Corporate Data Management Policy

Responsibility for policy: Director of Information and Technology Services
Approving authority: Assistant Vice-Chancellor (Student and Information Services)
Last reviewed: February 2010
Next review date: February 2013

This policy is currently under review.

Print Version


  1. This policy applies to all staff of the University of Waikato.


  1. The purpose of this policy is to establish a framework of principles to be applied to the management, security and use of corporate data.

Related Documents

  1. This policy should be read in conjunction with the following documents:


  1. In this policy:
    corporate data means all data that is captured through the operation of the University, and includes, but is not restricted to:
    • human resource data
    • financial data
    • facilities data
    • student data
    • student management system data
    • course and programme data
    • University policies, procedures and manuals
    primary source means the official University record for the relevant data, as identified by the data custodian in consultation with the Information Systems Group.


  1. The following principles apply with respect to this policy:
    1. Corporate data is an important resource in informing the strategy and management of the University.
    2. Corporate data should be readily accessible to inform decision-making.
    3. All elements of the University's corporate data systems should be integrated.
    4. New data systems developed or purchased by the University should be interfaced with the current corporate data systems and not implemented as stand-alone systems.
    5. Corporate data should be accurate and verifiable.
    6. The value of corporate data is increased through widespread, timely and consistent use.
    7. Any change in primary source data should be reflected in secondary sources.
    8. Corporate data must not be used for an individual's own or for others' personal gain or profit, or to satisfy one's own or another's curiosity.


  1. The Information Systems Group is responsible for:
    1. promoting the value of University data for University-wide purposes and facilitating data sharing and integration
    2. documenting and promoting the structure and logic of University data
    3. identifying items of corporate data and distinguishing primary data sources
    4. providing advice and support for security administrators
    5. providing advice and support for data custodians
    6. managing the integration of current and new systems as part of the University corporate database
    7. managing technological implementation of common standard codes and data definitions throughout the University
    8. liaising with data custodians with respect to approved uses for corporate data
    9. managing the design and implementation of processes for maintaining the integrity, accuracy, precision, timeliness, consistency, standardisation and value of data.
  2. The ICT Committee is responsible for establishing the organisational entity with responsibility for the custodianship of data contained within a particular corporate data source.
  3. Deans, Directors or equivalent must ensure (where appropriate) that relevant staff in their areas of responsibility are designated as:
    1. security administrators
    2. data custodians.
  4. Data custodians are responsible for:
    1. identifying and documenting authorities for access to data and levels of access
    2. authorising downloads and uploads of corporate data
    3. authorising access to corporate data
    4. monitoring and enforcing the consistent application of processes for maintaining the integrity, accuracy, precision, timeliness, consistency, standardisation and value of data
    5. arranging appropriate training for staff and others to ensure data is captured and used accurately and competently
    6. implementing processes established by security administrators.
  5. Security administrators are responsible for:
    1. providing access to users as specified by data custodians
    2. ensuring that appropriate safeguards exist to protect data and that appropriate disaster recovery and business continuity procedures are in place
    3. providing appropriate procedural controls to protect data from unauthorised access.
  6. Data users:
    1. are responsible for ensuring that all access to data through their user account is relevant and appropriate to the work being undertaken
    2. are responsible for ensuring that subsequent use and distribution of data accessed through their user account is valid and appropriate
    3. must not disclose University data to unauthorised persons without the consent of the relevant data custodian
    4. must not disclose their password to anyone
    5. must abide by the requirements of the Privacy Act 1993 and other relevant statutes.
  7. Line managers are responsible for ensuring that all data users within their area of responsibility are aware of their responsibilities as set out in this policy.

Responsibility for monitoring compliance

  1. The Director of Information and Technology Services is responsible for monitoring compliance with this policy, and for reporting breaches to the Assistant Vice-Chancellor (Student and Information Services).
  2. Breaches of this policy may result in disciplinary action under the Staff Code of Conduct.

Did you find this information useful? Yes | No