Institutional Data Policy
Issued Sept. 1, 2020 and effective Jan. 1, 2021, the Institutional Data Policy establishes minimum requirements for the management and stewardship of institutional data resources. The policy defines roles and responsibilities for managing data with plans for data identification, documentation, classification, sharing and access in accordance with applicable laws and regulations.
Read the full Institutional Data Policy (UW-Madison’s Policy Library)
Data Procedures and Standards
This is an accordion element with a series of buttons that open and close related content panels.
Data Access and Authorization
Institutional Data Policy (UW 523) requires that access to protected institutional data be authorized and managed. In order to do so, there must be a standard for requesting access, determining whether authorization is granted, the rights and responsibilities that accompany authorization, how and when authorization may be revoked, and tracking and documentation of authorization.
Read the full Institutional Data Access and Authorization Standard (March 1, 2021)
Form: Request access to institutional data
What Data?
Standard applies to all products, systems, services, or applications that generate, collect, store, maintain, transmit, or record protected institutional data. This includes:
- Data Products (e.g., data visualizations, reports)
- Data Systems (e.g., SFS, HRS, Lumen)
- Data services or applications (e.g., Canvas, APIs)
Who this impacts?
This standard applies to ALL individuals who access protected institutional data for any purpose regardless of medium.
Who decides?
Authorization requests are granted or denied by the applicable institutional Data Steward or delegate. Appeals may be made to the applicable steward (if delegated) or the domain Trustee.
Based on what criteria?
Individuals will be authorized to access protected institutional data based on 1) the security classification of the data and 2) the stated business purpose of the need or intended use.
Data Classification
Data Stewards are required by UW System Administrative Policy 1031 to classify major data systems based on risk and to review the classifications annually. The four catagories are Public, Internal, Sensitive, and Restricted.
- Read the Data Classification descriptions
- Explore data within each data domain (click “Classification Rationals” in the table)
Data Definitions and Approval Process
Institutional Data Policy (UW 523) requires that institutional data elements be documented and communicated to ensure transparency, clarity, shared understanding, replicability, and ease of use. To ensure consistency, data definitions of terms appearing in institutional data products must be reviewed and approved by data governance.
- Read the Institutional Data Definitions Procedure (March 2023)
Following approval, terms and institutional data products at UW Madison are cataloged and described in a metadata management software tool (Data Cookbook – request access) which powers our public-facing data catalog RADAR and associated glossary of terms and definitions.
Data Documentation
Institutional Data Policy (UW 523) requires that institutional data sources, elements, processes, integrations, and products be documented and communicated. In order to do so, there must be a standard for determining what is subject to the documentation requirement, what constitutes sufficient documentation, and the roles and processes for creating documentation.
- Read the Institutional Data Documentation Standard (Feb 2022) which details and provides example documentation for:
- Term – a unique word or phrase with a definition that has been formally adopted through campus data governance procedures
- Institutional data product – dashboards, visualizations, reports, etc. based on institutional data sources and display or convey representations of institutional data)
- Dataset – a collection of Data Elements and used to create an Institutional Data Product
- Data Element – one part of a Dataset and is often synonymous with field name
- Integration – such as an API that expose the datasets and elements in a similar way as an institutional data product
- Read the Implementation Statement
Data documentation software
Data Cookbook is a web-based software tool that UW-Madison uses for data documentation and data governance workflow (request access). Its database functionality stores definitions for our institutional data glossary and important documentation for institutional reports and dashboards. Its workflow functionality allows developers, data governance staff and Data Stewards to collaborate on and streamline approval processes
Data Integrations
Institutional Data Policy (UW 523) requires that institutional data products shall source institutional data from systems of record, unnecessary duplication or storage of institutional data shall be avoided, and university standards for integrations shall be followed.
In the coming months, the implementation phase of this standard will develop guidelines which will detail appropriate integration paths and resources, including:
-
- Data Integration Catalog: a list of institutional data integration providers and products (e.g., APIs) that are available for general campus use
- Data Integration Registry: a list of critical data integrations used to notify application contacts of changes to the data landscape
Data Issue Management
Institutional Data Policy ( UW 523) requires that institutional data be treated as a shared university resource and be responsibly managed throughout the entire data lifecycle. In order to do so, there must be a process for identifying, quantifying, prioritizing, and resolving data governance and data management issues in a timely way, which is established with this procedure.
- Read the Institutional Data Issue Management Procedure (March 1, 2021)
- Form: Report an institutional data issue
Data Privacy
Data collected from individuals must be follow all applicable data privacy laws and UW System and university policies, procedures, and standards. This includes:
- UW-Madison Privacy Notice
- Universities of Wisconsin Data Privacy Policy (scope includes UW Madison)
- GDPR statement for individuals providing data while physically located in the European Union and European Economic Area
Data Guidelines (by type)
This is an accordion element with a series of buttons that open and close related content panels.
Computer Logs
The Computer Logging Statement applies to computer systems and network equipment operated by the Division of Information Technology (DoIT).
Employee Demographic Data
The Office of Human Resources maintains guidelines for HR and DEI professionals across
campus on how to request access to and properly use employee demographic data, including sex, race and ethnicity collected through voluntary self-identification.
Facility Data
The purpose of this policy by the Division of Facilities Planning & Management (FPM) is to provide UW Madison with a process for providing access to, and distribution of, facility information, plans, data, documents, drawings and photos.
Generative AI (articifial intelligence)
The Division of Information Technology (DOIT) outlines existing policies governing what you may and may not do when using generative artificial intelligence (AI) tools and services at UW Madison to safeguard institutional data.
Name and Pronouns
These use guidelines are in place for use of name and pronouns in University systems and also setting campus and University expectations for such use and application.
- Read the Use Guidelines for Name and Pronouns in Use (Jan 11, 2021)
Sex and Gender
The Data Governance Council endorsed definitions and guidelines for the collection, management, and use of sex and gender information.
- Read the Data Use Guidelines for Legal Sex and Gender (Feb 20, 2024)
Definitions:
- Sex/Legal Sex – A person’s biological or reassigned sex as printed on legal documents. Categories include Female, Male, or Other Legal Sex.
- Gender – Gender includes the social, psychological, cultural and behavioral aspects of being a specific gender identity (e.g. being a man, woman, trans man, trans woman, nonbinary, or another gender). A person’s Gender may be different from their Legal Sex.
Social Security Numbers
UW Madison Cybersecurity policy on “Restricted Data Security Management” defines how to store and manage “Restricted Data” with a specific focus on Social Security Numbers or SSNs. Specifically, all schools, colleges, divisions, departments, centers, and other units of UW–Madison must find, protect, and report the storage locations of SSNs and work to reduce or eliminate the use of this information.
Teaching and Learning Data
UW-Madison values and supports innovation, including in the practice of teaching and learning and the use of
data for this purpose. To this end, the institution has established guidelines to situate uses of data and
data-informed practices within a larger context of ethical principles, especially a student-centered
perspective.
University Directory Service
The University Directory Service (UDS) provides applications and services at UW–Madison with demographic, role, and contact data to support identity management, authentication, and authorization.
Wiscard Photos
Wiscard photos are considered to be sensitive data according to the UW–Madison data classification policy.
Data-related policy missing from this list? Contact us at dapir@provost.wisc.edu c/o Director of Data Governance.