1.Purpose
The purpose of this policy is to ensure that Institutional Data at The University of North Carolina at Greensboro (the “University” or “UNCG”) has a high degree of integrity and that key Data Elements can be integrated across functions and systems, resulting in greater accuracy, timeliness, and quality of information for decision-making.
2.Scope
This policy applies to all University employees (full-time, part-time, student, and temporary employees), contractors, consultants, interns, students, and other affiliates of the University regardless of location who create, collect, store, manage, maintain, and/or use Institutional Data at UNCG.
3.Roles and Responsibilities
Institutional Data are important assets of the University that are maintained to support
3.1Definitions
3.1.1Affiliate of the University (also University Affiliate):
refers to data users external to UNCG who have been granted access to Institutional Data by means of direct provisioning through assigned University credentials or through indirect access via the delivery of data sets, spreadsheets, dashboards, or reports.
3.1.2Data Integrity:
The validity, reliability, accuracy, and usability of data. Data Integrity relies on a clear understanding of the business processes underlying the data and the consistent definition of each Data Element.
3.1.3Data Element:
A singular item of information that is created, collected, stored, or used in a University academic, financial, or administrative processes.
3.1.4Institutional Data:
Also referred to as “University Data,” includes Data Elements that are relevant to the operations, plans, or management of a UNCG academic, financial, or administrative unit, or used in UNCG reporting, decision-making, business, or administrative processes. Institutional Data includes data that falls under external laws or regulations (ex. FERPA, HIPAA, etc.) and may be created at UNCG or imported through various processes into the University’s data systems. Institutional Data includes only data in possession of the University and does not include data in transit to the University, such as research data or purchased data not yet received.
3.2Roles and Responsibilities
3.2.1Data Custodian:
A University employee responsible for managing the technical environment where Institutional Data resides, who ensures safe custody, transport, and storage of that data and is responsible for the implementation of business rules. Data Custodians at UNCG include Technology Custodians and Governance Custodians.
3.2.1.1Governance Custodian:
The University’s Enterprise Data Governance (EDG) team serves as Governance Custodian responsible for the execution and enforcement of policies and processes over the definition, production, quality, and usage of Institutional Data.
3.2.1.2Technology Custodian:
The University’s Information Technology Services (ITS) employees and distributed campus technology employees serve as Data Custodians responsible for providing a secure infrastructure in support of Institutional Data including but not limited to: providing physical security, backup, and recovery processes, granting access privileges with Data Trustee approval, and implementing and administering controls over the data
3.2.2 Data Steward:
A University employee directly responsible for operational-level information management and ensuring Data Integrity. Data Stewards (who may be referred to as Operational Data Stewards, Technical Data Stewards, or Data and Information Stewards) are responsible for metadata management, help build data literacy, handle data inquiries, train and onboard new employees, and elevate policy changes to Data Trustees.
3.2.3Data Trustee:
A University employee (or their designee) who has planning and policy-level responsibilities for Institutional Data within their functional areas and management responsibilities for defined segments of Institutional Data. The Data Trustees as a group have responsibility for broad data management decisions at the institutional level.
3.2.4Departmental Supervisors:
Departmental Supervisors are responsible for identifying individual data access levels and ensuring that proper work processes are in place to maintain Data Integrity.
3.2.5Data Governance Committees:
3.2.5 Formalized groups overseeing the implementation of data governance principles within the organization. Comprising cross-functional representatives, these committees develop and communicate policies, establish data quality standards, and address security and compliance. Their collaborative efforts aim to foster a data-driven culture aligned with organizational goals and regulatory requirements. These are the Data Trustees and Data Stewards committees.
3.2.6Executive Steering Committee:
An executive level governing body that works to align technology investments with University strategic priorities and balance the University’s technology improvement goals with available resources, and sets direction for the university-wide IT vision, considering and recommending campus technology needs and requirements that support the foundational mission and current strategic goals of the institution. The committee works to encourage innovation while managing risk, considers the implications of policy recommendations on behalf of campus stakeholders, and promotes timely and sound decision making.
4.Policy
Institutional Data are important assets of the University that are maintained to support UNCG’s missions of teaching, research, and service. Institutional Data are not only used for operational purposes, but also utilized for analysis, and strategic decision-making. To maximize effectiveness, all individuals covered by the scope of this policy must utilize mechanisms developed to collect, safeguard, and distribute accurate, consistent, and useful Institutional Data to support effective and innovative decision-making and management of University operations.
4.1Accountability
All persons covered by the scope of this policy who create, collect, store, manage, maintain, and/or use Institutional Data in the University’s systems are individually accountable for Data Integrity. They must observe the requirements for confidentiality and privacy, comply with protection and control procedures, and accurately present the Institutional Data in any use.
Although the University is the owner of all Institutional Data, including academic, financial, administrative, and research data, individual University departments, business units, schools, or University groups may have specific responsibilities for portions of the Institutional Data.
4.2Data Access and Protection
The University will make Institutional Data as freely accessible as possible and available to all individuals covered by the scope of this policy who have a legitimate need for it, consistent with the University’s responsibility to preserve and protect such data by all appropriate means. While recognizing the University’s responsibility for the security of Institutional Data, procedures established to protect the data will prudently consider the efficient conduct of operations, planning, and decision-making at all levels of the University. To ensure that Institutional Data is reliable, accurate, and usable, the University will establish clear responsibilities for Institutional Data creation, collection, storage, management, maintenance, and usage.
The value of Institutional Data as a resource is increased through its widespread and appropriate use. Individuals covered by the scope of this policy must not diminish that value through misuse, misinterpretation, or unnecessary access restrictions. They must comply with all reasonable protection and control procedures for Institutional Data to which they have been granted access.
5.Compliance and Enforcement
Data Governance committees, in cooperation with other University authorities, administrators, and the Executive Steering Committee, will enforce this policy, and establish standards, procedures, and protocols in support of this policy.
University employees who violate this policy may be subject to disciplinary action subject to the employee’s status (e.g., EHRA non-faculty, SHRA, temporary, etc.). Violations by students are subject to the Student Code of Conduct and related disciplinary action.
6.Additional Information
6.1Supporting and Related Policies
6.2Procedures
6.3Approval Authority
The Chancellor has approved this policy on February 19, 2024, and it will be reviewed consistent with the deadlines established in the University’s Policy on Policies and updated as appropriate. Data Governance committees will review this policy annually.
6.4Contacts for Additional Information and Reporting
Responsible Executive: Donna R. Heath, Vice Chancellor for Information Technology Services and Chief Information Officer (CIO), [email protected]
Responsible Administrator: Alice Fleck, Enterprise Data Governance Manager (EDGM), [email protected]
Revisions
| Revision Date | Revision Summary |
|---|---|
| 02/19/2024 | Initial Adoption upon approval by Chancellor |