Colleges and universities rely on data governance to ensure that the data they collect and produce is complete, accurate, and available as needed. But data governance is important for another reason as well: It’s the key to risk management and data security.
As an increasing number of institutions fall victim to cyberattacks on everything from admissions files to financial aid information, many in higher ed have recognized that a strong data governance program is their first line of defense.
“In order to protect your information of value,” wrote one governance expert in a recent piece in Computer Weekly, “you have to know not just that you have it, but where you have it, and where you allow it to go.”
Data governance is a way for any enterprise to create transparency around the data in their possession.
When a university understands the data that it has — and has the tools and policies to monitor that data’s flow — it follows that it’s also less likely to lose it and can mitigate a breach should one occur.
Risk Management at the University of North Texas
One institution that has made data governance central to its own risk management efforts is the University of North Texas in Denton, Texas.
Jason Simon, associate vice president of the university’s office of Data, Analytics, and Institutional Research (DAIR), says data governance is the “structural” foundation supporting UNT’s Insights initiative, an enterprisewide data warehousing and predictive analytics program.
Prior to the program’s launch in 2016, stakeholders in the program, including faculty and executives, discussed what they wanted to see in a “rigorous technological and cultural data governance solution,” Simon says.
Data validity was one top concern, as was data quality. “People weren’t always sure where to find information, and when they received a piece of data, they didn’t always know where it came from or what it meant,” he says.
In the context of data risk management, Simon says, that lack of clarity around specific data elements spelled potential trouble, for university leadership especially.
“It was possible that they wouldn’t have the data at their disposal that they needed to answer a strategic question. Or maybe they’d misrepresent the data that they had, thinking it meant one thing when it really meant something else.”
By developing a data governance framework, the DAIR team was able to mitigate such risks. “Now we have a system with automated workflows that allows us to document every data point. People can understand and trust what they’re seeing.”
Successful Data Risk Management Employs a Governance Hierarchy
That system, Simon explains, includes a “formalized chain of command” related to term approval and adoption they use to create federated data elements that have been validated across the enterprise. The approach also utilizes visual analytics tools that when combined with data governance protocols permit “easy identification of outliers or other anomalies” in the data.
If an outlier is discovered, he says, it can then be addressed by an expert in the department from which that data element originated (a financial aid officer, for example, in the case of student financial data).
C-suite leaders take part in the governance process, which “elevates institutional attention and support for rooting out challenging data” and ensures mission-critical data is understood and stable.
Finally, by allowing all stakeholders to see UNT’s files around data definitions, metadata, lineage and other characteristics, “our program effectively crowdsources risk mitigation by providing the user base with an outlet to explain and elevate any concerns,” Simon says.
Other Risk Management Strategies
Other risk management measures critical to data governance at UNT are focused on information privacy and security.
The DAIR team requires all Insights users to first go through an “intensive training” program where they learn the basics of responsible data stewardship.
They also must undergo institutional Family Educational Rights and Privacy Act (FERPA) training, and they must sign a formal usage agreement detailing how they’re expected to interact with university data.
Security role provisioning is the next step in the onboarding process, and once users have access to their accounts, they “must authenticate a login prior to seeing data,” Simon notes.
Simon describes the data governance policies and procedures that have been key to their analytics program’s success as constantly evolving to incorporate industry best practices related to data privacy and security.
Ensuring effective data governance, he says, does require significant effort, and with it there must be significant investment.
“But that effort and investment are worth it under the right leadership and with the right infrastructure because the ROI is huge.”