4CE53030-CF0C-67E7-7D845E0B5CDEC0DD
32E3DAC6-841A-4E11-A8EFD128A10EC478

Data Governance Policy

The purpose of this policy is to establish organizational obligations, roles, process, and appropriate responsibilities for the management of data as an institutional asset.  Data Governance supports the development and maintenance of secure data management practices, protecting institutional data from unauthorized access, alteration, or disclosure, while ensuring availability of the data for appropriate purposes.

The purpose of this policy is to:

  • Ensure the collection, protection, usage, and availability of high-quality data to key stakeholders for improved efficiency and informed decision-making.
  • Define roles and responsibilities for various data creation and usage scenarios, establishing clear lines of accountability.
  • Develop best practices for effective data management and protection.
  • Safeguard data against internal and external threats, including breaches of privacy, confidentiality, and security.
  • Ensure compliance with applicable laws, regulations, exchanges, and standards.
  • Maintain a documented data trail for processes involving data access, retrieval, exchange, reporting, management, and storage.

This policy applies to all Hamilton College data in any form, including but not limited to print, electronic, audio visual, backup, and archived data. It encompasses all processes where data is collected, stored, processed, or managed, including personal data as defined in the data classification policy.

This policy governs all members of the Hamilton College community, including but not limited to faculty, staff, students, contractors, consultants, temporary employees, and third-party agents who access, use, or manage institutional data. Any person involved in specifying data processes, accepting external data, or providing expert input must be familiar with and adhere to this Data Governance Policy.

The scope of data governance includes the following data management activities:

  • Data Access: Establishing and managing authorization to access systems and data
  • Data Requests: Defining processes for requesting, reviewing, approving/denying, and fulfilling data requests
  • Data Collection: Managing how data is gathered, validated, and entered into systems
  • Data Validation: Establishing quality control mechanisms to ensure data accuracy and integrity
  • Data Release/Reporting: Managing the preparation and dissemination of data for internal and external use

 

This policy is governed in conjunction with other applicable college policies, including but not limited to Data Classification Policy, Data Handling Policy, Access to IT Resources, and Appropriate Use of IT Resources Policy. In case of conflict between policies, the more restrictive policy shall control unless otherwise specified.

 

The data governance policy fosters a common vision of data-related practices and promotes more effective use of data. It improves understanding of data collected, reported and used by program areas and the department as a whole. As a result, the policy promotes more consistent, efficient, and coordinated responses to data issues and enhances communication and collaboration among program, technology, and other staff.

The following sections outlines the principles and minimum standards that guide Hamilton College’s data governance procedures and must be adhered to by all Hamilton staff. 

Data Minimization

Data minimization is a fundamental principle of Hamilton College's data governance program. The institution is committed to:

  • Collecting only the data necessary to fulfill specified business purposes
  • Limiting data collection to what is relevant and proportionate to the intended use
  • Establishing clear retention periods and removing data when no longer needed
  • Regularly reviewing existing data collections to identify and eliminate unnecessary data
  • Designing systems and processes with data minimization as a core requirement
  • Implementing measures to prevent excessive data accumulation over time
Data Governance Subcommittee 

The Data Governance Subcommittee serves as the primary body for overseeing data management practices. The DGS operates under authority delegated by Data Trustees and reports through appropriate channels to Senior Staff. Membership includes representatives from key data domains across the institution.

Data Classification 

Hamilton College maintains a Data Classification Policy that defines security categories for institutional data with minimum security requirements for each class. 

Data Inventory 

Collect and maintain a data inventory or list of data repositories that identifies stored or accessible data with associated classifications.  Special attention needs to be paid to data classified as High. The data inventory should be reviewed and revised, if necessary, on a minimum annual basis.

Data Dictionary 

Define and maintain a data dictionary for each data set indicated by the inventory, listing names of data elements and usage intent.  The data dictionary should provide an aggregate description of data within a data set.  Metadata should be included when appropriate for additional context. Data dictionaries should be revised with each change to the data set.

Access Requests

All access to institutional data must follow documented request and approval processes appropriate to the data type and classification. Access reviews must occur regularly and be triggered by organizational changes such as staff transitions or role reassignments.

Handling Guidelines

All institutional data must be handled according to guidelines established in the Data Handling Policy, which accounts for data classification levels, compliance requirements, and security best practices.

 

 

 

 

To maintain the value of institutional data as a strategic asset, Hamilton College requires:

  • All data stewards and users must follow appropriate procedures to maintain data quality and integrity
  • Data records must be maintained in an accurate, complete, and timely manner throughout their lifecycle with appropriate audit trails
  • Data collection must be limited to legitimate business purposes that add value to the institution, adhering to data minimization principles
  • Data extraction, manipulation, and reporting must be performed only for authorized college business
  • Where appropriate, before any data (other than publicly available data) is used or shared outside Hamilton College, an Enterprise Information Systems (EIS) Request Form for data is required to ensure the quality, integrity and security of data will not be compromised.
  • Data must be retained and disposed of in an appropriate manner in accordance with the Hamilton policies, legal obligation and/or regulatory requirements.

Users who violate this policy may be denied access to the institution's information resources and may be subject to penalties and disciplinary action, both within and outside of the institution. The institution may temporarily suspend or block access to an account or system, prior to the initiation or completion of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of institutional data or other computing resources, or to protect the institution from liability.

Violations of this policy will be addressed through applicable college disciplinary procedures, as determined by the nature of the violation and the status of the individual (e.g., faculty, staff, student). Violations that may constitute illegal activity will be reported to appropriate authorities.

The Vice President for Library and Information Technology Services, in conjunction with relevant Data Stewards and the Director of Information Security and Privacy, is responsible for investigating suspected violations of this policy and recommending appropriate remediation measures.

 

Exceptions to this policy must be approved in advance through a formal exception process. Requests for exceptions must be submitted in writing to the Director of Information Security and Privacy, the Data Steward responsible for oversight of the requested data, and the Chair of the Enterprise Information Committee.

Exception requests must include:

  • Specific policy provision(s) for which an exception is requested
  • Business justification for the exception
  • Risk assessment and mitigation strategies
  • Scope and timeframe for the exception
  • Responsible parties and contact information

Approved exceptions must be reviewed and re-approved not less than annually. Temporary emergency exceptions may be granted by the Director of Information Security and Privacy in extraordinary circumstances, but must be followed by a formal exception request within a reasonable timeframe.

The Data Governance Subcommittee will maintain documentation of all approved exceptions and their review schedule.

 

Tags

None found.

Last updated: July 29, 2025

Contact

Team Name

Business Intelligence and Web Services

Office Location
Burke Library
198 College Hill Road
Clinton, NY 13323

Help us provide an accessible education, offer innovative resources and programs, and foster intellectual exploration.

Site Search