The Enterprise Data Governance Program will improve data governance practices at UQ.

Data governance is a collection of practices and processes that provide a framework for the methods, technologies, and behaviours that support the sound management of data. It affects all aspects of organisational processes, decision making and actions — improvements to data governance cannot be made in isolation. Business processes must mature for the data governance vision to succeed. This creates a feedback loop that continuously improves the maturity of our data quality and data governance.

The Enterprise Data Governance Program will improve practices that underpin the analytical and operational functions of UQ.

Objectives

Information Technology must respond to the developing needs and priorities of the University. The goals described here will lead to the achievement of our vision. The priorities under each goal will evolve and adapt as UQ's priorities change, but the goals will stay constant.

Improve the quality of our data

Successful implementation of data governance requires fit for purpose processes and appropriate technology. Data quality can only be improved if business processes are improving and are considering critical data governance aspects. Technology can be a significant enabler of increasing data quality. Examples of data governance activities that improve data quality include (but are not restricted to):

  • Providing master and reference data sets from authoritative data sources
  • Automating detection of data quality issues
  • Formalising responsibility for ensuring data quality at point of collection

When business processes are maturing, the quality of data should increase. In return, an increase of quality data will lead to greater accuracy in reporting and advanced analytics. These reliable insights will lead to improved decision-making support in processes.

Improve our data skills and awareness

To achieve a higher Data Governance practice maturity, cultural and mind-set changes across the organisation are very important. Being accountable for the way we capture and ethically use our institutional data is key in ensuring that we reduce risks and increase operational efficiencies. To enable this, UQ will establish data governance structures including roles and responsibilities for key data stewards and custodians to champion this cultural change. Ensuring data is of appropriate quality is one of their responsibilities.

However, the above can only be achieved when there is a higher level of data literacy in our organisation. Data literacy is the ability to identify, locate, interpret and evaluate information and then communicate key insights effectively. Historically a small number of experts in our organisation had this ability, but uplifting data skills throughout an organisation can democratise analytics and be a game-changer. An awareness and appreciation of the importance of data quality need to be pervasive at all levels of the University.

Data literacy is also important for UQ to comply with regulatory expectations. Staff must be aware of, trained in, and adhere to relevant University policies and procedures. Compliance is highly dependent on the day-to-day behaviour and actions of UQ community members. To date, most data breaches reported to Queensland’s Office of the Information Commissioner have been triggered by accidental transgressions of staff members. For example, sending a single email containing sensitive information to the wrong recipient may breach legislation, with serious consequences for both the individual involved and for the University.

Improve our understanding of and access to data

Data provides a powerful foundation for decision-making; however, many University decisions are still being made without knowledge of or access to this critical resource. UQ is committed to improving this culture and is investing in data and information management initiatives. Data governance is critical in improving the visibility and controlled access of available data as well as establishing common understandings of terminology, context and meaning of data. Examples of data governance initiatives include (but are not restricted to):

  • Business glossary
  • Data asset register
  • Data dictionary and data catalogue
  • Data stewardship tools and processes
  • Master data management
  • Rationalisation of information systems

Understanding data lineage is also important in an environment where data is extensively shared and integrated. Knowing where and how data was created, where it is stored, and which systems have access to this data are becoming more critical due to changes in legislation.

Protect our data

Data brings both opportunities and risks to the University. Capabilities such as ‘big data analytics’ are of great value, but they also give cyber criminals the opportunity to access mass quantities of sensitive and personal information if it is not adequately protected. On the flip-side, the ability to harness the variety, velocity and volume of big data has ushered in new possibilities in terms of analytics and security solutions to detect malicious activity, protect data and prevent future cyber-attacks.

Data governance is able to assist the identification of critical data assets and inform appropriate security controls.

Focus areas

  •  Policies, procedures and standards
    The program will review current data governance artefacts and develop new policies, procedures and standards.
  •  Master and reference data management
    The program aims to establish efficiencies by developing shareable 'single views' of UQ's core data entities and data sets.
  •  Data quality management
    The program will improve the quality of UQ's data. We will assess various initiatives to mature our community skills, processes and technologies.
  •  Data security and access request management
    We will develop appropriate processes to ensure only authorised community members have access to data they require.
  •  Data discovery
    To mature our data governance capabilities we need to ensure our data is not only available, but also findable.
  •  Metadata management
    Metadata is important to ensure that UQ stores, shares and manages its data correctly. Metadata is a key enabler for data discovery.
  •  Data literacy
    We will provide training and increase awareness to the UQ community to ensure our data literacy matures.

Benefits to UQ

Improving data governance practices at UQ will result in numerous benefits.

Responding to regulatory requirements

Regulatory scrutiny of protection of data is becoming more intense and community expectations are rising. New data protection laws including GDPR and mandatory data breach reporting pose significant compliance costs and complex challenges to UQ. To respond to this, we must increase our understanding of our data landscape. Being disciplined in the ways we govern, manage and store our data enables us to satisfy regulatory requirements related to data, which will reduce cost and risk to the University.

To comply with data protection laws, UQ staff must be trained in and adhere to University policy and procedures. Compliance is dependent upon the day-to-day actions of every staff member.

Discovery and accessibility of data

The IT division traditionally supported the discovery and accessibility of data. In recent years, the demand for data has grown and central teams struggle to meet demand with the processes and tools currently in place.

As the University relies more on data to improve user experiences and inform decision-making, it is critical to know which data is available, understand its meaning, and be able to easily access this data in a controlled way.

Management of increasing volume and variety of data

The number of information systems and the volume and variety of information they hold increases exponentially and it is challenging for most institutions to manage and govern the volume and variety of data. This presents complex challenges when applying policies, responding to discovery or regulatory requests and determining compliance with privacy requirements.

Not being able to identify or dispose of data in accordance with regulations will increase risks and costs without appropriate data governance practices being implemented.

Advanced data analytics

Data analytics has changed in recent years with trends such as data science, big data, artificial intelligence, machine learning and self-service analytics. UQ is investing in advanced analytics capabilities and sound data governance practices are foundational to the sustainability of these new and rapidly evolving capabilities.

Increasing visibility and access to more data will enable our analytics community to generate meaningful insights to support decision making or identify risks.

Improved cyber security

Cyber threats are growing in volume and becoming more sophistocated. Breaches and cyber-attacks regularly impact major brands and government agencies, resulting in reputational damage and economic impacts for many affected organisations. Being the target of a cyber-attack is inevitable for a large university such as UQ.

Data governance can support cybersecurity initiatives by identifying our critical data assets and determining the minimum controls that should be in place to protect them.

Teams

Name Role
Aidan Byrne Executive Program Sponsor (Champion)

Program Team

Name Role
David Stockdale Program Owner
Vern Bawden Service Owner
Sasenka Abeysooriya Program Manager
Shelly Mills Program Coordinator
Gina Geurgis Snr Business Analyst/Data Modeller

Steering Committee

Name Role
Rob Moffatt (chair) Chief Information Officer and Program Sponsor
Mark Blows Pro Vice Chancellor (Research)
Doune Macdonald Pro Vice-Chancellor (Teaching and Learning)
Mark Erickson  Academic Registrar
Clare Hourigan Director, Planning and Business Intelligence
David Stockdale Deputy Director, Infrastructure Operations
Rowan Salt Deputy Director, Applications Delivery and Support
Paul Sheeran Associate Director, IT Governance
Vern Bawden Senior Manager, Data and Identity Services
Sasenka Abeysooriya Program Manager, Enterprise Data Governance