Data Governance Procedures

This document applies to institutional data of the University and to all members of the University community.

These procedures support the Data Governance Policy and provide direction on key areas of responsibility and how the policy must be carried out.

Data governance contributes to data transparency and results in confidence amongst the University community to trust and rely on data for information and decision support.

Data governance is a business activity and structure for formally defining and managing information as a resource and contributes to the following:

• increased transparency and understanding of the meaning and use of data
• confidence that data may be trusted and relied on for information and decision support
• mitigating the business risk of poor data practices and quality

Several roles have responsibilities for governing the management of access to and accountability for institutional data. These roles and responsibilities are:

CDO and Director of Planning

1. The Chief Digital Officer (CDO) and Director of Planning have joint responsibility for overseeing data governance and to assist provide guidance on data governance requirements provided by the policy and to:

• identify priorities for improving the accessibility and quality of data,
• articulate the value of data governance activities.
• collect and align policies, standards and guidelines from stakeholder groups.
• be the first escalation point for data access and data quality issues.
• provide communication and stakeholder engagement for data governance matters including access to information, and education/support.
• liaise with data custodians and stewards.
• ensure that programmes of work that impact on data give consideration to its governance including:
  • data quality
  • compliance
  • privacy
  • data security, and
  • data architecture.
  • facilitate and coordinate meetings of data custodians and data stewards.
  • collect metrics and success measures and report on them to data stakeholders.
  • maintain governance records.
    

Data governance committee

2. The Business Intelligence and Reporting Committee is the University’s data governance committee. Its membership will include data custodians, data stewards and other stakeholders.

3. The committee will set quality standards for the University’s institutional data.

4. It will monitor implementation and compliance of data quality standards and where appropriate propose revisions to policies and procedures adopted by the University.

5. It will resolve data access and data quality issues when escalated by the CDO and Director of Planning.

Data custodians responsibilities

6. Deputy Vice-Chancellors, Director of HR and Deans of the University are to be the data custodians of the university.

7. They have authority over processes, policies and procedures regarding business definitions of data within their delegations of authority.

8. Data custodians are to be responsible for the governance and quality of their data, and ensuring that the data are fit for purpose for their faculty or service division and for the operations of the wider University.

9. They are responsible for participating in governance decisions over data, process and systems priorities within their domain in order to serve the needs of key stakeholders.

10.Each data custodian must appoint a data steward for specific subject area domains.

Data stewards responsibilities

11. Data stewards are University business officials (outside of IT Services) e.g. Chief Financial Officer.

12. They are to oversee the capture, maintenance, quality and distribution of data associated with a particular function.

13. They will review and resolve data quality and access issues and will escalate any unresolved issues to the CDO and Director of Planning.

14. They are expected to understand the data for which they are responsible, the business processes contributing to the provision of data, the appropriate uses of the data and the regulatory and policy requirements applicable to the data.

15. They will have direct operational-level responsibility for the management of one or more types of institutional data and have the authority to make decisions on data in relation to:

• security of data under their charge
• protection of data under their charge
• availability of the data under their charge
• granting, maintaining and terminating access to the data for which they are responsible.
  

System administrators responsibilities

16. System Administrators are to be responsible for the operation and management of systems that collect, manage and provide access to institutional data.

Data users

17. Data users are University units or individual University community members who have been granted access to institutional data to perform assigned duties or in fulfilment of assigned roles or functions within the University.

18. Users are granted access to data for the conduct of University business in which they have a valid business interest.

Managing data access

19. The data access request process is to be formalised and documented. The process applies to all access requests, including those relating to third-parties.

20. Data access procedures are to be reviewed on an annual basis to ensure that they remain appropriate.

21. Data access issues will be resolved through triage, review, escalation and assignment to the right resources.

Managing data quality

22. Data quality is to be managed through a formal process for moving issues from information to action.

23. Data quality requirements are to be captured throughout the University.

24. Data quality issues will be resolved through triage, review, escalation and assignment to the right resources.

Security and protection of data

25. Sensitive data must be protected through support for access management and security requirements.

26. Data security architecture frameworks and initiatives must be aligned.

27. Risk to data security must be assessed and controls defined to manage that risk.

28. Regulatory, contractual, architectural compliance requirements must be enforced.

The following definitions apply to this document:

Data access refers to the authorisation to access and act on data elements and includes storing, retrieving or acting on data housed in a database or other repository. Access may vary according the role of the person in relation to the data element.

Data custodians have authority over processes, policies and procedures regarding business definitions of data within their delegations of authority.

Data governance is a process and structure for formally defining and managing information as a resource. It is a business activity that determines and prioritises the financial and other benefits data bring to the University as well as mitigating the business risk of poor data practices and quality.

Data quality refers to the state of completeness, validity, consistency, timeliness and accuracy that makes data appropriate for a specific use. It is an assessment of information's fitness to serve its purpose in a given context. Data quality is affected by the way data are entered, stored and managed.

Data stewards oversee the capture, maintenance, quality and distribution of data associated with a particular function.

Institutional data are data elements which satisfy one or more of the following criteria. It is

• relevant to planning, managing, operating, controlling, internal or external accountability or auditing of the University
• created, received, maintained, or transmitted as a result of educational, clinical, or research activities. It is noted that only administrative data generated by research activities are institutional data. Data generated as an outcome of academic research are not institutional data under this policy
• generally referenced or required for use by more than one organisational unit
• required for an official University academic or administrative report
• data that the University is legally or contractually obliged to hold
• generated by a system or business user using any of the above data.

University means the University of Auckland and includes all subsidiaries.

University community includes all staff members (whether permanent, temporary or part time), honorary staff, students (whether full time or part time), contractors, subcontractors, consultants, alumni, associates, business partners or official visitors or guests of members of the University or UniServices.

Include the following:

• Privacy Act 2020
• Public Records Act 2005
• Access to Personal Information Policy and Procedures
• Data Governance Policy
• IT Acceptable Use Policy
• IT Privacy and Monitoring Policy
• Legislative Compliance Policy
• Records Management Policy
• Data Governance Guidelines

Owner: Deputy Vice-Chancellor (Operations)
Content manager: Chief Digital Officer and the Director of Planning
Approved by: Vice-Chancellor
Date approved: 19 Sept 2019
Review date: 19 Sept 2024