and Contextualize
Data should be certified and classified using the Data Certification and Data Classification levels contained in the University’s Data Governance Policy.
2. Create, Clean, and Format
Data reports may be created across a variety of systems but should adhere to the same general practice throughout development. Data Specialists will work in conjunction with Data Owners and Data Stewards to create data reports. Data checks will occur between Data Specialists and Data Owners and Data Stewards. Data Specialists will also include Data Consumers during the formatting process.
3. Distribute or Automate
Data outputs (reports, files, etc.) should be scheduled or distributed via the appropriate platform utilizing the correct security controls in place.
4. Archive Inactive
When archiving or inactivating data, the existing University policies on records management should be followed.
5. Dispose
When disposing of University data, the existing University policies on records management should be followed.
Data and reporting platforms will adhere to a system of certification and classification that informs users as to the supplied data’s requisite status concerning the fidelity of the data being supplied and the determined limits upon uses and capacity for distribution.
DATA CERTIFICATION
- Certified for Official Reporting
- In general, these data will adhere to methodology provided by either the Texas Higher Education Coordinating Board (THECB) or the Integrated Postsecondary Education Data System (IPEDS) or other state or federal regulatory body. Data have been cleaned, vetted, and used for official University reporting.
- Certified for Internal Reporting
- In most instances, these will be live data from the Banner ERP system that are dynamic and subject to daily change. Known data issues have been documented and common data definitions can be found in the Data Glossary. Data are intended to be used for internal decision-making.
- In Progress
- Data reports that are under active development and, as such, although the initial form and layout of associated reports are in place, they are not final. Some data definitions may not be available in the Data Glossary. All issues may not be known or fully documented.
- Not Certified
- No quality checks have been applied. Associated reports are at the earliest stage of development. All risks are fully assumed by the user.
DATA CLASSIFICATION
- Regulated (Red)
- Information that is controlled by a state or federal regulation or other 3rd party agreement.
- Confidential (Orange)
- Information that must be protected from unauthorized disclosure or public release (exempted from the Public Information Act), based on state or federal law or other legal agreement.
- Sensitive (Yellow)
- Information that could be subject to release under an open records request but should be controlled to protect third parties.
- Public (Green)
- Information that is free and without reservation made available to the public.
DATA SECURITY AND PRIVACY
Data governance will generally follow guidelines established by existing University IT security policies. At a minimum, those interacting with University data should:
- Maintain the confidentiality and integrity of University data.
- Adhere to and maintain compliance with applicable laws, codes, controls, rules, and regulations.
- Adhere to data certification and classification protocols.
- Adhere to all established University IT security policies in any interaction with University data.
With respect to student data privacy involving education records, the University complies with the privacy standards established by the Family Educational Rights and Privacy Act of 1974 (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and other applicable federal and state laws.
Both students and employees have the option to request a hold on any publicly available directory information that may be supplied via an open records request via the Public Information Act (PIA).
IDENTIFIED AND DEFINED TERMS
The University will maintain a glossary of identified and defined terms as related to University data and data governance. The complete glossary is housed on the public-facing website and will undergo a biannual review (December and May of each academic year) to revise existing terms as well as add new ones. The Data Management Officer is responsible for maintenance of the glossary and will facilitate updates through the Data Governance Committee.
ENFORCEMENT
Failure to adhere to the provisions of this policy statement may result in:
1. Loss of ÃÛÌÒÊÓƵ University Information Resources access privileges.
2. Disciplinary action up to and including termination for employees, contractors, or consultants.
3. Dismissal for interns and volunteers.
4. Suspension or expulsion in the case of a student.
5. Civil or criminal prosecution.
REVISION AND RESPONSIBILITY
Oversight Responsibility: Office of Data, Analytics, Reporting, and Analysis
Review Schedule: Every two years
Last Review Date: 02/15/2024
Next Review Date: 02/15/2026