What is Data Governance?
Data Governance is:
A collection of practices and processes ensuring the consistent and proper handling of data so that its value can be leveraged across McGill. It ensures that our data is:
Data governance provides clear responsibilities for managing data quality, integrity, access, security, use, and disposal of data.
Why is Data Governance important?
The most important benefit of data governance is improved data quality and data security. By putting in place data governance, we will have more confidence in our data quality which will promote data-driven decision making and increase our adherence to compliance regulations.
Who are the custodians of McGill's data?
Each member of the McGill community who interacts with data plays a role in the proper management of that data.
But who guides us in this, and who ensures that our data governance policies and standards are followed by the members of the McGill community? The following stakeholders play a key role in the proper governance of McGill’s data, and they help us make the right decisions about our data.
The Data Governance Steering Committee (DGSC) is the overarching body that provides oversight and guidance for the effective management and protection of all Enterprise Data including establishing any required standards. Its stakeholders include Legal Services, Secretariat, Analysis, Planning and Budget, and Information Technology Services.The DGSC comprises a subset of Data Trustees and become involved/come together in the event of risks or issues that require escalation. They are not responsible for the day-to-day management of the data.
Data trustees have the ultimate responsibility to manage Enterprise Data in compliance with University policies and legal and regulatory requirements.McGill's data is divided into domains. Each domain is assigned a Data Trustee. This list shows the different data domains and their assigned Data Trustee.
|Data Steward||Data stewards specify appropriate access procedures and rights/permissions according to data classification (regulated, protected, public data).|
|Data Manager||Data managers explain to the McGill community members how to properly handle their data, and creates processes and procedures to ensure the accuracy, privacy and integrity of data.|
|Technical role||Technical roles work in collaboration with the above roles to ensure that technical controls (such as access controls) are in place so that we maintain data confidentiality, integrity and availability.|
Not all data has the same level of confidentiality (data classification)
One of the most important steps in protecting data appropriately is to determine the sensitivity of the data being used. Depending on the level of confidentiality, the required level of data protection will differ.
|Regulated||Regulated data is confidential data that requires the highest security controls as mandated by law. Unauthorized disclosure of this data poses the highest levels of risk to the University.||Employee records, passwords,credit/debit card information|
|Protected||Protected data is confidential data whose protection is not mandated by law. However, unauthorized disclosure of protected data could pose significant to moderate level of risk to the University and security controls depend on data sensitivity.||Meeting minutes, grant information, contract information|
|Public||Public data is non-confidential data. However, some control is required to prevent unauthorized modification or destruction.||mcgill.ca, class schedules, brochures, press releases|
Who to contact if you need support
If you have general questions about data governance, we are here to help you. Please contact itgovernance.its [at] mcgill.ca (subject: IT%20Policies%20support) or visit the contact page for a more complete list.