Data Governance

What is Data Governance?

Data Governance involves managing data within an organization to ensure it is available, relevant, usable, secure, and accurate throughout its entire lifecycle.

Mission

Our mission is to protect and improve our institutional data to maximize the knowledge extracted.

Vision

A culture where institutional data is trusted, accurate, and is provided in a practical, secure and consistent manner to support data-driven decision making and informed action.

Framework

Data Management Policy

Data Compliance

Data Classification

Data Stewardship

Data Quality

Data Access and Security

Data Retention and Disposal

Training and Resources

Data Governance Framework

CCC data management guidelines outline the principles, responsibilities, and procedures for the management and protection of data at CCC. It is designed to ensure that employees have appropriate access to institutional data and information and maintain responsible and ethical use of data to support the CCC mission, enhance decision-making, and comply with relevant laws and regulations. This policy applies to all college units and to all uses of institutional data, regardless of the offices or format in which the data resides.

The primary objectives of the Data Governance guidelines are to:

Ensure the confidentiality, integrity, and availability of data.
Facilitate compliance with applicable laws, regulations, and industry standards.
Improve data quality and consistency.
Promote data transparency and accountability.
Minimize data-related risks and ensure responsible data stewardship.

The guidelines apply to

All data assets owned managed, or processed by City Colleges of Chicago, including but not limited to:

Student data
Employee data
Financial data
Operational data
Intellectual property
Third-party data

Data Governance Steering Committee	Provides strategic direction and is the decision-making body of the program Ensures strategic alignment with CCC objectives and initiatives Approves funding, budget and resource allocations for the program
Data Governance Office	Establishes and enforces data policy Responsible for ensuring data quality Protects data security and privacy Advises business and technical resources on data standards and ensures technical designs adhere to data architecture best practices Oversees data stewardship and compliance
Data Governance Working Groups	Consist of business and technical data stewards Manage data within their specific subject area Ensure data quality meets business expectations Develop and maintain guidance for data access, management and handling by adopting polices, standards, guidelines and procedures

Data Management Policy

CCC Data Management Policy outlines the principles, responsibilities, and procedures for the management and protection of data at CCC. It is designed to ensure that employees have appropriate access to institutional data and information and maintain responsible and ethical use of data to support the CCC mission, enhance decision-making, and comply with relevant laws and regulations. This policy applies to all college units and to all uses of institutional data, regardless of the offices or format in which the data resides. More information can be found in all sections of the Data Governance website.

The Data Management Policy and information on the Data Governance website serves as a foundation for maintaining data integrity, security, and compliance across City Colleges of Chicago. By adhering to these principles and guidelines, we demonstrate our commitment to responsible data stewardship and trustworthiness. This policy is subject to change as necessary and will be communicated to all relevant parties in a timely manner.

Policy Review and Updates

The guidelines shall be reviewed annually and updated as necessary to reflect changes in business requirements, technology, or regulatory landscape.

Data Classification

This guideline outlines a structured approach for classifying CCC data based on its sensitivity, value, and significance. The classification ensures that appropriate security measures are implemented to safeguard the data in accordance with CCC’s Information Security Policy. This guideline applies to all faculty, staff, students, third-party affiliates, and operational data within CCC.

Type	Definition	Example
Public	This type of data that can be displayed on CCC websites or published without access restrictions. Does not contain sensitive or confidential details. The unauthorized disclosure, alteration, or destruction of the data would pose little or no risk to CCC and its affiliates.	Course Schedules Public policies
Internal Use Only	This type of data is intended for internal CCC use and not for public disclosure. Data should be labeled as internal if the unauthorized disclosure, alteration, or destruction of that data could pose a moderate level of risk to CCC or its affiliates. Adequate security measures should be applied to protect internal data.	Contractual - non-disclosure Email correspondence Budget plans
Restricted	This type of data requires protection under laws, regulations, contracts, relevant legal agreements and/or require CCC to provide notification of unauthorized disclosure/security incidents to affected individuals or government agencies.	Payment Card Industry (PCI) Information Private Personal Information (PPI) Protected Health Information Student Education Records (FERPA) Student Loan Application Information

This table outlines data classification and handling guidelines based on the level of risk associated with improper handling of CCC data. It provides clear instructions for the types of data and the required handling practices for sharing, storage, and encryption.

Type	Risk of Improper Handling	Storage	Encryption	Sharing
Public	Improper handling results in low or no risk to the institution.	Encryption is not required during transmission.	No encryption required for storage.	This information can be freely published and shared without restriction.
Internal Use Only	Improper handling results in moderate risk to the institution.	Encryption is not required when transmitting through a network (including transmission over wired and wireless networks, and email).	Must be stored on college resources; encryption is not required.	Access is limited to members of the college community and requires Data Steward approval. Sharing is permitted only within CCC on a need-to-know basis.
Restricted	Improper handling results in high to severe risk to the institution.	Encryption is required when transmitting through a network (including transmission over wired and wireless networks, and email).	Must be stored on college resources; encryption is required.	Access is restricted based on applicable laws, regulations, or college policies and requires explicit approval from the Data Steward or designated CCC authority. Access and use must follow the instructions provided by these entities.

Data Stewardship – Roles and Responsibilities

All employees shall adhere to the Data Governance guidelines and report any data-related incidents or concerns to the designated Data Governance Officer.

The Data Stewards shall oversee the implementation and enforcement of the guidelines and provide guidance on data governance matters.

A data domain is a logical grouping of data that’s related to a specific business function or area. Data domains are used to organize data, assign responsibility, and improve data governance. Here are the CCC’s main data domains:

Students Enrollment Management Alumni Teaching and Learning (course materials, syllabi, assessments, pedagogical approaches, and instructional technology) Human Resources Financial Marketing (communications, marketing campaigns, social media, public relations)	Facilities (campus facilities, maintenance, space allocation, usage) Safety and Security Legal (contracts, compliance with regulations, and institutional policies) IT (technology infrastructure, network, hardware, software, IT support) Document Management/Information Sharing Email Communication Library

Students
Enrollment Management
Alumni
Teaching and Learning (course materials, syllabi, assessments, pedagogical approaches, and instructional technology)
Human Resources
Financial
Marketing (communications, marketing campaigns, social media, public relations)

Facilities (campus facilities, maintenance, space allocation, usage)
Safety and Security
Legal (contracts, compliance with regulations, and institutional policies)
IT (technology infrastructure, network, hardware, software, IT support)
Document Management/Information Sharing
Email Communication
Library

Data Trustee	Data Steward	Technical Steward
Data Stewardship - Assign and oversee Data Stewards. Data Policy - Supervise the development of data policy. Compliance - Identify legal and regulatory requirements for data in their domains. Promote Data Governance - Encourage proper data use and uphold data quality.	Data Governance Participation - Participate in Data Governance activities by attending group meetings and engaging in working groups as required. Data Access - Make sure people can use the data properly by creating clear rules for who can access the system and what they can do. Write down guidelines to guarantee the right rules are followed and keep track of the groups that have access. Review and approve Restricted data usage. Data Policies - Contribute to the creation of data policies, covering aspects like data retention, data privacy, data usage, and data regulations. Data Classification - Ensure that data is classified according to Data Policy. Data Certification - Assess reports and visualizations to confirm they meet business requirements and function as intended, ensuring that the data is considered reliable (trusted). Data Sharing – Review data sharing requests and approve or reject. Data Quality - Maintain and implement standards for data quality and data definition. Data Compliance - Ensure compliance with federal and state data regulations. Data Education - Educate people how to use and protect institutional data through clear communication.	Data Governance Participation - Participate in Data Governance activities by attending group meetings and engaging in working groups as required. Data Access - Control access to data for users. Data Support - Assist with data-related issues. Maintain data security and disaster recovery plans. Subject Matter Expertise - Understand how the data is created, manipulated, stored and moved in technical systems. Offer guidance, support in testing, and validation while data assets, dashboards, and reports are developed for their domain, ensuring alignment with business processes. Data Quality - Perform tasks to guarantee that data is accurate, dependable, uniform, and pertinent for its intended purpose. Reference and Master Data - Define and review code values / code lists for different types of information (reference data) and identify sources of master data. Data Compliance - Ensure compliance with federal and state data regulations.

Data Quality

Procedures shall be established to ensure data accuracy, completeness, and consistency.
Regular data quality assessments and audits shall be conducted to identify and rectify discrepancies.
Progress toward institutional data management goals shall be measured and tracked and compliance with policies, procedures, and standards shall be auditable in accordance with current data governance best practices.

Data Access and Security

Access to data shall be subject to approval from CCC Data Stewards or designated authorities.
Authentication mechanisms, encryption, and access controls shall be implemented to safeguard data confidentiality and integrity.
Access to sensitive data shall be logged and monitored regularly for unauthorized activities.
Student-level data will only be shared under a data sharing agreement approved by the Office of General Counsel and the partner agency that clearly outlines student consent, data being shared, secure data transfer, data use, and data retention.
The usage and timely availability of appropriate institutional data from systems of record and reference shall be promoted and encouraged in the conduct of City Colleges of Chicago business.

Data Retention and Disposal

Data shall be retained only as long as necessary to fulfill record retention requirements.
CCC will follow the record disposal requests must be completed here.

Data Compliance and Enforcement

Non-compliance with this policy may result in disciplinary action, including but not limited to termination of employment or legal consequences.

Training and Resources

We’re working hard to bring you valuable content. Please check back soon for updates.