Data Domain Scope and Subdomains
The Core Person data domain encompasses basic demographic and contact data elements that describe UW-Madison constituents. The Core Person data domain does not have subdomains, but Core Person data elements are used across other data domains. The Core Person data domain will work closely with other data domains to ensure the best quality person data across domains.
Core person data can generally be categorized as follows:
- Demographic information includes elements such as name, date of birth and/or death, birth gender and gender identity, citizenship and race or ethnicity data.
- Location information includes home or work addresses, on-campus locations or other information about where a person may work or live.
- Contact information includes phone, email or other contact information.
- Identifier information includes various identifiers that are used to uniquely identify a person. Examples might include SSN, driver’s license number, UW-Madison photo ID number and photo ID image, etc.
Each of the above categories may also include preference information or other metadata that indicates a person’s preference about how their information may be presented or used.
Core person data may also be subject to oversight of other Institutional Data Stewards (and vice versa).
Data Trustees are university officials with authority over institutional data, as designated by Data Governance Council. Data trustees are accountable for managing, protecting, and ensuring the integrity and usefulness of institutional data and for upholding UW-Madison policies, UW System policies, state laws, and federal laws applicable to the institutional data.
The data trustee for the core person data domain, as assigned by Data Governance Council, shall be the Chief Data Officer. The Data Governance Council recognizes that core person data exists across many lines of business across the university, but that UW-Madison has an institutional interest in managing the quality, accuracy and security of information that it collects about its constituents. As such, the data trustee for the core person data domain is responsible for ensuring the integrity, security and usefulness of core person data across the institution.
Institutional Data Stewards
Institutional data stewards, who are assigned by and accountable to Data Trustees, help define, implement, and enforce data management policies and procedures within their specific data domain. Institutional data stewards have delegated responsibility for all aspects of how data is acquired, used, stored and protected throughout its entire lifecycle from acquisition through disposition.
Since core person data is collected, managed and curated across many different data domains, stewardship of core person data is assigned to the Core Person Data Operational Governance Group. This group shall include representation from the following data domains:
|Enrollment Management||Student Record Data Steward|
|Human Resources||Employee Record Data Steward|
|Information Technology (Integration / Interop)||Integration Architect|
|Information Technology (Constituent Record Management)||Enterprise CRM Assistant Director|
|Teaching and Learning||Teaching and Learning Data Steward|
|School / College Representation||At least two representatives from a school or college|
|Office Of Data Management and Analytics||Chief Data Officer (or designee)*|
* primary point of contact
The Core Person Data Operational Governance Group is charged with defining standards and guidelines for how core person data is to be collected, used and protected by UW-Madison entities that may handle it. Additionally, Core Person Data Operational Governance Group shall be responsible for identifying key technical and organizational infrastructure needed for UW-Madison to effectively and responsibly manage core person information.
Major Data Systems
UW System Administrative Procedure 1031.A requires Institutional Data Stewards to identify and classify the major systems where data from their data domain resides. System classification level is determined by the highest classification level of data associated with a system but does not indicate that all data associated with the indicated system are necessarily classified at this level. The name and classification of the major systems where Core Person data reside are:
|Major System of Record||Classification||Primary Data Domain|
|Canvas||Restricted||Teaching and Learning|
|UW Health||Restricted||(not UW-Madison, but closely affiliated)|
|Person Hub||Restricted||Division of Information Technology|
|Eloqua||Internal||Division of Continuing Studies|
|InfoAccess||Restricted||Office of Data Management and Analytics|
|Badger Analytics||Restricted||Office of Data Management and Analytics|
Data Classification Rationale
UW System Administrative Policy 1031 and UW-Madison policy UW-504 require that data be classified according to its risk. The risk level of core person data is often contextual, based on the nature of an individual’s relationship to the institution (e.g., student, employee) and the manner in which the information is shared (internal to the UW vs. shared externally). The Core Person Data Operational Governance Group is charged with defining standards and guidelines for the classification of core person data based on context.
|Restricted||Data elements whose context invokes regulatory controls such as FERPA or HIPAA, or whose unintentional disclosure would trigger a breach notification duty under law, or whose disclosure in an inappropriate context creates a risk of harm or duress to an individual.||Non-directory information for students, or directory information for students that have requested FERPA privacy.
SSN, driver’s license, or any other data element covered by WI §§ 134.98.
Inappropriate disclosure of birth gender or legal name for an individual who has expressed a different gender identity.
|Sensitive||Data about individuals not covered by FERPA, HIPAA or other specific regulation, but whose release may pose moderate risk of harm to the University or to individuals.||Information about parents, affiliates or others not covered by FERPA. Recruitment strategies, trade secrets or other proprietary information.|
|Internal||Data elements that are not covered by specific regulation but can be used to uniquely identify an individual and that the individual or university policy do not allow public disclosure.||Future salary adjustment information for employees, constituent contact information other than that disclosed in public directories.|
|Public||Aggregate data that does not allow identification of individuals, or data that the individual or university policy designates as accessible to the public.||Public directory information for employees. Student data designated as directory information by FERPA.|
Data Steward Responsibilities – Core Person Domain
These duties are executed jointly by the operational governance group defined above.
- Ensure core person data is treated as a shared university resource
- Responsibly manage core person data throughout the entire data lifecycle
- Identify and document core person data.
- Coordinate guidelines and processes for access to protected core person data among data stewards that collect and manage protected core person data.
- Coordinate guidelines and processes for sharing core person data to the extent allowable under applicable laws, regulations, policies, standards, and procedures.
- Actively manage the quality and integrity of core person data and data products
- Classify core person data in accordance with applicable university data classification policy.
- Ensure any system holding core person data shall be purposefully planned, inventoried, and implemented
- Ensure Institutional data products source core person data from systems of record or systems of reference.
- Apply and/or ensure compliance with procedures, standards, and guidelines as developed and approved by the Data Governance Council.
Appendix 1 – Initial List of Core Person Data Elements
|Name in Use|
|Campus or other “local residence” address|
|Race / Ethnicity|
|Email addresses (institutional and personal)|
|Unique person identifiers (e.g. Employee ID, Student ID, NetID, etc.)|
|Country of origin|
|Residency (e.g. tuition residency for students)|