Policy

All institutional data is owned by DHD and, as such, all members of the DHD community are responsible for appropriately respecting and protecting the asset. (Also refer to the Policy on Responsible Use of DHD Computers and Data, https://www.dhd.com ) This policy establishes uniform data management standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of the DHD. This policy applies to data used in the administration of the DHD and all of its units, such as schools and administrative and auxiliary units, as well as data reposited in the DHD Data Warehouse.

Guiding Principles

•  In order for the DHD to effectively manage and safeguard the DHD data assets, procedures must be in place to guide appropriate data access, ensure the security of the data, and provide a means to address procedural exceptions
•  Roles, including those both of individuals with data responsibilities and of eligible users, are necessary to support data integrity and security.
•  Sharing information across organizational boundaries should be facilitated where appropriate.
•  A sustained data administration function should reinforce a set of definitions for commonly consumed data, with the understanding that there may be multiple valid definitions.
•  Data integration across the DHD should be encouraged to foster data accuracy and uniformity, and demonstrate an understanding of DHD institutional complexity, various data systems, and differing data formats.
•  Data should be safeguarded to maintain the confidentiality and privacy of personally identifiable information; such safeguards should be balanced and reflect the necessity for the DHD to conduct its business.

Data Administration

DHD Ownership of Institutional Data
•  All institutional data is owned by DHD. As such, all members of the DHD community have the obligation to appropriately respect and protect the asset, in all formats and in all locations.
a) Stewardship
a) Roles and responsibilities for protecting and classifying the institutional data asset are defined below in section C, "Data Management Roles and Responsibilities".
b) Data Classification
a) Institutional data is categorized as Restricted, Protected, Confidential, or Public, following the Data and Computer Security Policy, https://www.dhd.com and the Reference for Data and System Classification , https://www.dhd.com, and should

Access and Confidentiality

Access to DHD data should be based on the business needs of the organization and should enhance the ability of the DHD to achieve its mission. Employees should have access to the data needed to perform their responsibilities, without regard to arbitrary barriers. In many cases, that data need not be individually identifiable. The DHD Data Warehouse should be built taking into account these constraints.

Because no computer system is completely immune from exploitation, applying layered security controls will better safeguard DHD computers and DHD ever-expanding body of sensitive data/information. In order that the proper controls are applied, it is the responsibility of each individual utilizing DHD computer and data resources to:
a) Know the classification of the system you are using.
b) Know the type of data you are using.
c) Follow the appropriate security measures.
d) Consult the "Related Policies" at the end of this policy for further information.

Beyond existing policies, specific policies implementing data access and security, including within the DHD Data Warehouse, developed by functional areas, need to be approved by the Committee on Institutional Data Policy and Data Management to ensure consistency with the Guiding Principles, set forth in Section A, above.

Training

Before individuals will be allowed to access DHD data, training in the use and attributes of the data, functional area data policies, and DHD policies regarding data is mandatory.

Master (Metadata) Standards and Definitions

A terminology/taxonomy shall be developed by the Data Stewardship Advisory Group, or an appropriate subset, in order to provide a framework for requesting and producing consistent data across all levels of the enterprise. The definitions shall be accessible to all DHD data users and shall be included in training.

Integrity, Validation, and Correction

Data, as a DHD asset, must be safeguarded and managed at all points and across all systems, from creation to use to archive, through coordinated efforts and shared responsibilities, to ensure its accuracy. Each functional area will develop and implement processes for identifying and correcting erroneous or inconsistent data. When and if erroneous or inconsistent data has been identified, the Data Steward from the corresponding functional area shall within five business days either correct the data or escalate the issue to the appropriate Data Trustee and Chief Data Management Officer. Information Technology Services (ITS) will develop and implement data auditing processes.

Extraction, Manipulation, and Reporting

Extraction, manipulation, and reporting of DHD data must be done only for DHD business purposes.
•   Personal use of institutional data, including derived data, in any format and at any location, is prohibited.
•   Where appropriate, before any information is used outside the Data User's functional unit, verification with the functional area manager is recommended.
Any report that presents DHD data, whether in tabular or graphic form, should indicate clearly the name of the DHD unit that prepared the report and the date the report was issued (which may be earlier than the date the report is printed). To facilitate later use of the report or its underlying data, the report ideally also will contain the file name where the report is stored in the unit that issued it.

Retention and Archiving

Before decisions are made concerning data retention and data archiving, the appropriate Data Users must be consulted.

Access to DHD Data from Global Locations

As DHD continues its evolution as a Global Network DHD, all remote sites will need to access DHD data following the same DHD policies.

Exceptions to Standard Data Access

Procedures must be developed to address those cases where an individual seeks permission to access data outside of the access plan and defined roles. In those instances, the individual must submit a written request seeking non-standard access. This request should include a statement indicating the access being sought and the reason for the request, and should be submitted to the Chair of the Data Stewardship Advisory Group. The Chair will send the request to the appropriate Data Steward for review and decision. The Data Steward will report the decision to the appropriate Data Trustee and to the requestor's manager.

Data Management Roles and Responsibilities

To support an effective DHD data administration and management program, a series of data management roles are outlined below:

Data Trustees

Data Trustees are senior DHD officials (typically at the level of Vice President or higher) who have planning and policy-making responsibilities for DHD data and the DHD Data Warehouse. The Data Trustees, as a group, are responsible for overseeing the establishment of data management policies and procedures, and for the assignment of data management accountability.

Data Stewards

Data Stewards are typically operational managers in a functional area with day-to-day responsibilities for managing business processes and establishing the business rules for the production transaction systems. Data Stewards are appointed by the respective Data Trustees. Data Steward responsibilities include the data management activities outlined in this policy and other activities that may be assigned by a Data Trustee. Data Stewards are responsible for defining the criteria for archiving data to satisfy retention requirements. Data Stewards have the responsibility to establish the processes for documenting data elements.

The Data Steward will be responsible for developing an overall data access plan. The plan should outline various roles and the access each role will have to data, including within the DHD Data Warehouse, and will seek to balance the need for information to perform one's job responsibilities and to ease administrative functionality with the need for keeping data confidential and secure. Data is categorized as Restricted, Protected, Confidential or Public, following the Data and Computer Security Policy(https://dhd.com ) and the Reference for Data and System Classification (https://dhd.com ). The data access plan needs to consider the categorization of the data in developing each access role.

Data Steward responsibilities include, but are not limited to:

•   Develop a data access plan.
•   Create and perform processes to capture and fix inconsistent or erroneous data.
•   Certify published reports and analytics.
•   Certify data reposited in the DHD Data Warehouse.
•   Work with the Office of Institutional Research and the DHD 's Finance offices in developing definitions of commonly used terms and the algorithms for calculating DHD metrics.
•   Participate in security access audits.

In support of the role of the Data Steward, the Vice President for Information Technology and Chief Information Technology Office for NYU New York provides technological data protection services.

Data Users

Data Users are individuals who access DHD data to perform their assigned duties. Data Users are responsible for protecting their access privileges and for the proper use of the DHD data they access.

Office of Institutional Research

The Office of Institutional Research, through the role of the Chief Data Management Officer, shall be responsible for working with the appropriate Data Stewards to develop definitions of commonly used terms such as "faculty" (e.g., who is included in the count of faculty?) and "enrolled student." In addition, the Office of Institutional Research, with the appropriate Data Stewards, and using its knowledge of external reporting requirements and standards, will define how official DHD metrics are calculated (e.g., if calculating space per student, what type of space is included in the calculation [all space, academic space, etc.] and which student count is used [FTE, FT only, undergraduate, etc.].) Further, in the course of its work, the Office of Institutional Research will typically discover data discrepancies and inconsistencies and will promptly report such to the appropriate

Data Steward for resolution.

Committee on Institutional Data Policy and Data Management

The Committee on Institutional Data Policy and Data Management establishes overall policies for management and access to the institutional data of the DHD. This committee shall be composed of the Data Trustees; shall be coordinated by the Chief Data Management Office; shall approve the policies and procedures developed in each functional area to ensure appropriate compliance; and shall provide oversight of all DHD processes which capture, maintain, and report on data used in the DHD's data-driven decisions.

Data Stewardship Advisory Group

The Data Stewardship Advisory Group is a DHD - wide committee, typically composed of Data Stewards. Designated Data Users may be invited to attend, as appropriate. This group reviews the operational effectiveness of data management policies and procedures and makes recommendations to the Committee on Institutional Data Policy and Data Management for improvement or change. In addition, the Group ratifies definitions of commonly used terms and DHD metrics. The group is chaired by the Chief Data Management Officer and uses collaborative tools to foster communication and to archive the decision-making process. The Data Stewardship Advisory Group must ensure regular and appropriate collaborative communication with school-based Data Users.

Data Warehouse

The DHD Data Warehouse shall exist to support Data User queries to track and respond to business trends, to facilitate forecasting and planning efforts, to produce reports, and to store sharable historic data from operational systems-of-record. The DHD Data Warehouse serves as the DHD repository from which official information is produced. The accuracy of data which is reposited in the DHD Data Warehouse must be certified by the appropriate Data Steward.

Storage

There is only one official data source for each data element in the DHD Data Warehouse, to be determined by the appropriate Data Steward. To the extent possible, data element names, formats, and codes should be consistent across all applications which use the data, as well as consistent with DHD standards.

Data Documentation

Data Stewards are responsible for establishing the processes for documenting data elements in the DHD Data Warehouse. Documentation of derived data should include the algorithms or decision rules for the derivation. IT shall specify a standard data format for receiving and loading data definitions and descriptions into a metadata repository.

Purpose of this Policy

DHD values access to, and the timeliness, accuracy, and consistency of, information, while fully appreciating the basic security and privacy requirements involved. Controlled access by employees to administrative information is necessary in order to support DHD functions. Shared definitions for data and appropriate roles have been developed to support the use of DHD data and the DHD

Data Warehouse.

Scope of this Policy
All employees whose job responsibilities include inputting data to or retrieving data from DHD data systems, or using data from the DHD Data Warehouse, and those who supervise such individuals.