Institutional Data Policy
Issued Sept. 1, 2020 and effective Jan. 1, 2021, the Institutional Data Policy establishes minimum requirements for the management and stewardship of institutional data resources. The policy defines roles and responsibilities for managing data with plans for data identification, documentation, classification, sharing and access in accordance with applicable laws and regulations.
Read the full Institutional Data Policy (UW-Madison’s Policy Library)
Read more about the policy on the Institutional Data Policy information page.
Data Procedures and Standards
This is an accordion element with a series of buttons that open and close related content panels.
Data Definitions and Approval
Data sources and products at UW Madison are cataloged and described in the UW Madison Data Cookbook (restricted access) which can be viewed publicly through our search interface, RADAR (institutional data dashboards and reports) and associated glossary of terms and definitions.
Data terms are reviewed and approved by data governance. New data products or data systems should consult with the appropriate data steward(s) on aligning terms and definitions.
Data Issue Management
Institutional Data Policy ( UW 523) requires that institutional data be treated as a shared university resource and be responsibly managed throughout the entire data lifecycle. In order to do so, there must be a process for identifying, quantifying, prioritizing, and resolving data governance and data management issues in a timely way, which is established with this procedure.
- Read the Institutional Data Issue Management Procedure (March 1, 2021)
- Form: Report an institutional data issue
Data Access and Authorization
Institutional Data Policy (UW 523) requires that access to protected institutional data be authorized and managed. In order to do so, there must be a standard for requesting access, determining whether authorization is granted, the rights and responsibilities that accompany authorization, how and when authorization may be revoked, and tracking and documentation of authorization.
Read the full Institutional Data Access and Authorization Standard (March 1, 2021)
Form: Request access to institutional data
What Data?
Standard applies to all products, systems, services, or applications that generate, collect, store, maintain, transmit, or record protected institutional data. This includes:
- Data Products (e.g., data visualizations, reports)
- Data Systems (e.g., SFS, HRS, Lumen)
- Data services or applications (e.g., Canvas, APIs)
Who this impacts?
This standard applies to ALL individuals who access protected institutional data for any purpose regardless of medium.
Who decides?
Authorization requests are granted or denied by the applicable institutional Data Steward or delegate. Appeals may be made to the applicable steward (if delegated) or the domain Trustee.
Based on what criteria?
Individuals will be authorized to access protected institutional data based on 1) the security classification of the data and 2) the stated business purpose of the need or intended use.
Data Documentation
Institutional Data Policy (UW 523) requires that institutional data sources, elements, processes, integrations, and products be documented and communicated. In order to do so, there must be a standard for determining what is subject to the documentation requirement, what constitutes sufficient documentation, and the roles and processes for creating documentation.
Data Classification and Security (SSNs, HIPAA etc.)
Data Stewards are required by UW System Administrative Policy 1031 to classify major data systems based on risk and to review the classifications annually. The four catagories are Public, Internal, Sensitive, and Restricted.
- Read the Data Classification descriptions
- Explore data within each data domain (click Classification Rational in the table)
Restricted Data Security Management – This policy will initially only apply to UW–Madison Social Security numbers (SSNs) during the period from January 1, 2015, through December 31, 2020. The initial period may be extended.
Responsible Use Guidelines (by data type)
This is an accordion element with a series of buttons that open and close related content panels.
Computer Logs
The Computer Logging Statement applies to computer systems and network equipment operated by the Division of Information Technology (DoIT).
Facility Data
The purpose of this policy is to provide Division of Facilities Planning & Management (FPM) employees with a process for providing access to, and distribution of, facility information, plans, data, documents, drawings and photos.
Learning Analytics
UW-Madison is committed to the success of all students and seeks to strategically integrate learning analytics (LA) into the educational practice landscape. These guiding principles are the first step toward the creation of policies for ethical LA practice at the institution.
Name and Pronouns in Use
These use guidelines are in place for use of name and pronouns in University systems and also setting campus and University expectations for such use and application.
University Directory Service
The University Directory Service (UDS) provides applications and services at UW–Madison with demographic, role, and contact data to support identity management, authentication, and authorization.
Wiscard Photos
Wiscard photos are considered to be sensitive data according to the UW–Madison data classification policy.
Data-related policy missing from this list? Contact us at datagov@data.wisc.edu c/o Lisa Johnston, Director of Data Governance.
