Relief awaits all campus employees who have ever felt frustrated trying to understand their responsibilities for accessing or controlling access to University data and couldn’t figure out whom to ask or where to go for answers.
For a professor using information for a class project, a staffer doing procurement of a new IT application or user support, or a researcher handling information in a new or challenging way, there hasn’t been one place to go to ask their data governance questions and get an authoritative answer.
When campus members have a need for data, they send an email, make a phone call or submit a help ticket to anyone they know who has a data governance role. That request can get bounced around as they may not have gotten it to the correct person. Or the request may need approval from multiple individuals or groups, but each one has acted in a silo. The Information Security Office, within ITS, does not consistently receive requests for review in the same way either. UNC-Chapel Hill’s process for data governance has had both bottlenecks and gaps.
Easier path to answers
Now campus members requesting access to enterprise data will have that central place or structure to get their answers.
An array of University leaders, subject matter experts and other really smart people across the University have given structure to data governance at the University. In early 2019, they began digging deep to devise a better solution for this incredibly complex task of overseeing data. This group, primarily members of the Enterprise Data Coordinating Committee, crafted an improved framework for data governance responsibilities that was published in January of 2021 in a revised Data Governance Standard.
Clarity and structure
The framework establishes a new process for handling requests related to University data, creates a data governance website, develops a new enterprise data governance request form within the ITS help ticketing system of ServiceNow, and forms a new triage and solutions group, called the Data Governance Oversight Group (DGOG). Back to this in a minute.
By providing more clarity and structure, the University’s new and improved framework should improve morale and reduce frustration, as we mentioned earlier. The crafters of this new structure of governing data also hope it will help the University operate more efficiently, save money, reduce risk, and grease the wheels on the path toward becoming a more data-driven institution.
Consider a school at the University looking to contract with a service that would need Social Security and credit card numbers of students. This service would benefit students and the University. But the project leader gets stuck in the murkiness of Carolina’s data governance and doesn’t want to put student information to risk. The planned service doesn’t happen.
In another scenario, imagine a unit needs a solution to a problem and tries to discover if the campus already has an application or a repository that fits the need. The University does, but with all those silos, the unit doesn’t unearth it. The unit winds up building or buying something and expends resources that could have been preserved.
Huge win
It’s going to be a huge win for the University to have this new framework for data governance. For starters, it’s easy to see how the framework can help achieve some of the goals outlined in the University’s Carolina Next strategic plan. The goal of optimizing operations specifically addresses implementing “a robust data governance structure and process to inform decision-making and drive change,” improving administrative operations, and creating a nimble approach for tech projects.
Mind you, data has been governed by some means for as long as there’s been data. Way back in the mainframe days, the University had people making decisions about who could see student grades, for instance. The University has always tried very hard to be responsible with its data. It’s a big, decentralized institution and a hard problem. Plus, the amount of data and the number of places that data is stored keep growing. It’s important that we do a better job of helping people understand their individual responsibilities for data they work with and get them help very efficiently so doing the right thing doesn’t impede their work. Data governance is not fast work. It involves many people and considerations, and doing it right is complicated.
Interchange still important
Just because the University has created a clear data governance structure doesn’t mean that everything will be smooth sailing or that everyone will always be happy with the answers. Sometimes units will get risk assessments that say: Hey, that company you want to work with actually doesn’t do a very good job of protecting data. Why don’t you try this other approach, or here’s what we recommend?
There still needs to be that interchange. To people who are trying to get things done, that may feel like an obstacle. But with the new framework, it will be clearer what the rules are, how and with whom those conversations can take place, and how people can work together to make the University a bit safer. That’s much better than sending something off into a black hole, hearing “no” and not understanding why the answer is “no.”
Concierge model
In a recent conversation, a researcher expressed frustration to one of the working group members designing the framework. The researcher didn’t understand why the application for her project needed a risk assessment. To her, it felt like people reviewing her project were getting in the way and simply checking off boxes. As a result of that discussion about the why and how of the risk assessment, the researcher not only understood what the Security Office was looking at, but was reassured and ultimately happy to know that her research participants would feel comfortable and safe with whatever application she ends up using. That’s the sort of result that a concierge model of data governance can make possible.
The data governance effort now moves on to creating resources for developing training and creating very quick review processes with the right people — existing personnel — who can review requests involving data access and care.
Framework details
Now we’ll get back to the details of the makeup of the framework. Among the main changes, the framework:
- Revamped the Data Governance Standard. (A standard differs from a policy in that a standard doesn’t tell you how to do something; it just tells you what must be or must not be done.) Provost Bob Blouin and J. Michael Barker, Vice Chancellor for Information Technology and Chief Information Officer, directed this change. These changes will help strengthen the security of the University’s data and will provide better access to the data by alleviating confusion about how to get access and streamline the process for getting data.
- Created a new service request at help.unc.edu that staff members can use when they have a request related to University data.
- Created the Data Governance Oversight Group, whose members are working collaboratively to review requests that come in through the new enterprise data request in help.unc.edu. Members of the DGOG include staff members to triage the requests and subject matter experts: data managers, data stewards and data trustees. Currently, data managers and data stewards review and respond to requests for data separately.
- Established datagov.unc.edu, a new data information website that will lists data governance-related resources available at the University in one location. Along with a link to the data policies, the website provides:
- Information about how to get access to many kinds of University data
- Training for staff members about the use of data at the University
- Links to reporting resources at the University
- In a later phase of the implementation, the dean or vice chancellor of each campus unit will be able to designate a data custodian and a back-up, who will be the primary point of contact for data governance within that unit.
- The data custodian will receive training and resources and be a part of a user community that meets regularly to share experiences and lessons learned.
- As the primary point of contact for data governance within a unit, the data custodian will be empowered to handle some routine requests and will have resources to get more complex questions answered quickly.
The crafters of the framework anticipate reviewing it annually to ensure it continues serving the University well.