Data Governance Framework for University of Virginia (Academic Division)

Find.  Understand.  Trust.

Version 1.0 March 10, 2020

Vision

Data is a valued and trusted institutional asset used to support academic and non-academic strategic decision-making and operational interests.  University data is well-defined, of high quality, managed in compliance with all rules and policies, and accessible to stakeholders who have been trained to use it appropriately and responsibly.

Mission

Data governance focuses on improving data quality and usability; enabling appropriate access to data; establishing consistent data definitions; complying with privacy, legal and regulatory rules, and institutional data policies; and setting a strong foundation for analytics and reporting.

  • Coordinate access, data protection, and governance activities across IT systems and subject/data domains
  • Facilitate access to data and information through clear and coordinated request, requirement, and approval processes
  • Promote the creation and use of a data catalog to improve understanding, quality, and usability of data, information, and reports
  • Coordinate and support data literacy and education on the legal, responsible, and ethical use of data

Goals

  1. Reinforce the importance of data security and privacy and the importance of compliance with all applicable rules and regulations
  2. Make data and information more accessible to users across the Academic Division of the University
  3. Improve the institution’s ability to share data between units
  4. Improve self-service capabilities in support of distributed analytics activity
  5. Improve data confidence, discoverability, and usability with a focus on quality and documentation
  6. Improve data literacy and awareness on the responsible and ethical uses of data with training and education
  7. Ensure that individuals with Governance roles understand their responsibilities and are actively engaged in the process
  8. Balance the need for long-term longitudinal, archival analysis with legal and regulatory retention policies.

Guiding Principles

  1. We take the privacy and security of individual data seriously and every decision we make about increasing the use and accessibility of data is informed by our commitments to privacy and security.
  2. Data is a strategic asset of the University used to support its instructional, research, and public service missions.
  3. Data governance is a program and a business discipline, not a project, which needs an ongoing investment, support, and exposure.
  4. Data will be managed as a shared asset to maximize business value and reduce risk.
  5. Decisions about centralized and localized data/governance solutions will be carefully considered.
  6. Quality Standards for Data will be defined and monitored and should be managed in the system of record.
  7. Access and use of Data will be managed in accordance with appropriate policies.
  8. Data governance policies and decisions will be clearly communicated and transparent.
  9. Data Literacy is a core component of the data governance initiative.

Scope

This Data Governance Framework is limited to the Academic Division of the University and focused on the administrative and academic data domains. This framework is not intended to govern access and use of research data or to govern data and access in the Health System.


Roles and Responsibilities

Data Governance Council

The Data Governance Council (DGC) serves as an advisory group to help the University community articulate its commitment to the ethical and responsible use of data, identify areas of opportunity and common interest, promote data awareness and literacy, and implement process improvement in support of the Data Governance Framework. The DGC will be a forum to share and address concerns, areas of common interest, and overlapping issues related to data access and use.

Membership of the DGC will be made up of Data Stewards and Data Stakeholders.  Data Stewards will be subject matter experts who can assist with data definitions, data use standards, data access, and data quality.  Data Stakeholders are primarily the individuals who are responsible for data analytics in the schools and units who can provide input on use cases and areas of need.

Responsibilities of the group will be to:

  • Promote awareness of Data Governance activities within their organizations
  • Ensure that we have a structure that supports a culture of data openness while ensuring the privacy and security of data about individual students and employees
  • Promote data integration across systems (i.e., cross domain).
  • Develop and support data quality standards, processes, and best practices
  • Assist with data education and training
  • Serve as an escalation point for resolution of data issues
  • Promote the shared use of common tools, infrastructure, and software

Members of the DGC will be called on to work on smaller projects related to establishing an overall DG Framework.

The DGC will meet monthly (or as needed) to stay aligned on ongoing activities and planning.

Data Governance (DG) Steering Committee

The DG Steering Committee will ensure that proposed DG activities align with the University’s strategic goals and objectives, prioritize competing initiatives, remove obstacles, and champion the program.  The Steering Committee will be involved in the following:

  • Arbitration of data sharing or governance disputes
  • Sponsorship and promotion of data governance activities
  • Provide input and guidance on initiative resourcing and prioritization.

The DG Steering Committee will meet quarterly (or as needed).

School representation will be on a rotating basis of two years. School representatives have a responsibility to coordinate with and represent their colleagues in the other schools.

Executive Leader
(Christina Morell)

The Executive Leader is responsible for guiding the development of recommendations for consideration by the Steering Committee involving strategy, scope, budget, schedule, and timing; reviewing and approving communications, and engaging stakeholders and data trustees.

Data Governance Director
(Mark Anderson)

The Data Governance Director is responsible for:

  • Providing strategic direction and planning for DG initiatives
  • Collaborating with other data-related programs, offices, or projects
  • Coordinating DG activities with Data Stewards
  • Planning and managing DG projects
  • Administering centralized DG tools/systems
  • Providing centralized communications for governance-led and data-related matters
  • Facilitating and coordinating meetings of the DGC
  • Collaborating with the Executive Leader to ensure appropriate consideration of DG issues in institutional planning and operational activities.

Data Stewards

As Subject Matter Experts in one or more functional areas, Data Stewards have operational oversight for the life cycle of a specific data domain including the definition, intake, and usage of the data. Data Stewards will oversee the development, maintenance, and enforcement of appropriate policies, standards, and procedures for the use of data in their functional areas, including defining criteria for data access authorization. Data Stewards will also work with process owners to ensure the quality of data input into the source systems. Ideally, the role of Data Steward will be formalized in job position descriptions in the HR system.

Data Stewards are appointed by the Data Trustee of their respective Data Domain.  Data Stewards may designate Deputy Data Stewards to assist and/or co-manage the fulfillment of data governance related roles and responsibilities in their data domains. See the current list of Data Stewards.

Data stewards’ responsibilities are grouped into four main areas: operational oversight; data quality; privacy, security, and risk management; and policies and procedures.

  • Operational Oversight: Data stewards play a key role in overseeing the life cycle of a particular set of institutional data.
    • Data stewards are responsible for defining and implementing policies and procedures for the day-to-day operational and administrative management of systems and data, including the intake, storage, processing, and transmittal of data to internal and external systems.
    • To ensure compliance with data policies and procedures, stewards provide training and documentation for employees with data-entry and maintenance responsibilities.
    • As part of the oversight for institutional data, the data steward must be accountable to define and document data and terminology in a business glossary. This includes ensuring that each critical data element has a clear definition and is still being used—or retiring those that are not—and that adequate documentation is developed, maintained, and distributed appropriately.
    • Often, operational oversight accompanies being a process owner; in cases where there are multiple process owners, a high degree of coordination is required to ensure that the processes are aligned with data policies and guidelines.
  • Data Quality: Data stewards assume an important role in ensuring data is reliable.
    • Data stewards are ultimately responsible for establishing data-quality metrics and requirements, including defining the values, ranges, and parameters that are acceptable for each data element.
    • Data stewards help establish procedures for detection and correction of data-quality issues and collaborate with process owners to establish policies, procedures, and internal controls affecting the quality of data.
    • In addition, data stewards engage in the ongoing and detailed evaluation of data quality, the identification of anomalies and discrepancies, and the contribution of expertise to understand the root cause and implement corrective measures. This requires tactical resolution of individual unit records such as invalid field values, duplicate person records, incorrectly merged person records, and incorrect identifiers and attributes.
  • Privacy, Security, and Risk Management: Data stewards are responsible for overseeing privacy, security, and risk management pertaining to data.
    • In one of the more challenging aspects of protecting the data, stewards must establish guidelines and protocols that govern the proliferation of data to ensure that privacy controls are enforced in downstream systems and processes.
    • To be effective, the data steward must compile retention, archival, and disposal requirements, and ensure compliance with institutional policy and regulations.
    • Accordingly, the data steward will establish and implement data-curation practices to ensure that the life span of data is commensurate with requirements.
    • Data stewards must protect data while striking a balance between transparency and privacy. This requires establishing information security requirements, including data classification and identification.
    • In addition, data stewards must be knowledgeable in regulatory and compliance requirements relevant to the data domain to evaluate risks to the confidentiality, integrity, or availability of the data based on an in-depth understanding of processes and the likelihood and impact of adverse outcomes.
  • Policies and Procedures: Data stewards define policies and procedures for access to data, including the criteria for authorization based on role and/or the individual.
    • Responsibilities include oversight of the request, approval, provisioning, and termination processes for access to data to ensure these are appropriate and commensurate with risk.
    • Working closely with data custodians to establish incident-detection controls, stewards evaluate any suspected or actual breaches or vulnerabilities in confidentiality, integrity, or availability and report them to management or information security personnel.

Data Trustees

Trustees are the highest-ranking individuals accountable for what happens with and to data at the University. They are individuals to which issues are escalated and they have strategic-planning and policy-setting authority. Data trustees provide a broad, university-wide view of data, approve policies, resolve questions of procedure, and ensure that data plans are consistent with and in support of university strategic plans.

Data Custodians

Individuals that may be designated by Data Stewards to play a role in the access approval process.

Data Stakeholders

Data stakeholders include the individuals, organizations, and information systems that are granted access to data for specific uses. These may include staff who enter data or use standardized reports in the daily management of the University; individuals granted access to datasets for the purpose of analysis and reporting; leadership who is provided with information and analysis; or downstream systems that ingest or transform data for a specific purpose. All data stakeholders should clearly understand their responsibilities with the data entrusted to them including appropriate use and retention policies.

Data Governance Structure Infographic

Definitions

Data Domain: The set of data and processes related to a specific subject area within one or more systems of record.

Business Glossary: A business glossary is a central repository that contains key business terms whose names and definitions have been agreed upon by cross-functional subject matter experts. The glossary will also document the meta-data, or data about data, associated with the business terms such as key notes that document the institutional knowledge about the terms, best practices on usage, a reporting index where the term is used and associated code and decode values to name a few. The business glossary is designed for non-technical users.

Technical Definition: Information about the tables that the data comes from, any transformations or logic that was used to derive or modify the data between the source system and the warehouse or reporting layer. This information is helpful in discussions between analysts and developers.

Data Catalog: A data catalog can inform both casual users and technical analysts about the available data sets and data fields that are available along with metadata such as the business and technical definitions associated with the data.  A data catalog may also provide the ability to search and retrieve data.

Data Use Standards: Guidelines and policies for handling and protecting the University’s institutional data.

Data Quality: Data quality is a perception or an assessment of data's fitness to serve its purpose in a given context. The quality of data is determined by factors such as accuracy, completeness, reliability, relevance and how up to date it is.


Acknowledgements
Roles and Responsibilities descriptions were developed based on the work of the Educause Center for Analysis and Research:  Backscheider, Nickolas, et al. Establishing Data Stewardship Models. ECAR working group paper. Louisville, CO: ECAR, December 18, 2015.