This set of principles address data quality, security, and accessibility.

Principle 10: Data are Assets

  • Statement:
    • Data are assets that have value to the institution and are managed accordingly.
  • Rationale:
    • Data are valuable institutional resources; they have real, measurable value. In simple terms, the purpose of data is to aid decision-making. Accurate, timely data are critical to accurate, timely decisions. Most institutional assets are carefully managed, and data are no exception. Data are the foundation of our decision-making, so we must also carefully manage data to ensure that we know where they are, can rely upon their accuracy, and can obtain them when and where we need them.
  • Implications:
    • This is one of three closely-related principles regarding data: data are assets; data are shared; and data are easily accessible. The implication is that there is an education task to ensure that all units within the institution understand the relationship between value of data, sharing of data, and accessibility to data.
    • Stewards must have the authority and means to manage the data for which they are accountable.
    • We must make the cultural transition from “data ownership” thinking to “data stewardship” thinking.
    • The role of the data steward is critical because obsolete, incorrect, or inconsistent data could be passed to University personnel and students, and adversely affect decisions across the University.
    • Part of the role of the data steward, who manages data, is to ensure data quality. Procedures must be developed and used to prevent and correct errors in the information and to improve those processes that produce flawed information. Data quality will need to be measured and steps taken to improve data quality – it is probable that policy and procedures will need to be developed for this as well.
    • A forum with comprehensive University-wide representation should decide on process changes suggested by the steward.
    • Since data are assets of value to the entire University, data stewards accountable for properly managing the data must be assigned at the appropriate University level.

 

Principle 11: Data are Shared

  • Statement:
    • Users have access to data necessary to perform their duties; therefore, data are shared across University functions and divisions.
  • Rationale:
    • Timely access to accurate data is essential to improving the quality and efficiency of University decision-making. It is less costly to maintain timely, accurate data in a single application, and then share it, than it is to maintain duplicate data in multiple applications. The University holds a wealth of data, but it is stored in hundreds of incompatible stovepipe databases. The speed of data collection, creation, transfer, and assimilation is driven by the ability of the institution to efficiently share these islands of data across the institution.
    • Shared data will result in improved decisions since we will rely on fewer (ultimately one virtual) sources of more accurate and timely managed data for all of our decision-making. Electronically shared data will result in increased efficiency when existing data entities can be used, without re-keying, to create new entities.
  • Implications:
    • This is one of three closely-related principles regarding data: data are assets; data are shared; and data are easily accessible. The implication is that there is an education task to ensure that all units within the institution understand the relationship between value of data, sharing of data, and accessibility to data.
    • To enable data sharing we must develop and abide by a common set of policies, procedures, and standards governing data management and access for both the short and the long term.
    • For the short term, to preserve our investment in legacy systems, we must invest in software capable of migrating legacy system data into a shared data environment.
    • We will also need to develop standard data models, data elements, and other metadata that defines this shared environment and develop a repository system for storing this metadata to make it accessible.
    • For the long term, as legacy systems are replaced, we must adopt and enforce common data access policies and guidelines for new application developers to ensure that data in new applications remains available to the shared environment and that data in the shared environment can continue to be used by the new applications.
    • For both the short term and the long term we must adopt common methods and tools for creating, maintaining, and accessing the data shared across the University.
    • This principle of data sharing will continually “bump up against” the principle of data security. Under no circumstances will the data sharing principle cause confidential data to be compromised.
    • Data made available for sharing will have to be relied upon by all users to execute their respective tasks. This will ensure that only the most accurate and timely data is relied upon for decision-making.

 

Principle 12: Data are Accessible

  • Statement:
    • Data are accessible for users to perform their functions.
  • Rationale:
    • Wide access to data leads to efficiency and effectiveness in decision-making, and affords timely response to information requests and service delivery. Using information must be considered from an institutional perspective to allow access by a wide variety of users. Staff, student and faculty time is saved and consistency of data is improved.
  • Implications:
    • This is one of three closely-related principles regarding data: data are assets; data are shared; and data are easily accessible. The implication is that there is an education task to ensure that all units within the institution understand the relationship between value of data, sharing of data, and accessibility to data.
    • Accessibility involves the ease with which users obtain information.
    • The way information is accessed and displayed must be sufficiently adaptable to meet a wide range of institutional users and their corresponding methods of access.
    • Access to data does not constitute understanding of the data. Personnel should take caution not to misinterpret information.
    • Access to data does not necessarily grant the user access rights to modify or disclose the data. This will require an education process and a change in the institutional culture.

Principle 13: Data Trustee

  • Statement:
    • Each data element has a trustee accountable for data quality.
  • Rationale:
    • One of the benefits of an architect-ed environment is the ability to share data (e.g., text, video, sound, etc.) across the University. As the degree of data sharing grows and business units rely upon common information, it becomes essential that only the data trustee makes decisions about the content of data. Since data can lose its integrity when it is entered multiple times, the data trustee will have sole responsibility for data entry which eliminates redundant human effort and data storage resources.
    • Note:
    • A trustee is different than a steward – a trustee is responsible for accuracy and currency of the data, while responsibilities of a steward may be broader and include data standardization and definition tasks.
  • Implications:
    • Real trusteeship dissolves the data “ownership” issues and allows the data to be available to meet all users’ needs. This implies that a cultural change from data “ownership” to data “trusteeship” may be required.
    • The data trustee will be responsible for meeting quality requirements levied upon the data for which the trustee is accountable.
    • It is essential that the trustee has the ability to provide user confidence in the data based upon attributes such as “data source”.
    • It is essential to identify the true source of the data in order that the data authority can be assigned this trustee responsibility.
    • Information should be captured electronically once and immediately validated as close to the source as possible. Quality control measures must be implemented to ensure the integrity of the data.
    • As a result of sharing data across the enterprise, the trustee is accountable and responsible for the accuracy and currency of their designated data element(s) and, subsequently, must then recognize the importance of this trusteeship responsibility.

Principle 14: Common Vocabulary and Data Definitions

  • Statement:
    • Data is defined consistently throughout the University, and the definitions are understandable and available to all users.
  • Rationale:
    • The data that will be used in the development of applications must have a common definition throughout the University to enable sharing of data. A common vocabulary will facilitate communications and enable dialog to be effective. In addition, it is required to interface systems and exchange data.
  • Implications:
    • The University must establish the initial common vocabulary for the institution. The definitions will be used uniformly throughout the University.
    • Whenever a new data definition is required, the definition effort will be co-ordinated and reconciled with the institutional “glossary” of data descriptions. The University’s data administrators will provide this co-ordination.
    • Ambiguities resulting from multiple parochial definitions of data must give way to accepted University-wide definitions and understanding.
    • Multiple data standardization initiatives need to be co-ordinated.
    • Functional data administration responsibilities must be assigned.

Principle 15: Data Security

  • Statement:
    • Data are protected from unauthorized use and disclosure. In addition to the traditional aspects of national security classification, this includes, but is not limited to, protection of pre-published, sensitive, and private information.
  • Rationale:
    • Sharing of information and the need to restrict the availability of personal and sensitive information must conform to FIPPA (Freedom of Information and Protection of Privacy Act) and prevailing Governing Council policies.
    • Existing laws and regulations require the safeguarding of institutional security and the privacy of data, while permitting free and open access. Pre-publicized (work-in-progress, not yet authorized for release) information must be protected to avoid unwarranted speculation, misinterpretation, and inappropriate use.
  • Implications:
    • Aggregation of data, both classified and not, will create a large target requiring review and procedures to maintain appropriate control. Data owners and/or functional users must determine whether the aggregation incurs an increased classification level. We may need appropriate policy and procedures to handle this review. Access to information based on a need-to-know policy will force regular reviews of the body of information.
    • In order to adequately provide access to open information while maintaining secure information, security needs must be identified and developed at the data level, not the application level.
    • Data security safeguards can be put in place to restrict access to “view only”, or “never see”. Sensitivity labeling for access to pre-published, published, classified, sensitive, or private information must be determined.
    • Security must be designed into data elements from the beginning; it cannot be added later. Systems, data, and technologies must be protected from unauthorized access and manipulation. University information must be safeguarded against inadvertent or unauthorized alteration, sabotage, disaster, or inappropriate disclosure.