This policy establishes a governance framework designed to promote and safeguard the appropriate and effective use of Institutional Data.
This governance framework serves three primary purposes:
- Assigning stewardship, management, and custodianship responsibilities for university Institutional Data;
- Empowering the Data Governance Council to advise the University Community about procedures for the effective management and protection of Institutional Data consistent with the needs of the university; and
- Charging the Data Governance Council with recommending standards and procedures related to Institutional Data governance or changes thereto.
Institutional Data is a valued strategic asset of Washington University and is to be provided on an as-needed basis to members of the University Community in furtherance of their University responsibilities.
This Policy, along with the Data Governance Standards, and other standards and procedures that may be established under the authority of the Data Governance Office, establishes the responsibilities of University Community members to properly classify, use, protect, and manage Institutional Data.
Specifically excluded from the definition of Institutional Data are: all clinical, research, scientific and scholarly data; sole possession notes and records that are the personal property of individuals in the University community; and instructional notes and materials.
This Policy complements other relevant policies that apply to Institutional Data. See, e.g., the list of policies in the Appendix.
Roles, Responsibilities & Structure
While the University owns and ultimately controls all Institutional Data, data governance is accomplished through collaborative efforts of a variety of University Community members, grouped according to the nature of their participation, scope of responsibility, and particular activities. For example, a department, unit, or school may be assigned primary responsibility for a subset of Institutional Data. All Data Users are responsible for being aware of and complying with policies applicable to Institutional Data they use.
The Institutional Data stewardship structure, as well as primary data governance roles, groups and associated responsibilities are described below and in more detail in the Data Governance Standards.
Executive IT Governance Committee
The Executive IT Governance Committee consists of University officers who provide executive level support, guidance and sponsorship to the Data Governance program. The Committee will:
- Identify representatives for the Data Governance Council & Data Administrators
- Resolve issues escalated by the Data Governance Council
- Ensure data governance and institution strategies are in alignment
- Assist in removing barriers to the implementation and on-going operations of the program
Data Governance Council
The Data Governance Council is comprised of Data Administrators and other senior officials who have planning, policy-level and management responsibility for data within their functional areas. The Data Governance Office will be ex-officio members. The Data Governance Council will:
- Review and approve data governance policy, standards, guidelines, and procedures
- Further the overall vision and guiding principles of data governance
- Resolve issues escalated by Data Stewards
- Escalate issues to the Executive IT Committee
- Monitor and review overall Data Governance Program
- Hold ongoing meetings
Data Administrators are responsible for strategic planning, policy, and oversight of the subsets of Institutional Data in their functional areas. Data Administrators are responsible for establishing procedures and communicating policies to the University Community applicable to Institutional Data in their functional area. Among the roles defined by this Policy, the Data Administrator has the highest level of responsibility for the management of Institutional Data and to promote proper access, accuracy, privacy, integrity, security and availability of the data for which they have responsibility. Data Administrators have responsibility for the activities of designated Data Stewards, Coordinators, and others to whom they grant authority and access. Also, as members of the Data Governance Council, Data Administrators are advisors to the Executive IT Committee.
Data Stewards, by virtue of their position or delegated authority from Data Administrators, have strategic planning, standard-setting, and oversight responsibilities for Institutional Data in their functional area and data governance activities pertaining to those areas. Data Stewards will:
- Provide university-level knowledge and understanding for their functional area
- Develop, implement, and oversee policies and procedures for the day-to-day operational and administrative management of data
- Define and document business terms
- Identify and resolve data issues and conflicts
- Establish and monitor data-quality standards and metrics
Data Coordinators are subject matter experts designated by Data Administrators or Stewards and have operational responsibilities for the data in a particular subject area. Data Coordinators have day-to-day responsibilities for managing administrative processes and establishing business rules for effective data management. Data Partners include business and IT individuals who support and assist data governance. Data Partners will:
- Assess compliance with data governance related policies, standards and processes
- Provide technical support
- Champion the integration of data governance within the standard project methodology
- Enable change management and communication
Data Partners will also assume technical roles and thus will be responsible for the management and security of data systems and the delegation of authority to individuals in such roles. Data Partners will coordinate with Data Stewards and other individuals with administrative responsibilities for Institutional Data to ensure appropriate access rights and permissions are granted for the use of Institutional Data.
Access: The right to read, enter, copy, query, upload, download, or update data.
Data Users: Anyone who inputs, updates, manages, reports, accesses, and relies on Institutional Data. This includes, but is not limited to, all employees, faculty, staff, students, contractors, volunteers, trustees and affiliates.
Institutional Data: All data used in planning, analysis, operations or management of any school, department or unit within Washington University or used for administrative, compliance or university reporting. Institutional Data includes data in all formats (printed, electronic, etc.) regardless of the original scope of access to it.
Standard: Specifies a uniform method of more detailed mandatory controls that enforce and support the related policy. Compliance is mandatory.
University Community: Washington University faculty, staff, students, retirees and other affiliates, contractors, distance learners, visiting scholars and others who use or access Washington University resources.
Associated and Related Policies and Regulations
Several existing policies, federal, and other regulations share common scope with data governance, such as:
Washington University IT Policies
- Information Security
- Information Classification Policy
- Managing Access Policy
- Computer Use Policy
- Records Management Policy
- Externally Hosted Computing Services
- Media Reuse and Disposal
- Technical Information Security Policies
Federal and Other Regulations
- Health Insurance Portability and Accountability Act (HIPAA)
- Campus Security Act
- Family Educational Rights and Privacy Act (FERPA)
- Payment Card Industry Data Security Standard (PCI DSS) Regulation
- Federal Information Security Modernization Act (FISMA) Regulation
Created January 2021