Planning for Data Management

Overview

Before collecting or acquiring data, establish a plan for how the data will be managed throughout the lifecycle and consider how any laws, rules, and regulations may apply to the data as well as who will be accountable.

This is part of the UW–Madison Institutional Data Literacy & Training series.

<< Previous: Introduction to the Data Lifecycle
>> Next: Data Management 101

Learning Objectives

  1. Understand the elements of a data management plan
  2. Gain resources to help with data planning
  3. Review major laws, rules, and regulations that impact data planning decisions

 

Data management plans

A data management plan records important decisions about how the data will be handled through the lifecycle and any data governance for any laws, rules, and regulations to be followed. A data management plan should include answers to the following questions:

  • What data will be collected, in what formats?
  • What additional documentation will be needed and where will this information be stored and maintained?
  • Will the selected data storage platform scale to the size and security needs of your data?
  • Who is responsible for monitoring and managing data integrity?
  • Will you be able to determine who made changes to the data and when?
  • Who will decide when/where the data will be shared? Under what conditions?
  • How will the data be preserved overtime? How long will it be kept?

For many researchers seeking grant funding,  a data management plan is a required component of the grant proposal. Download a template for a data management plan with this guide from the UW–Madison Library.

Tip: If your data include information collected from human participants, the planning stage is also the time to determine how you will protect participant data privacy and obtain informed consent for any data collection and sharing. Visit the UW–Madison IRB for more information.

Data architecture and design

For enterprise data managers and developers, the planning stage involves the design and architecture of data systems prior to data collection. Planning for how the system will meet all applicable laws and policies is also a major component in the review and purchase of information technology systems or services and applications that generate, collect, store, maintain, transmit, or record institutional data.

UW–Madison Data Community Resources

Connect with the broader UW–Madison data community:

Data-related laws and regulations

Many laws and regulations pertain to how we manage data. Here are a few:

  • FERPA: The Family Educational Rights and Privacy Act is a federal law that governs the privacy of student education records, access to those records, and disclosure of information from them.
  • FISMA: The Federal Information Security Management Act requires implementing moderate or higher security controls documented in the most recent revision of the National Institute of Standards and Technology Special Publication 800-53 (NIST SP 800-53) and related publications for Controlled Unclassified Information, Export Controlled Research, and data being used under government partnership or contracts.
  • GDPR: The European Union’s General Data Protection Regulation harmonizes data-protection laws throughout Europe and may apply to certain personal data collected by UW‑Madison where we engage in business activities that collect or process the personal data of individuals physically located in the EU. See the UW–Madison GDPR Notice.
  • GLBA: The Gramm-Leach-Bliley Act requires institutions that offer consumers financial products or services like loans, financial or investment advice, or insurance to explain their information-sharing practices to their customers and to safeguard sensitive data.
  • HIPAA: The Heath Insurance Portability and Accountability Act is a federal law that protects the privacy and security of Protected Health Information (PHI) as defined by HIPAA. Designated schools, colleges, departments and individuals at UW–Madison form the HIPAA Health Care Component (HCC).
  • PCI-DSS: The Payment Card Industry Data Security Standard (PCI-DSS) provides guidance to organizations, including universities, for protecting the payment card data used to process these transactions.
  • Wisconsin Data Breach Notification Law: Section 134.98 of the Wisconsin Statutes requires most businesses to notify individuals if an unauthorized person has acquired their personal information.

Further information: The University Libraries guide on the Responsible data planning, use and sharing offers an in-depth overview of the rules and regulations related to data.