Data Governance Council 2023-24 Annual Report
September 2024
Overview
Stony Brook’s data governance system was established in fall 2016 in order to improve
Stony Brook’s data infrastructure. The Data Governance Council (DGC) oversees the
data governance system and began meeting in spring 2017. This is the seventh annual
report of the DGC.
We welcomed our new executive sponsors, Dr. Braden Hosch, VP for Educational & Institutional
Effectiveness, and Dr. Simeon Ananou, VP for Information Technology and Chief Information
Officer. They expressed three themes that would pose significant importance for data
governance (1) mitigating risks on sensitive data, (2) process improvement for university
data as we implement a new ERP system for financials, budget and HR, and (3) Communication
from the DGC to educate, generate awareness and to celebrate accomplishments.
Major Accomplishments
- Initiated analyses for a data disposition project to mitigate risk on sensitive data collected through admissions processes
- Launched a new data governance website
- Drafted guidelines for appropriate use of data
- Continued growing the digital business definitions in the Data Cookbook
- Developed data model for reporting of administrative roles
- Continued to collect data access management procedures from data stewards
2023-24 Members
| Kim Berlin, Chair | Analytics and Enterprise Data Officer |
| Diane Bello, Co-Chair | University Registrar |
| Ahmed Belazi | Student Affairs designee |
| Cassandra Amadio | University Controller |
| David Cyrille | Health Sciences designee |
| David Ecker | University Senate designee |
| Jeffrey Mackey | Finance & Administration designee |
| Jim Gonzales | Information Technology designee |
| Judith Brown Clarke | Chief Diversity Officer designee |
| Marrisa Trachtenberg | Enterprise Risk Management designee |
| Nicholas Prewett | Chief Financial Aid Officer |
| Richard Beatty | Chief Enrollment Management Officer |
| Robert Davidson | Research designee |
| Susan Agro | Advancement designee |
| Theresa Diemer | Chief Institutional Research Officer designee |
| Tracey McEachern | Human Resources designee |
Data Disposition for Student Admissions Data
Following the success of the Financial Aid Office’s data purging from 2022-23, it
was decided to continue the agenda with a second, larger scope. A subcommittee composed
of Richard Beatty, Kim Berlin, Nicholas Prewett, Rob Davidson, Andrew Kirsch, and
David Taiclet was empaneled with the goal to establish data retention guidelines and
develop a repeatable process to remove sensitive data generated when student applications
are uploaded and processed through admissions systems.
The scope for the population is for applicants that never enrolled. These are individuals
who were never a student, never an employee, an affiliate or a relative of a student.
The main objectives are to ensure that the university retains personal data for as
long as it is needed, to reduce risk and penalties due to a data breach, to reduce
legally discoverable information, and to improve system performance for search-match
capabilities in PeopleSoft.
The team identified University data systems that maintain student admissions data,
researched retention guidelines for the university, SUNY, and NY state, established
the scope of the population to purge, and conducted preliminary analyses of tables
and number of records. The financial aid project purged ‘operational’ records that
provide a financial aid profile and FAFSA form. We realized after considerable analysis,
that operational records for student admission applications are not the sources of
highly sensitive data and that to focus on them would not mitigate risk and it would
require extensive IT resources to analyze impact along nearly a thousand tables. The
team recommends a different approach from the financial aid project, to target specific
tables that contain PII data and to tackle PII data elements one at a time in a
phased approach.
The Council recommends the assembly of a technical team to assess and confirm the
location of the PII fields within PeopleSoft, to analyze the options for removal –
purge vs mask, and to analyze the impacts of removal.
Management of Administrative Roles
Faculty who are engaged in administrative functions are not easily identified in these
roles by their job title alone. Employee job records are restricted to one job even
though many hold more than one role at the University. We explored and compared two
options for maintaining these data. One in a delivered PeopleSoft panel called “Administrative
Posts” and an existing, custom- built PeopleSoft panel called “contact categories”.
We opted to continue use of the custom, existing process since it is used heavily
in health sciences, and more effort would be involved in migrating these data, ramping
up a new process and training to use the delivered Administrative Post panel.
We extended the contact categories to maintain Post Doctoral appointments and developed
a data warehouse model that includes the capture of monthly snapshots of all contact
categories. A reporting process to academic units for Post Docs was piloted and proved
successful for
improved reporting and analytics of these data. It is understood that the new WolfieOne
HCM will store these data differently, but having a process in place now will provide
an avenue for migration into the new Oracle Cloud system. Upcoming phases for 2024-25
will be to extend
these categories to additional administrative roles for faculty and expanding the
reporting to more units.
Communication Campaign
One area that has been on our radar for many years and has been consistently ranked
lower on our biannual maturity assessments is “Communication”. A major push was initiated
this year to develop more communication and publicly available content to present
Data Governance activities at Stony Brook University and to educate, generate awareness,
and increase knowledge around data policies and data access processes. A subcommittee
was empaneled to create a strategy and establish a long-term practice to increase
knowledge and awareness about data governance. The subcommittee, consisting of Theresa
Diemer, Susan Agro, and Arielle Markiewicz, conferred with Marketing & Communication
and the Office of Change Management for guidance on effective methods to initiating
a communication campaign.
A new Data Governance website was launched in spring 2024 to replace an older, outdated
subsite nested within the IRPE home page. The new website provides a modern presentation
and information about data governance organization and structures, data assets, policies
and standards, introduce data governance concepts, to inform stakeholders and to share
outcomes of data governance activities. The official launch for this website will
be in Fall 2024. https://www.stonybrook.edu/datagovernance
Upcoming phases for 2024-25 will be to share outcomes through the website and targeted
email newsletters.
Data Access Procedures
There are two on-going projects relevant to the “Policy on Data and Data Access” that
was adopted by the University in March 2023. The first is collecting information from
Data Stewards about access controls and procedures for their data assets. This includes
how access to data is requested, how routine and non-routine access to data is evaluated
and granted, how permissions are given for special privileges, and for how users are
routinely removed and
reviewed.
We started collecting this information in spring 2023 through a questionnaire called
the “Data Access Management Procedures”. Procedures have been collected from Data
Stewards for just over 50% of data assets, and a bit more if we exclude FSA assets.
Collection of these procedures will continue in the next year.
Appropriate Use of Data
The second project related to the above-mentioned policy and to mitigate risks to
the university regarding access to sensitive data is to provide guidelines on the
appropriate use of data. Standards and practices about appropriate uses, handling
and sharing of data are not broadly or
commonly recognized. It requires knowledge about data security, data privacy and sensitivity
policies, when and how data sharing is appropriate and allowable, and understanding
the landscape of new and changing technologies for transmitting and sharing data.
A subcommittee was formed consisting of Jeff Mackey, Marrisa Trachtenberg, and Diane
Bello to establish guidelines for appropriate use of university data and IT resources
in ways to respect and protect the privacy of individuals whose records are accessed.
This topic is still developing, with plans to review and refine the language for the
guidelines and decisions on the mechanism for delivery and communication.
Data asset inventory
The DGC has been maintaining an inventory of University data assets on the West campus.
The number of data assets dropped from 95 assets to 92. In 2023-24, one new data asset
was added, and four were retired. One difference from last year is that FSA assets
were moved from VP Finance & Administration into VP Student Affairs. Below is a tally
of University data assets, excluding Health Systems for the 13 Data Trustees with
a breakout of the FSA assets. Additional information about data assets continues to
be collected to comply with the requirements of the “Policy on Data and Data Access”.
|
Data Trustees |
# Data Assets |
|
|
Provost |
21 |
|
|
Chief Information Officer |
12 |
|
|
Vice President Finance & Administration |
11 |
|
|
Vice President for Educational and Institutional Effectiveness |
7 |
|
|
Vice President Student Affairs |
6 |
|
|
- FSA |
12 |
|
|
Vice President for Research |
5 |
|
|
Vice President of Human Resource Services |
3 |
|
|
Executive Vice President Health Sciences |
2 |
|
|
Vice President for Advancement |
3 |
|
|
Director of Athletics |
2 |
|
|
Vice President for Enterprise Risk Management and Chief Security Officer |
2 |
|
|
Vice President for Facilities and Services |
2 |
|
|
Vice President for Marketing and Communications |
1 |
|
|
Grand Total |
92 |
|
Continued implementation of the Data Cookbook
The Data Cookbook is a digital repository for Stony Brook University to manage a data dictionary, report and dashboard profiles and functional and technical definitions. Currently, it includes data definitions for academic, human resources, budget and financials data elements. The Data Governance Business Analyst, Arielle Markiewicz, has advanced this work and added 59 definitions for a total of 198 and added a number of new report profiles for a total of 68. Metadata for data types, allowable values and ranges was also incorporated by the Enterprise Data & Analytics (EDA) office.
This information has started to be made available through Tableau Analytics dashboards. It is planned to continue this effort to make definitions available and integrate them with all reporting products that are released.
|
|
|
|||
|
|
|
|||
|
|
|