Data Governance Policy

This policy applies to institutional data of the University and to all members of the University community.

To establish the criteria and responsibilities for the management of University data as a key asset.

The University’s institutional data are a valuable asset and must be maintained, distributed and protected as an asset. It is vital to have reliable, trusted data to support sound decisions at all levels of the organisation.

Some institutional data are personal information and are subject to legislation such as the Privacy Act 1993.

Data governance

1. Institutional data are the property of the University and are to be managed as a key asset.

2. No one person, department, division, school or group may “own” data, although specific units have responsibility for particular data.

3. Those specific units will be responsible for the development and implementation of data management plans that address quality, availability and accessibility of data.

4. Institutional representatives are to be held accountable to their roles and responsibilities with regard to the management and protection of institutional data.

Data quality

5. Unnecessary duplication of institutional data is to be avoided.

6. Quality standards for institutional data must be defined and monitored.

7. Institutional metadata is to be recorded, managed and utilised as appropriate to University needs and agreed priorities.

8. Resolution of data priorities and data quality issues related to institutional data are to follow consistent processes.

Data access

9. Institutional data must be protected by all members of the University community from unlawful or unauthorised access, use or disclosure.

10. Contingency plans must be developed and implemented to respond to emergencies or other occurrences of damage to systems containing institutional data.

11. For the purpose of transparency, institutional data aggregated at Level 3 and above of the University Organisational Structure (UOS) will be accessible to all roles, unless a particular reason to decline access to data exists.

The following definitions apply to this document:

Data access refers to the authorisation to access and act on data elements and includes storing, retrieving or acting on data housed in a database or other repository. Access may vary according the role of the person in relation to the data element.

Data governance is a process and structure for formally defining and managing information as a resource. It is a business activity that determines and prioritises the financial and other benefits data bring to the University as well as mitigating the business risk of poor data practices and quality.

Data quality refers to the state of completeness, validity, consistency, timeliness and accuracy that makes data appropriate for a specific use. It is an assessment of information's fitness to serve its purpose in a given context. Data quality is affected by the way data are entered, stored and managed.

Institutional data are data elements which satisfy one or more of the following criteria. It is

• relevant to planning, managing, operating, controlling, internal or external accountability or auditing of the University
• created, received, maintained, or transmitted as a result of educational, clinical, or research activities. It is noted that only administrative data generated by research activities are institutional data. Data generated as an outcome of academic research are not institutional data under this policy
• generally referenced or required for use by more than one organisational unit
• required for an official University academic or administrative report
• data that the University is legally or contractually obliged to hold
• generated by a system or business user using any of the above data.

University means the University of Auckland and includes all subsidiaries.

University community includes all staff members (whether permanent, temporary or part time), honorary staff, students (whether full time or part time), contractors, subcontractors, consultants, alumni, associates, business partners or official visitors or guests of members of the University or UniServices.

Include the following:

• Privacy Act 1993
• Public Records Act 2005
• Access to Personal Information Policy and Procedures
• IT Acceptable Use Policy
• IT Privacy and Monitoring Policy
• Legislative Compliance Policy
• Privacy Policy
• Records Management Policy
• Data Governance Procedures
• Data Governance Guidelines

Owner: Deputy Vice-Chancellor (Operations)
Content manager: Chief Digital Officer and Director of Planning
Approved by: Vice-Chancellor
Date approved: October 2018
Review date: October 2023