Statement of Policy
Lehigh University's institutional data is a University asset by definition, practice, and intent. The purpose of this document is to establish policy for the management of Lehigh's institutional data and the responsibilities for the protection of those data.
Specifically, this policy statement is intended to ensure the establishment, maintenance and delivery of stable, reliable, and accessible collections of institutional data in electronic form to authorized users. Furthermore, it is intended to facilitate the incorporation of institutional data and research integrally into decision-making, competitive positioning, and delivery of services throughout the University.
Lehigh University is the owner of all institutional data. No single person, department, or other unit within the institution "owns" any institutional data; departments and other units within the University, however, have operational-level responsibility for subsets of institutional data.
Implementation of Policy
Institutional data includes, but is not limited to, all data in Lehigh's enterprise-wide information systems, all data collected from approved surveys, and all data on other ancillary systems, such as cloud based services, library book records, and telephony records.
As an institutional asset, data shall be protected from deliberate, unintentional, or unauthorized alteration, destruction, and/or inappropriate disclosure through the enforcement of effective data security procedures. Data will be used in accordance with established institutional policies and practices and will conform to pertinent federal and state laws. Those who violate these principles and/or laws should expect the University to take disciplinary and/or legal action.
Institutional data shall be managed as a University resource. Data organization and structure shall be administered on both functional and institutional levels. Data usage and data sources shall be managed through the stewardship principles of administering and controlling data quality and standards in support of institutional goals and objectives.
In particular, the University will:
- Establish a Data Governance Executive Committee with faculty representation to provide policy guidance on strategic issues related to enterprise data administration.
- Establish a Data Governance and Standards Committee to include data stewards and key data managers to address enterprise data administration issues at the operational level.
- Establish and maintain a data administration structure including data stewards and data managers (see Data Management);
- Establish and maintain a data infrastructure including data standards, naming conventions, and data definitions for institutional data;
- Maintain effective coordination among database administrators, users and senior managers to ensure the security, accuracy, and reliability of institutional data;
- Provide easy access for authorized users to timely, accurate and appropriate institutional data;
- Disseminate reference materials and information pertaining to data administration, e.g., policies, standards, definitions;
- Educate the campus community to ensure the responsible use of data.
The primary responsibility for maintaining high standards of data administration and implementing University data policies shall rest with the data stewards. Data stewards are designated University officials who have the highest level of data responsibilities in their functional areas. Vice Presidents will appoint data stewards for data intensive functional areas. Specifically the data stewards are responsible individually and collectively, by conferring with other data stewards, for the following:
- The overall integrity and security of data subsets managed by their reporting units;
- Establish and maintain data classification scheme;
- The creation and implementation of appropriate procedures and guidelines concerning the accuracy, privacy, and integrity of the data subsets for which they are responsible;
- The resolution of data access and definition issues involving data elements that exist in multiple data subsets across stems;
- The interpretation and implementation of state and federal policies and laws that affect data subsets within their functional areas;
- The identification of the access type (public, internal, or internal sensitive) for each data element within the data subsets managed by their reporting units;
- The authorization procedures that facilitate appropriate data access as defined by campus data policy and ensure data security for data within their functional area.
The administration of Lehigh's institutional data shall be guided by primarily data stewards in conjunction with staff from the following departments which include Enterprise Systems Implementation, Office of Institutional Data, Internal Audit, Information Security and other University areas when applicable. The aforementioned group meets typically on a monthly basis via Data Governance & Standards meetings.
The Office of Institutional Data shall be responsible for the completion and accuracy of the Common Data Set and all external requests for institutional data, such as Integrated Postsecondary Education Data System (IPEDS), U.S. News and World Report, Peterson's, etc. It shall also have primary responsibility for university-wide internal research based on institutional data.
Carefully constructed and properly administered surveys can be a valuable source of institutional data for self-study, analysis, and decision making. It is especially important that the larger surveys, comprised of several hundred constituents or more, are conducted with competent professional survey advice and in consultation with the Office of Institutional Data to ensure that they are well constructed, have minimal overlap with other large surveys, do not overburden the respondents, and produce data that can be shared with other appropriate users. These larger surveys should only proceed with the approval of a dean, vice president, or other senior administrator.