Core Person Data Domain

Data Domain Scope and Subdomains

The Core Person data domain encompasses basic demographic and contact data elements that describe UW-Madison constituents. The Core Person data domain does not have subdomains, but Core Person data elements are used across other data domains. The Core Person data domain will work closely with other data domains to ensure the best quality person data across domains.

Core person data can generally be categorized as follows:

  • Demographic information includes elements such as name, date of birth and/or death, birth gender and gender identity, citizenship and race or ethnicity data.
  • Location information includes home or work addresses, on-campus locations or other information about where a person may work or live.
  • Contact information includes phone, email or other contact information.
  • Identifier information includes various identifiers that are used to uniquely identify a person. Examples might include SSN, driver’s license number, UW-Madison photo ID number and photo ID image, etc.

Each of the above categories may also include preference information or other metadata that indicates a person’s preference about how their information may be presented or used.

Core person data may also be subject to oversight of other Institutional Data Stewards (and vice versa).

Data Trustee

Data Trustees are university officials with authority over institutional data, as designated by Data Governance Council. Data trustees are accountable for managing, protecting, and ensuring the integrity and usefulness of institutional data and for upholding UW-Madison policies, UW System policies, state laws, and federal laws applicable to the institutional data.

The Data Governance Council recognizes that core person data exists across many lines of business across the university, but that UW-Madison has an institutional interest in managing the quality, accuracy and security of information that it collects about its constituents. As such, the data trustee for the core person data domain is responsible for ensuring the integrity, security and usefulness of core person data across the institution.

Institutional Data Stewards

Institutional data stewards, who are assigned by and accountable to Data Trustees, help define, implement, and enforce data management policies and procedures within their specific data domain. Institutional data stewards have delegated responsibility for all aspects of how data is acquired, used, stored and protected throughout its entire lifecycle from acquisition through disposition.

Since core person data is collected, managed and curated across many different data domains, stewardship of core person data is assigned to the Core Person Data Operational Governance Group. This group shall include representation from the following data domains:

Represented Area Role
Enrollment Management Student Record Data Steward
Human Resources Employee Record Data Steward
Information Technology Integration Architect
Information Technology Enterprise CRM Assistant Director
Teaching and Learning Teaching and Learning Data Steward
School / College Representation At least two representatives from a school or college
Data, Academic Planning and Institutional Research VP-DAPIR (or designee)*

* primary point of contact

The Core Person Data Operational Governance Group is charged with defining standards and guidelines for how core person data is to be collected, used and protected by UW-Madison entities that may handle it. Additionally, Core Person Data Operational Governance Group shall be responsible for identifying key technical and organizational infrastructure needed for UW-Madison to effectively and responsibly manage core person information.

Major Data Systems

UW System Administrative Policy 1031 requires Institutional Data Stewards to identify and classify the major systems where data from their data domain resides. System classification level is determined by the highest classification level of data associated with a system but does not indicate that all data associated with the indicated system are necessarily classified at this level. The name and classification of the major systems where Core Person data reside are:

Major System of Record Classification Primary Data Domain
SIS Restricted Enrollment Management
HRS Restricted Human Resources
Canvas Restricted Teaching and Learning
Salesforce CRM Restricted Person
StarRez Restricted Housing
SFS/WISPER Restricted Research Administration
Special Authorization Restricted Person
Wiscard Restricted Person
UW Health Restricted (not UW-Madison, but closely affiliated)
Person Hub Restricted Division of Information Technology
CAOS Restricted Enrollment Management
Eloqua Internal Division of Continuing Studies
InfoAccess Restricted Office of Data Management and Analytics
Badger Analytics Restricted Office of Data Management and Analytics

Data Classification Rationale

UW System Administrative Policy SYS-1031 and UW-Madison policy UW-504 require that data be classified according to its risk. The risk level of core person data is often contextual, based on the nature of an individual’s relationship to the institution (e.g., student, employee) and the manner in which the information is shared (internal to the UW vs. shared externally). The Core Person Data Operational Governance Group is charged with defining standards and guidelines for the classification of core person data based on context.

Classification Classification Rationale Example(s)
Restricted Data elements whose context invokes regulatory controls such as FERPA or HIPAA, or whose unintentional disclosure would trigger a breach notification duty under law, or whose disclosure in an inappropriate context creates a risk of harm or duress to an individual. Non-directory information for students, or directory information for students that have requested FERPA privacy.
SSN, driver’s license, or any other data element covered by WI §§ 134.98.
Inappropriate disclosure of birth gender or legal name for an individual who has expressed a different gender identity.
Sensitive Data about individuals not covered by FERPA, HIPAA or other specific regulation, but whose release may pose moderate risk of harm to the University or to individuals. Information about parents, affiliates or others not covered by FERPA. Recruitment strategies, trade secrets or other proprietary information.
Internal Data elements that are not covered by specific regulation but can be used to uniquely identify an individual and that the individual or university policy do not allow public disclosure. Future salary adjustment information for employees, constituent contact information other than that disclosed in public directories.
Public Aggregate data that does not allow identification of individuals, or data that the individual or university policy designates as accessible to the public. Public directory information for employees. Student data designated as directory information by FERPA.

Additional Information

Data Steward Responsibilities – Core Person Domain

These duties are executed jointly by the operational governance group defined above.

  • Ensure core person data is treated as a shared university resource
  • Responsibly manage core person data throughout the entire data lifecycle
  • Identify and document core person data.
  • Coordinate guidelines and processes for access to protected core person data among data stewards that collect and manage protected core person data.
  • Coordinate guidelines and processes for sharing core person data to the extent allowable under applicable laws, regulations, policies, standards, and procedures.
  • Actively manage the quality and integrity of core person data and data products
  • Classify core person data in accordance with applicable university data classification policy.
  • Ensure any system holding core person data shall be purposefully planned, inventoried, and implemented
  • Ensure Institutional data products source core person data from systems of record or systems of reference.
  • Apply and/or ensure compliance with procedures, standards, and guidelines as developed and approved by the Data Governance Council.

Appendix 1 – Initial List of Core Person Data Elements

Legal Name
Name in Use
Home Address
Campus or other “local residence” address
Work Address
Legal Sex
Gender
Race / Ethnicity
Home Phone
Mobile Phone
Email addresses (institutional and personal)
SSN
Unique person identifiers (e.g. Employee ID, Student ID, NetID, etc.)
Birthdate
Deceased Indicator
Death date
Pronouns
Veteran Status
Disability status
Country of origin
Citizenship
Residency (e.g. tuition residency for students)
Wiscard Photo