Data Governance Policy
Application
This policy applies to institutional data of the University and to all University members.
Purpose
To establish a consistent approach to, and define responsibilities for data governance in support of Te Rautaki Raraunga | Data Strategy and Taumata Teitei.
The Data Governance Guidelines provide additional information on Māori data governance, and general data acquisition, collection, storage, use, distribution and disposal.
Researchers should refer to the Research Data Management Policy and Data Classification Standard for guidance on managing research data.
Policy
Data governance
1. Institutional data are the property of the University of Auckland and are to be managed as a key asset.
2. No one person or group “owns” data. Instead of ownership, specific institutional roles and organisational units have responsibility for particular data.
3. Data must be acquired, collected, managed, accessed, used, distributed, archived and disposed in compliance with the IT Security Policy.
4. Institutional data must be classified according to the Data Classification and Confidentiality Standards.
5. The Data Governance Committee is the governing authority and responsible for approving the Institutional Data Governance operating model.
Data quality
6. Unnecessary duplication of institutional data must be avoided.
7. Institutional metadata shall be recorded, managed, and utilised as appropriate to University needs and agreed priorities.
Data access
8. Institutional data must be protected by all members of the University community from unlawful or unauthorised access, use or disclosure.
9. For the purpose of transparency, institutional data aggregated at Level 3 (Faculty/Service Divisions) and above of the University Organisational Structure (UOS) shall be accessible to all roles, unless a particular reason to decline access to data exists.
Data privacy
10. Where institutional data contains or comprises personal information, in addition to the requirements of this policy, this data must be collected, accessed, used, distributed or disposed in accordance with the University’s Privacy Framework.
Definitions
The following definitions apply to this document:
Data are the representation of facts, concepts or instructions in a formalised (consistent and agreed) manner suitable for communication, interpretation or processing by human or automatic means. It can be structured or unstructured, typically comprised of numbers, words, images or expressed in the form of research outputs. The format and presentation of data may vary with the context in which it is used. Data is not information until it is used in a particular context for a particular purpose. Data is typically considered to be conceptually at the lowest level of abstraction. In the context of this policy this term includes all institutional data including the domains of Education & Student Experience, and Institutional & Administrative. Research data are covered by the Research Data Management Policy.
Data governance is a process and structure that oversee data quality, accessibility, and usability throughout its lifecycle. From initial creation or acquisition, data processes through stages including storage, usage, distribution, archival or deletion. It assigns roles and responsibilities for data management, sets standards for handling and integrity, and ensures compliance with regulations. It is a business activity that optimise data for informed decision-making, ensuring data are accurate, consistent, relevant, and timely, and ensure data products are defined and discoverable.
Institutional data are data elements which satisfy one or more of the following criteria in the Education & Student Experience or Institutional & Administrative Data domains. It is:
- relevant to planning, managing, operating, controlling, internal or external accountability or auditing of the University
- created, received, maintained, or transmitted as a result of educational, clinical, or research activities. It is noted that only administrative data generated by research activities are institutional data. Data generated as an outcome of academic research are not institutional data under this policy
- generally referenced or required for use by more than one organisational unit
- required for an official University academic or administrative report
- data that the University is legally or contractually obliged to hold
- generated by a system or business user using any of the above data.
Māori data governance refers to the processes, practices, standards and policies that enable Māori, as collectives and as individuals, to have control over Māori data.
Metadata refers to descriptive information that provides context about other data. It includes details such as definitions, format, responsible personnel, dates, and location of a dataset or document. It serves as a structured summary that aids in the management, discovery, use, and understanding of data. Documentation adds contexts, relationships, and commentaries aimed to assisting data users with data analysis and data-informed decision-making.
Privacy Framework means the Privacy Policy and any procedures, standards or guidelines issued to support it, including but not limited to the Personal Information Request Procedures, Privacy Breach Management Procedures, Disclosure of Personal Information Procedures, Privacy Impact Assessment Guidelines, and Privacy Guidelines.
Research data are data of all kinds that are created, captured, or generated by research activity, and provide the evidence that underpins the answer to a research question and can be used to validate findings regardless of its form (e.g., print, digital, or physical). Research data does not include institutional data or data related to research management (e.g., research opportunity management, research funding, grants management, research infrastructure, and research outputs, outcomes, and impacts)
University means Waipapa Taumata Rau| University of Auckland and includes its subsidiaries.
University Organisation Structure (UOS) is referred to the common arrangement for University revenues and costs. The University is at level 1, with Faculties, Large Scale Research Institutes (LSRIs) and Service Divisions at level 2. Teaching Departments and administration units usually from level 3. (Refer to the UOS Policy for more information)
University members include staff and students of Waipapa Taumata Rau | University of Auckland, all members of Council, committee members, honorary and adjunct appointees, committee appointees, contractors, subcontractors, alumni, donors, visitors, volunteers, applicants, and the board and staff members of Auckland UniServices Limited.
Key relevant documents
Include the following:
- Privacy Act 2020
- Access to Personal Information Policy and Procedures
- Legislative Compliance Policy
- Research Data Management Policy
- Records Management Policy
- IT Acceptable Use Policy
- IT Privacy and Monitoring Policy
- Privacy Policy
- Data Governance Guidelines
- Digital Ethics
- Generative Artificial Intelligence Usage Standard
- Data Governance (Staff intranet)
Document management and control
Owner: Deputy Vice-Chancellor Operations & Registrar
Content manager: Associate Director - Data Governance
Approved by: Vice-Chancellor
Date approved: October 2018
Date last reviewed or amended: 29 October 2024
Next review date: 29 October 2029