MENU
L3Harris Commons

Data and Information Governance Policy

Applies to:Original Policy Date:Date of Last Review:Approved by:
Florida Tech Campus August 2024 August 2024 Dr. John Nicklow, President

Policy Owner: Chief Data Officer (CDO)

Policy Purpose

The Florida Institute of Technology (Florida Tech) recognizes the critical importance of its data and information assets and is dedicated to establishing effective governance programs to ensure their appropriate use, availability, and risk management. These governance programs are designed, implemented, and upheld for the benefit of Florida Tech and its constituents, promoting data quality, integrity, and compliance across the university.

Policy Scope

This policy applies to all data and information systems associated with Florida Tech, including but not limited to:

  • All University Data, regardless of format or location, whether digital or physical.
  • All data and information systems owned, leased, operated, or managed by the University.
  • All personnel, including faculty, staff, students, contractors, and affiliates, who access, manage, or handle University Data.
  • All departments, divisions, campuses, and affiliated entities of the University.

Exceptions to this policy are limited and must be explicitly authorized by the Chief Data Officer (CDO) following the established exception process.

Policy Statement

Florida Tech asserts ownership rights over all data, content, and information collected, produced, transmitted, or stored concerning its constituents, services, programs, and operations. This system-wide policy establishes the framework and responsibilities for governing University data and information.

All divisions, campuses, units, and individuals are accountable for supporting data governance objectives and activities, ensuring data and information collection and management aligns with this policy and other relevant policies, procedures, and practices.

The Chief Data Officer coordinates with University Data stakeholders to implement, manage, and enhance data governance.

Procedures/Guidelines

  1. Implementation and Administration:
    • The Chief Data Officer is responsible for university-wide implementation and administration of this policy. This involves collaboration with various organizations, units, personnel, and systems to improve data and information system policies, procedures, guidelines, practices, understanding, and issue resolution.
  2. Data Governance Framework:
    • Establish data governance committees and working groups to oversee data-related activities and decision-making processes.
    • Develop and enforce data classification and handling guidelines to protect data according to its sensitivity and risk level.
  3. Data Stewardship:
    • Data Stewards are responsible for ensuring data quality, accuracy, and compliance with data governance policies.
    • Regular training and awareness programs must be conducted to educate stakeholders on data governance principles and practices.
  4. Data Access and Permissions:
    • Access to University Data must be granted based on the principle of least privilege, ensuring that individuals have access only to the data necessary for their roles.
    • Regular audits must be conducted to review and verify data access permissions.

Definitions and Acronyms

  • Access: Authorization to view or use specific resources or assets, such as data or information systems.
  • Data: Information describing characteristics or quantities of a being, object, transaction, or event, interchangeably used with terms like content and information.
  • Data Classification: Parameters reflecting risk, sensitivity, data type, inclusion of Personally Identifiable Information (PII), and required protective measures for data elements and assets.
  • End User (User): Individuals or systems accessing university assets, including data and information systems.
  • Enterprise Information System: System-wide resources managing essential administrative functions and transactions across the university.
  • Information System: Database, application, or filing system supporting specific business functions.
  • Permissions: Activities authorized for Data Users based on job duties or functions, also referred to as user rights.
  • Personally Identifiable Information (PII): Data elements used as identifiers, with potential risks if compromised, including social security numbers, driver’s license numbers, and banking information.
  • Unit Record: Unique data record assigned to a person, device, or object, along with associated data elements and values.
  • University Data: Critical information supporting the university's mission and operations, distributed across multiple organizational units.

Compliance Reference

This policy ensures compliance with various regulatory frameworks and standards, including:

  • Family Educational Rights and Privacy Act (FERPA): Protects the privacy of student education records. The policy mandates appropriate data handling practices to ensure compliance with FERPA.
  • Health Insurance Portability and Accountability Act (HIPAA): Sets standards for protecting sensitive patient information. The policy includes measures to safeguard health information in compliance with HIPAA.
  • Gramm-Leach-Bliley Act (GLBA): Requires protection of personal financial information. The policy outlines data governance practices that ensure compliance with GLBA.

By adhering to these regulations, the policy helps the University protect its data assets, maintain compliance, and avoid potential legal and financial penalties.

Responsibilities

  • Chief Data Officer (CDO): Oversees the overall implementation, administration, and compliance with the Data and Information Governance Policy.
  • Data Stewards: Responsible for the management, quality, and integrity of University Data within their respective domains.
  • End Users: Must comply with data governance policies, standards, and procedures.

Enforcement

Non-compliance with this policy may result in disciplinary actions, including but not limited to access restrictions. The policy is enforced by the Chief Data Officer, with periodic audits conducted to assess compliance. Violations may also be reported to regulatory authorities as required by law.

 

Edit Page