REPORT: Data Governance Policy Models

SURVEYING DATA GOVERNANCE POLICY MODELS

Prepared for BCCAT by Plaid Consulting

Published March 2021

Download/View:    REPORT    INFOGRAPHIC (4-pages)

This report focuses on data governance at post-secondary institutions and related organizations. Data governance is defined as the formal execution and enforcement of authority over the management of data and data-related assets (Seiner, 2014).

An overview of data governance at higher education institutions provides detail on elements of data governance, e.g., defined roles and responsibilities of those involved in data governance at a post-secondary institution. The analysis of the goals and motivations of data governance programs revealed that one of the primary motivators for pursuing data governance was from a risk management perspective. Institutions aimed to ensure that institutional reporting is based on consistent, reliable, and trustworthy data. Organizations and institutions with data governance programs were more likely to have clearly defined data governance goals and motivations, e.g., British Columbia First Nations’ Data Governance Initiative aims to empower First Nations citizens through collective data ownership within Indigenous nations.

The report discusses options for the implementation of data governance frameworks at four levels – from strategic to operational level. For some institutions, a data governance framework can incorporate all the elements of data governance. For others, implementation can start with a pilot project and use existing expertise and committee structures can help to build momentum towards larger data governance initiatives. Data governance is described as an iterative process, and it was common to see initiatives move through more than one structure before implementation.

The scan of maturity models in the context of Canadian higher education uncovered that data governance is most often practiced informally. Those with formal data governance programs have either implemented their programs recently or are still in the development process. One of the most common themes identified was the need for a shift toward a data-driven culture within the institution or organization. Unlike organizations that work with student data, organizations that use health data are more likely to have developed formal data governance programs.

An overview of data access and privacy legislation in the context of higher education identifies relevant legislation from British Columbia, such as Freedom of Information and Protection of Privacy Act (BC FIPPA), Private Information Protection Act (PIPA), Personal Health Information Access and Protection of Privacy Act (BC E-Health), and Higher Education Acts. Applicability of Canadian national legislation, legislation at nine other Canadian provinces or territories, several American states, and Europe’s General Data Protection Regulation (GDPR) was also discussed.

The report concludes with key considerations, insights, and recommendations for higher education organizations and institutions in relation to the data governance programs.