Corporate Data Management Policy
Responsibility for policy: Director of Information and Technology Services
Approving authority: Assistant Vice-Chancellor (Student and Information Services)
Last reviewed: February 2010
Next review date: February 2013
This policy is currently under review.
- This policy applies to all staff of the University of Waikato.
- The purpose of this policy is to establish a framework of principles to be applied to the management, security and use of corporate data.
- This policy should be read in conjunction with the following documents:
- In this policy:
corporate data means all data that is captured through the operation of the University, and includes, but is not restricted to:
- human resource data
- financial data
- facilities data
- student data
- student management system data
- course and programme data
- University policies, procedures and manuals
- The following principles apply with respect to this policy:
- Corporate data is an important resource in informing the strategy and management of the University.
- Corporate data should be readily accessible to inform decision-making.
- All elements of the University's corporate data systems should be integrated.
- New data systems developed or purchased by the University should be interfaced with the current corporate data systems and not implemented as stand-alone systems.
- Corporate data should be accurate and verifiable.
- The value of corporate data is increased through widespread, timely and consistent use.
- Any change in primary source data should be reflected in secondary sources.
- Corporate data must not be used for an individual's own or for others' personal gain or profit, or to satisfy one's own or another's curiosity.
- The Information Systems Group is responsible for:
- promoting the value of University data for University-wide purposes and facilitating data sharing and integration
- documenting and promoting the structure and logic of University data
- identifying items of corporate data and distinguishing primary data sources
- providing advice and support for security administrators
- providing advice and support for data custodians
- managing the integration of current and new systems as part of the University corporate database
- managing technological implementation of common standard codes and data definitions throughout the University
- liaising with data custodians with respect to approved uses for corporate data
- managing the design and implementation of processes for maintaining the integrity, accuracy, precision, timeliness, consistency, standardisation and value of data.
- The ICT Committee is responsible for establishing the organisational entity with responsibility for the custodianship of data contained within a particular corporate data source.
- Deans, Directors or equivalent must ensure (where appropriate) that relevant staff in their areas of responsibility are designated as:
- security administrators
- data custodians.
- Data custodians are responsible for:
- identifying and documenting authorities for access to data and levels of access
- authorising downloads and uploads of corporate data
- authorising access to corporate data
- monitoring and enforcing the consistent application of processes for maintaining the integrity, accuracy, precision, timeliness, consistency, standardisation and value of data
- arranging appropriate training for staff and others to ensure data is captured and used accurately and competently
- implementing processes established by security administrators.
- Security administrators are responsible for:
- providing access to users as specified by data custodians
- ensuring that appropriate safeguards exist to protect data and that appropriate disaster recovery and business continuity procedures are in place
- providing appropriate procedural controls to protect data from unauthorised access.
- Data users:
- are responsible for ensuring that all access to data through their user account is relevant and appropriate to the work being undertaken
- are responsible for ensuring that subsequent use and distribution of data accessed through their user account is valid and appropriate
- must not disclose University data to unauthorised persons without the consent of the relevant data custodian
- must not disclose their password to anyone
- must abide by the requirements of the Privacy Act 1993 and other relevant statutes.
- Line managers are responsible for ensuring that all data users within their area of responsibility are aware of their responsibilities as set out in this policy.
Responsibility for monitoring compliance
- The Director of Information and Technology Services is responsible for monitoring compliance with this policy, and for reporting breaches to the Assistant Vice-Chancellor (Student and Information Services).
- Breaches of this policy may result in disciplinary action under the Staff Code of Conduct.