Board Policies & Procedures

Data Governance

6034 Data Governance

The purpose of a data governance policy is to assign and detail responsibilities for managing DACC student and performance data while following the mission of the College. This policy establishes a framework for standards and guidelines to be followed in creation of data access and usage.

The mission of the data governance policy is to provide oversight to data systems, ensure data integrity, employ best practices in data management, integrity in reporting, information consistency and security access. In addition, systems are in place to identify data and reporting needs related to institutional assessment and planning, serves as a resource for similar department and division needs,
assists in the analysis of student or college data for internal and occasional external constituencies.

The Data Governance Committee will identify, establish and oversee the strategy, objectives and policies intended to ensure the quality of critical data, focusing primarily on those data used for compliance reporting to external agencies.

The Data Governance Committee will ensure that the appropriate resources (staff, technical infrastructure, etc.) are dedicated to prioritizing data needs and setting/enforcing policies related to data management and use. Some findings may require approval from both the College Cabinet and the Board of Trustees.

PROCEDURES

KEY AND OTHER COLLEGE PERFORMANCE INDICATORS

The Institutional Research Office with input from the Data Governance Committee, will create and develop Key and other College Performance Indicators that align with Danville Area Community
College success measurement criteria and the Illinois Community College Board state indicators. Continuous evaluation of these measures will facilitate the quality improvements necessary to advance
the College’s mission and goals.

DATA AND REPORTING STANDARDS

Dissemination of data will be controlled in accordance with the security practices set forth by the Data Governance authority. Appropriate use must be considered before sensitive data are accessed and/or
distributed. Unauthorized dissemination of data to either internal or external personnel is a violation of the Data Governance Policy (see Board Policy #6032 – Retention of College Records and Board
Policy #6033 – Securing and Safeguarding Information).

SECURITY PROTOCOLS

Administering and monitoring access and, in collaboration with technical support staff, defining mitigation and recovery procedures; reporting any breaches of College information in a timely manner
according to defined procedures; coordinating data protection with the Information Security Office as necessary; ensuring the confidentiality, integrity, and availability of the information (see Information
Security Plan and Information Security Procedures).

CLASSIFICATION OF DATA AND CLASSIFICATION LEVELS

RESTRICTED

Data should be classified as Restricted when the unauthorized disclosure, alteration or destruction of that data could cause significant harm to the College, its affiliates, or individuals. Restricted data is
regulated by state or federal privacy regulations and data protected by confidentiality agreements. Access by unauthorized parties is subject to punitive action. Examples include Health Information,
Social Security Number, Academic Actions, and Grades/Transcripts. Access to Restricted Data is limited to the Data Stewards and those to whom they have granted access. The highest level of security
controls should be applied to Restricted data.

PRIVATE

Data should be classified as Private when the unauthorized disclosure, alteration or destruction of that data could result in a moderate level of risk to the College or its affiliates. By default, all Institutional
Data that is not explicitly classified as Restricted or Public data should be treated as Private data. Access to Private Data is restricted to the Data Stewards and those to whom they have granted access.
A reasonable level of security controls should be applied to Private data.

PUBLIC DATA

Data should be classified as Public when the unauthorized disclosure, alteration or destruction of that data would result in little or no risk to the College and its affiliates. Public data does not require public
access but may be publicly accessible. Examples of Public data include press releases, marketing materials, course information and research publications. Little to no controls are required to protect the
confidentiality of Public data, but to prevent unauthorized modification or destruction, some level of control is essential.

DATA CLASSIFICATION GUIDELINE AND DATA TRANSMITTAL AND STORAGE REQUIREMENTS

The table below lists the categories of data and examples of each. For protection purposes, data that may fall into multiple categories will be considered at the highest Data Classification. Any data
classification questions should be directed to a Data Steward or member of the Data Governance Committee.

Data Classification Risk Level Description Examples
Restricted High Data protected by Federal and State law. Unauthorized access poses extreme identity or financial risk Personally Identifiable Information (PII)
Health Insurance Portability & Privacy Act (HIPAA)
Information (protexts personal health information) Gramm-Leach Bliley Act
Information (protects non-public financial information, including student loan information)
Private Medium Data that is sensitive and not intended to be shared with the general public FERPA Non-Directory Data: (I.e., grade data, Date of Birth, Place of Birth)
Human Resources Data
College Systems Data
Public Low Data available to the general public College Policies
FOIA
Academic Calendar
Any data located on the College website_https://www.dacc.edu

DATA TRANSMITTAL AND STORAGE REQUIREMENTS

All members of Danville Area Community College and other authorized users are responsible for the proper handling, transmittal and storage of College Data. To ensure the data is protected and used
properly, all departments and individuals must follow the established policies and procedures located in the Danville Area Community College #507, Information Security Plan.

REPORTING METRICS

The Institutional Research Office and the Data Governance Committee will define, develop, and document data metrics, and changes to the metrics, used in external and internal reporting.

DATA DEFINITIONS

The Institutional Research Office and the Data Governance Committee will establish and maintain a data definition dictionary and coding standards for the College’s critical external compliance and
internal operations reporting requirements.

Access - the ability to read, copy, modify, delete, or query data.
College Data - data created, maintained, or acquired by the College.
Users of College Data - persons granted access to College Data. This includes staff, faculty, students, and any other person granted access by the Data Stewards under contractual agreement or otherwise.
Data Custodians - College officials and their staff who have operational-level responsibility for data capture, data maintenance, and data dissemination.
Data Stewards - Data Stewards are College officials who have policy-level responsibility for managing a segment of the College’s data systems, data, and/or reporting.
Data Stewardship vs. Data Ownership - the Data Steward, while not the data owner, are trustees who maintain data quality and accessibility.
Personally Identifiable Information (PII) - any information that can be used to identify an individual directly or indirectly (i.e., Social Security number, driver’s license number, financial or medical records, or biometrics).

ROLES REQUIRED TO GOVERN DATA

DATA GOVERNANCE COMMITTEE

This committee is composed of functional data stewards and custodians from across all functions and departments of the College.

DATA STEWARDS

Data Stewards are College officials who have policy-level responsibility for managing a segment of the College’s data. Data Stewards designate (or in some cases, act as) Data Custodians by functional
area and data area.

Data Stewards are College officials who have policy-level responsibility for managing a segment of the College’s data systems, data, and/or reporting. In the segment, they are responsible for the
correction of errors, strict adherence to the data quality standards and policies, and assigning necessary resources for Data Governance projects and activities. Additionally, an annual review (at a minimum) of users with access to data that falls under their area of responsibility. Data Stewards designate (or in some cases, act as) Data Custodians by functional area and data area.

DATA CUSTODIANS

Data Custodians are College officials and their staff who have operational-level responsibility for data capture, data maintenance, and data dissemination. Data Stewards designate Data Custodians by
functional area and data area.

Data Custodians are College officials and their staff who have operational-level responsibility for data capture, data maintenance, and data dissemination. Data Stewards designate Data Custodians by
functional area and data area. Acting on authority granted by the Data Steward, these individuals are Subject Matter Experts (SME) that possess a thorough understanding of data quality standards for their respective area. Responsibilities include verifying the accuracy of data, correction of data errors, ensuring data standards are followed, and creation and maintenance of data documentation.

DATA USER

Anyone who uses college data to perform assigned job responsibilities. Responsibilities of Data Users include entering, using and maintaining data, reporting abnormalities to appropriate Data Custodian,
and protecting data by following security and privacy policies. These users understand the data used in their respective area, and validate the data for quality and consistency.

The following positions have been designated as Data Stewards and Data Custodians respectively.

Administrative Data Area Data Steward (by title) Data Custodian (by title)
Academic Affairs Vice President, Academic Affairs Administrative Assistant, VP of Academic Affairs
Academic Affairs LMS data Director, Online Learning & Services Online Support & Web Technician
Admissions Vice President, Student Services Director, Admissions & Records/Registrar
Adult Education Dean, Adult Education, Literacy and Middle College Adult Education Specialist
Athletics Director, Athletics Assistant Director, Athletics/Coordinator, Athletic Eligibility
Board of Trustees Vice President, Operations Secretary, Board of Trustees
College Relations Executive Director, College Relations Marketing Specialist, Marketing & College Relations
Facilities Management Assistant VP, Finance, Business Office Executive Director, Maintenance & Facilities
Finance Vice President, Finance and Chief Financial Officer Assistant VP, Finance, Business Office
Financial Aid Director, Financial Aid Assistant Director, Financial Aid
Human Resources Vice President, Human Resources and Labor Relations, Title IX Coordinator/Affirmative Action Officer/504 Coordinator Coordinator, Employment & Professional Development
Information Technology Vice President, Operations Director, Information Technology
Institutional Research Vice President, Operations Director, Institutional Research
Student Information System Vice President, Finance and Chief Financial Officer Programmer/Systems Administrator, Finance
Business and Technology Division Dean, Business and Technology Administrative Assistant, Business and Technology Division
Liberal Arts Division Dean, Liberal Arts, Library, and Academic Assessment Administrative Assistant, Liveral Arts Division
Library Services Dean, Liberal Arts, Library, and Academic Assessment Reference & Instructional Services
Librarian
Math, Sciences, and Health Professions Division Dean, Math, Sciences, and Health Professions Division Administrative Assistant, Math, Sciences, and Health Professions Division
Student Services Vice President, Student Services Assistant VP, Student Services

DATA INTEGRITY PROCEDURES

Data systems and/or processes that are involved in the creation of institutional reports will incorporate data integrity and validation rules that ensure the highest levels of data integrity are achieved.
Validation rules within data systems will include reconciliation routines (checksums, hash totals, record counts) to ensure that software performance meets expected outcomes. Data verification
programs such as consistency and reasonableness checks will be implemented to identify data tampering, errors, and omissions.

Technical and operational staff will create a process for identifying data entry errors and correcting the data to match College standards and will report any issues that require larger action on behalf of the
College’s data governance structure to the MIS Programmer.

IMPACTING DATA QUALITY

The Data Governance Committee will continuously seek out the latest technology available to preserve the integrity and quality of the College’s data. Through continuing education, peer conferences, and
trade publications, the latest trends and tools will be discovered.

IMPACTING DATA SYSTEMS

The College’s data management practices and usage policies will be aligned with the latest technology and data collection methodologies to allow for two-way data and information flow across systems and offices, departments and divisions.

IMPACTING REPORTING NEEDS

Vigilant monitoring of changes to reporting best practices will occur by aligning external compliance reporting instructions, data definitions, and requirements to the data entry, aggregation, and coding of the College’s data.

Adopted Date
07-18-2019
Revised Date
07-22-2021