Data Governance

Webinar 08.12.11

Kathy Gosa, KansasJosh Klein, OregonBaron Rodriguez, PTAC

Data Governance: Key components & implementation steps

2

Why Data Governance?

• Data Governance (DG) is an organizational approach to data and information management Helps to protect interests of stakeholders by enforcing

compliance with agreed-upon rules and regulations regarding data management (including security)

Outlines who can take what actions, when, with what information, and using what methods

Defines rules of engagement, organizational bodies, accountable individuals, and processes

Is formalized as a set of policies and procedures

Encompasses the full data life-cycle

Components of a Data Governance Program

3

• Rules and Rules of Engagement1. Mission and Vision

2. Goals, Governance Metrics, Success Measures, and Funding Strategies

3. Data Rules and Definitions

4. Decision Rights

5. Accountabilities

6. Controls

• Organizational Bodies and Individuals7. Data Stakeholders

8. A Data Governance Office

9. Data Stewards

• Processes10. Proactive, Reactive, and Ongoing Data Governance Processes

Components of a Data Governance Program contd.

4

Source: “The DGI Data Governance Framework” (Gwen Thomas, The Data Governance Institute).

Data Governance Program: Scope

• Scope of a DG program with focus on privacy, compliance, and security includes

Protection of sensitive data Vulnerability assessment and risk mitigation Enforcement of regulatory, contractual, and architectural

compliance requirements Identification of stakeholders, decision rights, and accountabilities Access management

5

DG Program Implementation: Key Steps

• Decision-making authority: Establish organizational structure with different levels of DG & specify roles and responsibilities at each level

• Standard policies & procedures: Adopt and enforce a written data governance plan

• Data inventory: Conduct an inventory of all data that require protection

• Data content: Identify the purposes for which data are collected and justify the collection of sensitive data

• Data records: Specify activities related to handling data to ensure compliance with security policies

6

DG Program Implementation: Key Steps contd.

• Data quality: Ensure that data are accurate, relevant, timely, and complete for the purposes they are collected

• Data access: Define and assign differentiated levels of data access to individuals based on their roles and responsibilities

• Data security: Ensure the security of sensitive data by mitigating the risks of unauthorized disclosure

• Data dissemination: Ensure that data sharing and reporting activities comply with federal, state, and local laws

7

Data Governance: Sharing Best Practices

Successes, challenges, and areas in need of development

Guest speakers:

•Kathy Gosa (Director of Information Technology, Kansas DE): Postsecondary and internal program data governance

•Josh Klein (Chief Information Officer, Oregon Department of Education): LEA engagement through the District CIOs, data collection committee, and regional consortia participation

8

Data Data Governance Governance

ProgramProgramKansas State Department of Education

Kathy Gosa, IT DirectorPTAC WebinarAugust 2011

• Data Governance Board (Director level decision makers from each department / program area)

…establish and enforce policies and practices related to agency data management

– Ethics & security will be a part of every decision the group makes– Members have the authority and commitment to make policy

recommendations and decisions– LEA participation is via comments on proposed policy.

• Data Steward Workgroup (agency data stewards)– Focused on communication, collaboration, data quality– Build capacity for ownership and accountability of data– Eliminate the silo effect of working with data

• Data Request Review Board (subgroup of DGB)– Provides consistent treatment of data requests– Considers, prioritizes and assigns requests for data

KSDE Data Governance Program

• Setting expectations

• Escalation Process

Data Stewards and Programmers

Data Manager / Coordinator

Data Owners

Data Governance Board

ExecutiveLeadership

Data Governance Board

ExecutiveLeadership

Data Stewards & Programmers

Data Request Review Board

Issue Resolution

Data Governance for Data Governance for P20P20

• Kansas P20 Data Sharing o Executive Order gives authority for KBOR and KSDE to evaluate one

another’s programso MOU specifies that each party must notify the other party of any “use” of

the other’s data

• Federated approach for P20 Data Governanceo Postsecondary has a “seat” on KSDE’s DGB and DRRB

• for all items involving PS data (including revisions to KSDE DG Program)

• if voting is involved, the PS “seat” has veto powero KSDE is a data owner of P20 data housed at KBOR, and so

• has a “seat” and decision power on KBOR’s Data Review Committee for any data requests involving P-12 data

• authorizes access to P-12 data• Assigns a data steward with responsibility to assist with analysis/use

of P-12 data

Successes / Successes / ChallengesChallenges

• Successes:o Data Governance is a fundamental part of our culture.o As new issues / challenges have arisen we’ve been able to modify our

existing framework to address them.o Expanding re PS data governance was relatively painless.o We’ve “evolved” our process for including LEAs in DG processes.

• Challenges:o Keep meetings/issues focused – don’t waste time!o Inclusion of LEAs in DG processes. o Immaturity of DG processes at other state agencies.o Applicability of the federated model to other agencies (e.g., Dept of

Labor).

Oregon Education Governance Network

Josh KleinChief Information OfficerOregon Department of Educationjosh.klein@state.or.us

PTAC WebinarAugust 12, 2011

Oregon Landscape• 197 School Districts• 19 Education Service

Districts • 561,698 Students• 62,557 School Employees• 28,638 Teachers• Geographically Large• Strong Local Control

Data Source: 2009-2010 Oregon Statewide Report Cardhttp://www.ode.state.or.us/data/annreportcard/rptcard2010.pdf

Governance History• IT Manager’s Committee (ITMgrs)

– Quarterly* Since October 2000

• Data Collection Committee (DCC)

– Quarterly Since November 2002

• Data Quality Workgroup (DQWG)

– Triannually Since February 2008

• Data Warehouse Governance Committee (DWGC)

– Monthly Since April 2010

• Assessment and Accountability Advisory Committees (AAC)

DCC Website: https://district.ode.state.or.us/search/results/?id=402ITMgrs Website: https://district.ode.state.or.us/search/results/?id=403DQWG Website: http://data.k12partners.org/content/project-meetings

* Monthly IT Manager Meetings also held.

Assessment PanelsPanel / Committee

Number of Members

Meeting Frequency

Assessment Policy Advisory Committee

15-20 4-6 times a year

Sensitivity Panel 15-20 4-6 times a year

English Language Arts Assessment and Content

Panel35 6-8 times a year

Mathematics Assessment and Content Panel

35 6-8 times a year

Science Assessment and Content Panel

35 6-8 times a year

Social Sciences Assessment and Content Panel

25 6-8 times a year

Accommodations and Modifications Review Panel

24 2-3 times a year

English Language Proficiency Assessment and

Content Panel38 6-8 times a year

Content and Assessment Panels Website: http://www.ode.state.or.us/search/page/?id=488

Successes• Online Testing Since 2001 (ITMgrs)

• Required Data Owner Attendance (DCC)

• One-Year Rule & Annual Collection Cycle (DCC)

• Race/Ethnicity (DCC/ITMgrs)

• Student Record Exchange (DWGC)

Microsoft Office Word Document

Challenges• Coordination & Preparation• Including Small/Rural Districts• US vs. THEM - Mandate Compliance

In Development• Increased Frequency & Web

Option (DCC)

• Monthly Vendor Meetings• P-20/W Governance

– ALDER Executive Committee (AEC)– Oregon Education Investment Board (OEIB)

• Institution Reconstitution Policies• Oregon Education Information

Security Council– FERPA Compliance– Cloud Computing (i.e. Google Apps for

Education)

AEC Website: http://alder.orvsd.org/content/alder-executive-committee

References

21

•Statewide Longitudinal Data Systems (SLDS) Technical Brief 2. Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records (NCES 2011-602)

•The Data Governance Institute – The DGI Data Governance framework

•National Association of State Chief Information Officers – Data Governance series

Upcoming PTAC Events

22

Regional Meetings 2011

• Regional meeting #4: MEIC (August, 2011) – Kansas City, MO – Midwest

PTAC Webinars 2011

• Threats to your Data - August 22nd: 1:30 - 2:30 pm EST

• Data Center Consolidation Best Practices - September 16th: 1:30 - 2:30 pm EST **New**

Stakeholders’ Feedback

23

• What are your needs?

• How can PTAC help you? Help Desk

Site visits

• Sharing best practices Input from organizations that have successfully implemented a

DG program

Sharing your experiences

PTAC Help Desk & Website

24

Send PTAC your questions on privacy, confidentiality, and data security related to longitudinal data systems (LDSs)

Contact the Help Desk

o PrivacyTA@ed.gov

o Toll Free Phone: 855-249-3072

o Toll Free FAX: 855-249-3073

Get copies of PTAC resources, join listserv- nces.ed.gov/programs/ptac

Data Governance

Webinar 08.12.11

Data Governance: Key components & implementation steps

Thank You for Participating