Data Governance Policy

Academic Data: Academic Data is data collected in support of the academic operations of the University, inclusive of information directly related to the individual student. These would include student information such as grades, test scores, attendance, transcripts, financial aid information, and any analytical data collected about students.
Administrative Data: Administrative Data is collected in support of the administrative and business operations of the University, such as the delivery of services to University units and departments. A substantial number of functions at the University incorporate collections of Administrative Data, such as admissions, student financial aid, records/registrar, alumni/advancement, the business office, investment management office, and human resources, including data utilized in Tulane’s EDI initiative.
Chief Privacy and Data Compliance Officer: The Chief Privacy and Data Compliance Officer is responsible for (i) coordinating all activities related to University Data Management and (ii) ensuring that procedures are developed by functional offices to address those cases where a member of the University community seeks permission to access University Data beyond the normal performance of their duties. The Data Trustees will review and ratify the procedures as developed.

Clinical Data: Clinical Data are information, records, and tangible products collected during the course of patient care or as part of a formal clinical trial program. Clinical data would include electronic health records, clinical administrative data, claims data, patient/disease registries, health surveys, and clinical trials data. Clinical data is subject to all requirements documented within this policy as well as any additional requirements found within the Research Data Policy, if applicable, and/or any other clinical policies.

Data Classification: Data Classification refers to the categorization of University Data and the consistent application of security standards based on such categorization.

Data Custodians: The Data Custodians are employees with information technology expertise assigned to each Information System that maintains University Data. Data Custodians (i) oversee the safe transport and storage of data according to requirements of the appropriate classification(s), (ii) ensure data is stored only on official supported Tulane storage mechanisms and locations, (iii) establish and maintain the underlying infrastructure, and (iv) perform activities required to keep the data intact and available to users. In addition, Data Custodians are responsible for working with Data Stewards, the Chief Privacy and Data Compliance Officer, and data support groups to develop automated processes that identify erroneous, inconsistent, or missing data. Data Custodians work with data support groups, the Chief Privacy and Data Compliance Officer, and Data Stewards to resolve data issues.

Data Governance Council: The Data Governance Council establishes overall policies for management and access to University Data. This committee shall be composed of the Data Trustees; shall be chaired by an elected member of the Data Governance Council; shall approve the policies and procedures developed in each functional area by the Data Stewards and Data Trustees to ensure appropriate compliance with this policy and applicable regulations; shall provide oversight of all University processes which capture, maintain, and report on Administrative Data; and shall approve any decisions to archive Administrative Data.

Data Handling: Data Handling refers to the actions that Data Users should take to use, process, transmit, store, archive, and destroy University Data in a secure manner that aligns with the classification of the data.
Data Lifecycle: The progression of stages in which a piece of information may exist between its original creation or collection and final archival or destruction.

Data Stewardship Advisory Group: The Data Stewardship Advisory Group is a University-wide committee, primarily composed of Data Stewards. Designated Data Users may be invited to attend, as appropriate. This group reviews the operational effectiveness of University Data management policies and procedures and makes recommendations to the Data Governance Council for improvement or change. Data Stewards will share best practices during their meetings, as well as raise concerns which cross functional areas. The group is chaired by an elected member of the group. The Data Stewardship Advisory Group must ensure regular and appropriate collaborative communication with Data Users on any operational changes which impact business processes and data.

Data Stewards: Data Stewards are typically operational managers in a functional area with day-to-day responsibilities for managing business processes and establishing the business rules for the Transactional Systems. Data Stewards will collaborate with Data Trustees to set the classification of data within their area of responsibility. Data Stewards are responsible for reviewing and maintaining the data classifications and handling procedures defined in this policy and other related policies. Data Stewards are appointed by the respective Data Trustee.

Data Trustees: Data Trustees are defined as the authorized manager of the data who have planning and policy-making responsibilities for University Data and for the establishment of operational processes to collect and record data per University business rules. The Data Trustees, as a group, are responsible for overseeing the establishment of data management policies and procedures, and for the assignment of data management accountability. Data Trustees will collaborate with Data Stewards to set the classification of data within their area of responsibility. Data Trustees are also responsible for establishing the appropriate levels of training for Data Users who access the data within the Data Trustee’s unit and area of responsibility.
Data Users: Data Users are individuals who access University Data (in connection with their role at Tulane (i.e., student, faculty, staff, etc.) to perform their assigned duties. Data Users are responsible for safeguarding their access privileges, for the use of the University Data in conformity with all applicable University policies, and for securing such data. So that the proper controls are applied, it is the responsibility of each Data User to:
•    Know the classification of the Data being used.
•    Know the type of University Data being used.
•    Follow Tulane IT policies and the appropriate regulatory and security measures (join computer to domain, encryption, etc.)
•    Consult the Related Policies for further information.

Information Systems: Information Systems are all computer or electronic resources that are used in the search, access, acquisition, transmission, storage, retrieval, or dissemination of data. In addition, University technology resources are any technology or services that are owned or managed by the University, that connect to the University network, connect to another University technology or service, or store University data or information.

Office of Assessment and Institutional Research: The Office of Assessment and Institutional Research shall be responsible for working with the appropriate Data Stewards to develop definitions of commonly used terms and will define how official University metrics are calculated. Further, in the course of its work, the Office of Assessment and Institutional Research will typically discover data discrepancies and inconsistencies and will promptly report such to the appropriate Data Steward for resolution.

Research Data: Research Data are information, records, and tangible products arising from or associated with research conducted at, under the auspices of, or using the resources of the University. Research Data includes both intangibles (e.g., information and copyrighted works such as software and expressions of information) and tangibles (e.g., cell lines, biological samples collected for research purposes, synthetic compounds, organisms, and originals or copies of laboratory notebooks). Research data is subject to all requirements documented within this policy as well as any additional requirements found within the Governance and Retention of Research Data Policy.

Transactional System: A transactional system is an information processing system which divides work into individual, indivisible operations, called transactions. These transactions involve the collection, modification and retrieval of data.

University Data: University Data is any data or information, regardless of electronic or printed form or location, that is created, acquired, processed, transmitted, or stored by the University. Where appropriate, University Data may be further defined as Administrative, Academic, or Research Data to provide additional management or information security guidance.

Vice President, Information Technology and Chief Information Officer: The Vice President, Information Technology and Chief Information Officer provides technology leadership and advises the Data Governance Council and Data Stewardship Advisory Group about administrative, technical, and physical safeguards to apply to the handling, use, transmission, processing, storage, and destruction of University Data.