1.Purpose
The purpose of this policy is to ensure that Institutional Data at The University of North Carolina at Greensboro (the “University” or “UNCG”) has a high degree of integrity and that key Data Elements can be integrated across functions and systems, resulting in greater accuracy, timeliness, and quality of information for decision-making.
2.Scope
This policy applies to all University employees (full-time, part-time, student, and temporary employees), contractors, consultants, interns, students, and other affiliates of the University regardless of location who create, collect, store, manage, maintain, and/or use Institutional Data at UNCG.
3.Definitions and Roles and Responsibilities
3.1Definitions
3.1.1Affiliate of the University (also University Affiliate):
refers to data users external to UNCG who have been granted access to Institutional Data by means of direct provisioning through assigned University credentials or through indirect access via the delivery of data sets, spreadsheets, dashboards, or reports.
3.1.2Data Element:
A singular item of information that is created, collected, stored, or used in a University academic, financial, or administrative processes.
3.1.3Data Integrity:
The validity, reliability, accuracy, and usability of data. Data Integrity relies on a clear understanding of the business processes underlying the data and the consistent definition of each Data Element.
3.1.4Institutional Data:
Also referred to as “University Data,” includes Data Elements that are relevant to the operations, plans, or management of a UNCG academic, financial, or administrative unit, or used in UNCG reporting, decision-making, business, or administrative processes. Institutional Data includes data that falls under external laws or regulations (ex. FERPA, HIPAA, etc.) and may be created at UNCG or imported through various processes into the University’s data systems. Institutional Data includes only data in possession of the University and does not include data in transit to the University, such as research data or purchased data not yet received.
3.2Roles and Responsibilities
3.2.1Data Custodian:
A University employee responsible for managing the technical environment where Institutional Data resides, who ensures safe custody, transport, and storage of that data and is responsible for the implementation of business rules. Data Custodians at UNCG include Technology Custodians and Governance Custodians.
3.2.1.1Governance Custodian:
The University’s Enterprise Data Governance (EDG) team serves as Governance Custodian responsible for the execution and enforcement of policies and processes over the definition, production, quality, and usage of Institutional Data.
3.2.1.2Technology Custodian:
The University’s Information Technology Services (ITS) employees and distributed campus technology employees serve as Data Custodians responsible for providing a secure infrastructure in support of Institutional Data including but not limited to: providing physical security, backup, and recovery processes, granting access privileges with Data Trustee approval, and implementing and administering controls over the data
3.2.2 Data Steward:
A University employee directly responsible for operational-level information management and ensuring Data Integrity. Data Stewards (who may be referred to as Operational Data Stewards, Technical Data Stewards, or Data and Information Stewards) are responsible for metadata management, help build data literacy, handle data inquiries, train and onboard new employees, and elevate policy changes to Data Trustees.
3.2.3Data Trustee:
A University employee (or their designee) who has planning and policy-level responsibilities for Institutional Data within their functional areas and management responsibilities for defined segments of Institutional Data. The Data Trustees as a group have responsibility for broad data management decisions at the institutional level.
3.2.4Departmental Supervisors:
Departmental Supervisors are responsible for identifying individual data access levels and ensuring that proper work processes are in place to maintain Data Integrity.
3.2.5Data Governance Committees:
3.2.5 Formalized groups overseeing the implementation of data governance principles within the organization. Comprising cross-functional representatives, these committees develop and communicate policies, establish data quality standards, and address security and compliance. Their collaborative efforts aim to foster a data-driven culture aligned with organizational goals and regulatory requirements. These are the Data Trustees and Data Stewards committees.
3.2.6Executive Steering Committee:
An executive level governing body that works to align technology investments with University strategic priorities and balance the University’s technology improvement goals with available resources, and sets direction for the university-wide IT vision, considering and recommending campus technology needs and requirements that support the foundational mission and current strategic goals of the institution. The committee works to encourage innovation while managing risk, considers the implications of policy recommendations on behalf of campus stakeholders, and promotes timely and sound decision making.
4.Policy
Institutional Data are important assets of the University that are maintained to support UNCG’s missions of teaching, research, and service. Institutional Data are not only used for operational purposes, but also utilized for analysis, and strategic decision-making. To maximize effectiveness, all individuals covered by the scope of this policy must utilize mechanisms developed to collect, safeguard, and distribute accurate, consistent, and useful Institutional Data to support effective and innovative decision-making and management of University operations.
4.1Accountability
All persons covered by the scope of this policy who create, collect, store, manage, maintain, and/or use Institutional Data in the University’s systems are individually accountable for Data Integrity. They must observe the requirements for confidentiality and privacy, comply with protection and control procedures, and accurately present the Institutional Data in any use.
Although the University is the owner of all Institutional Data, including academic, financial, administrative, and research data, individual University departments, business units, schools, or University groups may have specific responsibilities for portions of the Institutional Data.
4.2Data Access and Protection
The University will make Institutional Data as freely accessible as possible and available to all individuals covered by the scope of this policy who have a legitimate need for it, consistent with the University’s responsibility to preserve and protect such data by all appropriate means. While recognizing the University’s responsibility for the security of Institutional Data, procedures established to protect the data will prudently consider the efficient conduct of operations, planning, and decision-making at all levels of the University. To ensure that Institutional Data is reliable, accurate, and usable, the University will establish clear responsibilities for Institutional Data creation, collection, storage, management, maintenance, and usage.
The value of Institutional Data as a resource is increased through its widespread and appropriate use. Individuals covered by the scope of this policy must not diminish that value through misuse, misinterpretation, or unnecessary access restrictions. They must comply with all reasonable protection and control procedures for Institutional Data to which they have been granted access.
The acquisition and use of Artificial Intelligence (AI) products or services must comply with all University policies and standards governing the security and privacy of institutional data. Any University entity or vendor with an associated AI product or service that has access to sensitive Level 4 or Level 3 data must have documented approval from the Vice Chancellor of Information Technology Services and Chief Information Officer (CIO) or assigned delegate. Any associated AI product or service must adhere to established security industry best practices, such as NIST or ISO security standards, to safeguard data, documents, and materials provided by the University. This includes personally identifiable information (PII), education records (FERPA-protected), health information (HIPAA-protected), confidential research data, financial records, and other sensitive data governed by regulatory or contractual requirements.
5.Compliance and Enforcement
Data Governance committees, in cooperation with other University authorities, administrators, and the Executive Steering Committee, will enforce this policy, and establish standards, procedures, and protocols in support of this policy.
University employees who violate this policy may be subject to disciplinary action subject to the employee’s status (e.g., EHRA non-faculty, SHRA, temporary, etc.), up to and including, termination of employment. Any violation of this policy by a student is subject to the Student Code of Conduct and disciplinary action.
If violation of this policy also results in a violation of the law, the violation may be referred for criminal or civil prosecution.
6.Additional Information
6.1Supporting and Related Policies
6.2Procedures
6.3Approval Authority
The Chancellor has approved this policy and it will be reviewed consistent with the deadlines established in the University’s Policy on Policies and updated as appropriate. Data Governance committees will review this policy annually.
6.4Contacts for Additional Information and Reporting
Responsible Executive: Donna R. Heath, Vice Chancellor for Information Technology Services and Chief Information Officer (CIO), drheath@uncg.edu
Responsible Administrator: Karen Blackwell, Director of the Office of Institutional Research and Enterprise Data Management, kmblackw@uncg.edu
Revisions
| Revision Date | Revision Summary |
|---|---|
| 02/19/2024 | Initial Adoption upon approval by Chancellor |
| 08/18/2025 | The reason for this revision is to add a statement to the Data Integrity Policy to support and safeguard the use of Artificial Intelligence enabled tools and services with university data. |