Tips, Tools and Checklists

Helpful tips to protect your privacy online.

 

Data Governance Rubric - Public Schools

Tip Author: 
OSPI
Body: 

The purpose of this rubric is to (1) assess the existence and completeness of key components of a data governance manual, and (2) identify areas and recommendations for further development. The rubric may be used as a self-assessment, or by a third party.

The rubric contains multiple sections as and allows additional recommendations:1) Purpose, 2) Structure, and 3) Policy and Practice.

Each section contains components that are important to include within a comprehensive data governance manual. Reviewers indicate whether the component is Fulfilled or has Action(s) Recommended. Fulfilled indicates the component is adequately represented in the manual though enhancements may be suggested in the comments; Action(s) Recommended indicates the need for additional information as explained in the comments. The data governance manual is one critical output of a data governance program, but there are many other elements that must be in place for data governance to be successful, and that may not be reflected in the data governance manual alone.

 

OSPI Governance - Purpose

Clarifying and documenting the intended purpose and scope of data governance is important to ensure that all data governance members and stakeholders have common expectations for the program.

  • Purpose: There is a defined purpose (e.g., mission, core principles, goals, objectives) for data governance that describes how it and the data system support the state's or agency’s policy and program goals.
  • Scope: The universe of data overseen by the data governance program is defined.
  • Value: The value of the data governance program and data system to the organization and stakeholders is articulated.
  • Use of Data: How data governance supports the use of data to inform decisions is described, as well as the types of data uses the system will enable.
  • Data Users: The role(s) that are intended to use the data from the system are identified.

 

OSPI Governance - Structure

Clearly defining the data governance structure, including roles, responsibilities, and relationships among groups, is important to ensure data governance members understand their role within the broader program, and that the appropriate representation and decision-making authority exists.

  • Data Governance Structure: The structure is defined and includes at least a leadership/policy-level group and an implementation-level group.
  • Non-Voting Roles: If applicable, the responsibilities and expectations of a non-voting role on the data governance group(s) for key stakeholders (e.g., researchers or other non-data contributors) are defined.
  • Relationships to Outside Groups: If applicable, the relationships and communication between the data governance program and external advisory or stakeholder groups are defined.
  • Frequency of Convening: The convening frequency of each data governance group is defined and documented.
  • Representation: Every agency or program area responsible for data overseen by the governance program has representation on all data governance groups.
  • Authority: The role, responsibilities, and decision-making authority of each data governance group are described.
  • Relationships Among Groups: The relationships (including issue escalation/resolution) and communication mechanisms among the data governance groups are defined.
  • Data Governance Coordinator: A coordinator role is defined with core responsibilities, including leading the implementation-level data governance group(s) and serving as the liaison between the data governance groups.
  • Member Responsibilities and Expectations: Concrete responsibilities and expectations of the members of each data governance group are defined.
  • Data Stewardship: Each data steward has a clearly defined scope of data elements for which he/she is responsible.
  • Member Selection: Criteria for membership in each data governance group are documented, including how members are selected and rotated (if applicable) and the addition of new members as the system evolves.
  • Member Induction: The data governance program has a documented induction process for new members to familiarize them with the data governance manual, policies, and processes, and their responsibilities and expectations.

 

OSPI Governance - Policy + Process

Defining how the data governance groups will make decisions and resolve issues is essential to a functional data governance program because it determines how the work will be accomplished.  In addition, establishing data policies and processes is a critical focus of a data governance program because it ensures that data will be managed purposefully and consistently throughout the information lifecycle in support of the data governance program purpose.

Note: The policies and processes may not be fully documented as part of the data governance manual, but at minimum, the manual should reference/link to where they exist.

  • Decision-Making Model for Each Group: Each data governance group has a documented decision making model (e.g., majority vote, 2/3 vote, consensus model) including if there is a required threshold of representation for a decision to be made.
  • Data Collection: The data governance program ensures the documentation (by all agencies involved, if multi-agency data governance) of the process to prepare and submit data to the system, including the timeline and resources required.
  • Data Expansion: The data governance program has documented the policy and process for adding additional data to the system.
  • Data Quality: The data governance program has documented policies and processes to ensure that data are accurate, complete, timely, and relevant to stakeholder needs.
  • Data Use Priorities: The data governance program has a documented research or data use agenda that is used to prioritize the creation of data products and the response to external data requests.
  • Data Request: The data governance program has a documented data request policy and associated process for submitting, reviewing, approving or denying, and fulfilling data requests.
  • Data Release and Reporting: The data governance program has a documented data release policy and associated process for ensuring that data and data products from the system have been (1) validated by the appropriate members and (2) are created in accordance with reporting standards to ensure sufficient data privacy, quality, and consistency over time.
  • Data Sharing Agreements: The data governance program oversees the establishment, maintenance, and enforcement of data sharing agreements.
  • Data Issues: The data governance program has a documented process for identifying, prioritizing, escalating, and resolving issues that inhibit data quality and data use.
  • Documentation of Decisions: The data governance program decisions and issue resolutions are documented and stored in a place accessible by all data governance members.
  • Manual Development and Maintenance: All data governance members have an opportunity to review and provide input into the draft data governance manual before it was finalized and as part of each (at minimum annual) update. The executive leadership level data governance group officially approves the manual.
  • Adding New Participating Entities: The data governance program has a documented policy and associated process for proposing, reviewing, approving, and inducting new entities to the SLDS, including criteria for eligibility. *
    • Only relevant for multi-agency DG programs.
  • Metadata: The data governance program has a documented process for maintaining and making available metadata, including a data collection/refresh calendar and data dictionary. 
  • Master Data Management: For enterprise data elements contributed by more than one source, the data governance program has determined and documented the source of record.
  • Data Matching: The data governance program has a documented data matching process, including quality controls to reduce over- and under-matching.

 

OSPI Governance - Use and Disposition

Related to Policy and process, these rubric elements concern the use of data outside the organization, and restrictions on such use. 

  • Data Request: The data governance program has a documented data request policy and associated process for submitting, reviewing, approving or denying, and fulfilling data requests.
  • Data Release and Reporting: The data governance program has a documented data release policy and associated process for ensuring that data and data products from the system have been (1) validated by the appropriate members and (2) are created in accordance with reporting standards to ensure sufficient data privacy, quality, and consistency over time.
  • Data Privacy and Confidentiality: The data governance program has a documented data privacy and confidentiality policy and associated processes and training to ensure that all relevant federal and state privacy and confidentiality laws are followed by participating entities and external data requesters.
  • Data Security: The data governance program has a documented data security policy and associated protections to ensure that the data are securely transmitted and stored, and detailing the response to a data breach.
  • Data Destruction: The data governance program has a documented data destruction policy and associated processes to ensure it is complied with by participating entities and external data requesters.

 

Tags:

Governance
K-12
Schools

Tip Theme: 
Laws, Rules, and How They're Made
Tip Confidence: 
1

© Copyright 2018 Washington State Office of Privacy & Data Protection   |   Request Records  |   Accessibility