Data Governance Regulation
Updated: July 27, 20221. Introduction
Data governance is the exercise of executive authority and control over the management of Institutional Data. (See 4.1 Institutional Data) The data governance function assigns decision rights and accountability for ensuring Institutional Data is accurate, available, secure, and used in a manner that is compliant with all applicable laws, regulations, and University policies.
Institutional Data is a key asset of East Carolina University. It informs the University’s decision-making processes and is essential to fulfilling the University’s mission to the people of the State of North Carolina. Appropriate Use (See 4.2 Appropriate Use) of Institutional Data improves the quality and delivery of the University’s programs and services and builds public trust in the University’s activities.
2. Purpose
The purpose of this Regulation is to:
- 2.1 Establish clear lines of accountability and decision-making responsibilities through the creation of administrative structures and the definition of responsibilities associated with the formal management and use of Institutional Data.
- 2.2 Facilitate consistent handling of data across the University enterprise.
- 2.3 Ensure consistent policies, regulations, rules, and procedures regarding data, information, and enterprise data management.
3. Scope
- 3.1 This regulation applies to all persons and entities employed by or performing work on behalf of the University, including, but not limited to, staff, faculty, student workers, contractors, and volunteers (the “Covered Persons”).
4. Definitions
- 4.1 Institutional Data means any information, facts, statistics, data, or records in any medium now existing or existing in the future that is created, acquired, maintained, managed, used, or transmitted by Covered Persons in the course and scope of employment, volunteering, or otherwise on behalf or in furtherance of the mission of the University.
- 4.2 Appropriate Use means the creation, collection, storage, modification, removal, and dissemination of Institutional Data by Covered Persons in accordance with applicable University policies and requirements, federal and state laws, contractual requirements, industry standards and business needs.
- 4.3 Data Trustees are designated University Employees responsible for ensuring the Appropriate Use of Institutional Data. Data Trustees provide executive oversight of enterprise data management functions and are accountable for ensuring the availability, validity, and usability of Institutional Data within their areas of administrative responsibility. Data Trustees are appointed by and delegated authority from the Chancellor and include the Vice Chancellors that head each of the University’s Divisions, the Chancellor’s Chief of Staff, the Director of Athletics, the Chief Audit Officer, and other positions that may be appointed by the Chancellor in writing.
- 4.4 Data Stewards are designated University Employees that ensure the Appropriate Use of Institutional Data within their designated areas of administrative responsibility. Data Stewards direct the management of Institutional Data to improve its usability, accessibility, and quality. They assist in the development, maintenance, and implementation of data management policies, processes, and requirements. Data Stewards are appointed by and delegated authority from the Data Trustees and are responsible for managing defined segments of Institutional Data.
5. Policy Statements
- 5.1 Policy: It is the policy of East Carolina University that all Covered Persons shall Appropriately Use Institutional Data.
- 5.2 Ownership of Institutional Data: With respect to Covered Persons the University is the owner of all Institutional Data. The University may transfer or assign ownership of all or part of its rights in Institutional Data to Covered Persons through express policy statements or contractual agreements.
The ownership of Institutional Data as between the University and third parties is determined in accordance with applicable law and contractual commitments and is outside the scope of this Regulation. - 5.3 Data Governance Steering Committee (DGSC): Provides strategic direction to the Data Stewardship Committee on the alignment of data management activities with University data needs and reporting obligations. The DGSC reviews assessment results and reports to the Data Trustees and to the Chief Information Officer on the quality and effectiveness of enterprise data management functions. Data Governance Steering Committee members are appointed by the Chief Information Officer and the Associate Provost of IPAR.
- 5.4 Data Stewardship Committee (DSC): Composed of Data Stewards appointed by the Data Trustees to direct the university community on the effective management and Appropriate Use of Institutional Data. The DSC develops and recommends for adoption by the appropriate body/officer, policies, regulations, rules, standard operating procedures, and best practices, and provides communication and consultation as needed to ensure Covered Persons are aware of and understand their responsibilities as they relate to the Appropriate Use of Institutional Data. The DSC reports to the DGSC and the Chief Information Officer on issues related to the effective management and Appropriate Use of Institutional Data and compliance with data management policies and standards.
6. Violations
- 6.1 Violation of this Regulation may result in disciplinary action being taken in accordance with applicable university policy.