Policies, Procedures, and Standards

Institutional Data Policy

Issued Sept. 1, 2020 and effective Jan. 1, 2021, the Institutional Data Policy establishes minimum requirements for the management and stewardship of institutional data resources. The policy defines roles and responsibilities for managing data with plans for data identification, documentation, classification, sharing and access in accordance with applicable laws and regulations.

Read the full Institutional Data Policy (UW-Madison’s Policy Library)

Data Procedures and Standards

Data Access and Authorization

Institutional Data Policy (UW 523) requires that access to protected institutional data be authorized and managed. In order to do so, there must be a standard for requesting access, determining whether authorization is granted, the rights and responsibilities that accompany authorization, how and when authorization may be revoked, and tracking and documentation of authorization.

Read the full Institutional Data Access and Authorization Standard (March 1, 2021)
Form: Request access to institutional data

What Data?
Standard applies to all products, systems, services, or applications that generate, collect, store, maintain, transmit, or record protected institutional data. This includes:

Data Products (e.g., data visualizations, reports)
Data Systems (e.g., SFS, HRS, Lumen)
Data services or applications (e.g., Canvas, APIs)

Who this impacts?

This standard applies to ALL individuals who access protected institutional data for any purpose regardless of medium.

Who decides?

Authorization requests are granted or denied by the applicable institutional Data Steward or delegate. Appeals may be made to the applicable steward (if delegated) or the domain Trustee.

Based on what criteria?

Individuals will be authorized to access protected institutional data based on 1) the security classification of the data and 2) the stated business purpose of the need or intended use.

flowchart showing the access and authorization procedure for institutional data at UW Madison

Data Classification

Data Stewards are required by UW System Administrative Policy 1031 to classify major data systems based on risk and to review the classifications annually. The four catagories are Public, Internal, Sensitive, and Restricted.

Read the Data Classification descriptions
Explore data within each data domain (click “Classification Rationals” in the table)

Data Definitions and Approval Process

Institutional Data Policy (UW 523) requires that institutional data elements be documented and communicated to ensure transparency, clarity, shared understanding, replicability, and ease of use. To ensure consistency, data definitions of terms appearing in institutional data products must be reviewed and approved by data governance.

Read the Institutional Data Definitions Procedure (March 2023)

Following approval, terms and institutional data products at UW Madison are cataloged and described in a metadata management software tool (Data Cookbook – request access) which powers our public-facing data catalog RADAR and associated glossary of terms and definitions.

Data Documentation

Institutional Data Policy (UW 523) requires that institutional data sources, elements, processes, integrations, and products be documented and communicated. In order to do so, there must be a standard for determining what is subject to the documentation requirement, what constitutes sufficient documentation, and the roles and processes for creating documentation.

Read the Institutional Data Documentation Standard (Feb 2022) which details and provides example documentation for:
- Term – a unique word or phrase with a definition that has been formally adopted through campus data governance procedures
- Institutional data product – dashboards, visualizations, reports, etc. based on institutional data sources and display or convey representations of institutional data)
- Dataset – a collection of Data Elements and used to create an Institutional Data Product
- Data Element – one part of a Dataset and is often synonymous with field name
- Integration – such as an API that expose the datasets and elements in a similar way as an institutional data product
Read the Implementation Statement

Data documentation software
Data Cookbook is a web-based software tool that UW-Madison uses for data documentation and data governance workflow (request access). Its database functionality stores definitions for our institutional data glossary and important documentation for institutional reports and dashboards. Its workflow functionality allows developers, data governance staff and Data Stewards to collaborate on and streamline approval processes

Data Integrations

Institutional Data Policy (UW 523) requires that institutional data products shall source institutional data from systems of record, unnecessary duplication or storage of institutional data shall be avoided, and university standards for integrations shall be followed.

Read the Integration Standard for Use of Institutional Data in Applications (November 2023)

In the coming months, the implementation phase of this standard will develop guidelines which will detail appropriate integration paths and resources, including:

- Data Integration Catalog: a list of institutional data integration providers and products (e.g., APIs) that are available for general campus use
- Data Integration Registry: a list of critical data integrations used to notify application contacts of changes to the data landscape

Data Issue Management

Institutional Data Policy ( UW 523) requires that institutional data be treated as a shared university resource and be responsibly managed throughout the entire data lifecycle. In order to do so, there must be a process for identifying, quantifying, prioritizing, and resolving data governance and data management issues in a timely way, which is established with this procedure.

Read the Institutional Data Issue Management Procedure (March 1, 2021)
Form: Report an institutional data issue

Data Privacy

Data collected from individuals must be follow all applicable data privacy laws and UW System and university policies, procedures, and standards. This includes:

UW-Madison Privacy Notice
Universities of Wisconsin Data Privacy Policy (scope includes UW Madison)
GDPR statement for individuals providing data while physically located in the European Union and European Economic Area

Data Guidelines (by type)

Computer Logs

The Computer Logging Statement applies to computer systems and network equipment operated by the Division of Information Technology (DoIT).

Read the Computer Logging Statement

Employee Demographic Data

The Office of Human Resources maintains guidelines for HR and DEI professionals across
campus on how to request access to and properly use employee demographic data, including sex, race and ethnicity collected through voluntary self-identification.

Read the Resources for Campus Use of Employee Demographic Data (March 7, 2023)

Facility Data

The purpose of this policy by the Division of Facilities Planning & Management (FPM) is to provide UW Madison with a process for providing access to, and distribution of, facility information, plans, data, documents, drawings and photos.

Read the Distribution of Facility Data, Documents, and Graphics Information Policy

Generative AI (articifial intelligence)

The Division of Information Technology (DOIT) outlines existing policies governing what you may and may not do when using generative artificial intelligence (AI) tools and services at UW Madison to safeguard institutional data.

Read the Generative AI @ UW–‍Madison: use & policies

Name and Pronouns

These use guidelines are in place for use of name and pronouns in University systems and also setting campus and University expectations for such use and application.

Read the Use Guidelines for Name and Pronouns in Use (Jan 11, 2021)

Sex and Gender

The Data Governance Council endorsed definitions and guidelines for the collection, management, and use of sex and gender information.

Read the Data Use Guidelines for Legal Sex and Gender (Feb 20, 2024)

Definitions:

Sex/Legal Sex – A person’s biological or reassigned sex as printed on legal documents. Categories include Female, Male, or Other Legal Sex.
Gender – Gender includes the social, psychological, cultural and behavioral aspects of being a specific gender identity (e.g. being a man, woman, trans man, trans woman, nonbinary, or another gender). A person’s Gender may be different from their Legal Sex.

Social Security Numbers

UW Madison Cybersecurity policy on “Restricted Data Security Management” defines how to store and manage “Restricted Data” with a specific focus on Social Security Numbers or SSNs. Specifically, all schools, colleges, divisions, departments, centers, and other units of UW–Madison must find, protect, and report the storage locations of SSNs and work to reduce or eliminate the use of this information.

Read the Restricted Data Security Management policy

Teaching and Learning Data

UW-Madison values and supports innovation, including in the practice of teaching and learning and the use of
data for this purpose. To this end, the institution has established guidelines to situate uses of data and
data-informed practices within a larger context of ethical principles, especially a student-centered
perspective.

University Directory Service

The University Directory Service (UDS) provides applications and services at UW–Madison with demographic, role, and contact data to support identity management, authentication, and authorization.

Read the University Directory Service (UDS) Responsible Use Policy

Wiscard Photos

Wiscard photos are considered to be sensitive data according to the UW–Madison data classification policy.

Release of Wiscard ID Photos to Applications Policy

Data-related policy missing from this list? Contact us at dapir@provost.wisc.edu c/o Director of Data Governance.