Information and Data Governance structure

The information and data the University captures, creates, and holds in its systems are valuable assets that support the institution to make effective decisions and produce better outcomes for the University, it’s members and stakeholders. The volume and range of data and information the University uses is growing, and the tools it utilises to interact with it, are becoming increasingly sophisticated.

The University's information and data governance function is based in the Academic Registry. It is responsible for developing information governance policies  for providing advice to Data Owners and Data Stewards operating within specific Data Domains. Correspondingly, IT Services are responsible for University's IT governance and security.

Together, the Academic Registry and IT Services are developing an information governance framework ensuring University members can maximise their use of information and data in compliant and secure ways.

The information governance framework will assist by ensuring the University has the necessary mechanisms in place to manage its information and data assets throughout their lifecycle; putting in place policy and processes, technical infrastructure and security, and behaviours and skills needed.

Information governance framework diagram (July 2020). There are three layers. The first is 'Processes, policies, procedures and roles', the second is 'Technical infrastructure, IT security and systems development', and the third is 'Behaviour and skills'.
Good information governance is based on policies, systems and skills.

Everyone has a role to play in ensuring that the University’s core information and data assets are used appropriately, their quality is maintained, access rights are managed, and they are protected against mishandling, misuse, or cyber-crime; so that their full-potential is optimised.

IG Responsibilities through the uni - July 2020
Information Governance - responsibilities across the University

Data Governance role definitions

At Loughborough University we have defined several essential roles participating in data governance. Here are their definitions and interactions.

A data owner is a senior institutional stakeholder that has overall accountability for an area of institutional data (e.g. Staff, Student).  They are responsible for setting high level policy for their area, particularly around data retention, expected levels of data quality, and compliance.  They are responsible for setting the culture around data use and ensuring appropriate resources are in place to manage data governance risks.  Data owners are responsible for their data area regardless of where that data is held.  They are also responsible for nominating data stewards within their area.

In addition to their senior leadership role, specific examples of data owner activities might be:

  • Agreeing a retention schedule for different types of data (e.g. student emergency contact details might be deleted on student completion, but student names and degrees awarded might be retained in perpetuity);
  • Monitoring the uptake of information security training by staff in their area and identifying if any additional training might be required to mitigate risks specific to their area;
  • Nominating data stewards to advise on operational issues relating to data use.

A data steward is an individual with operational responsibility for specific information assets, appointed by a data owner. They are responsible for implementing policies set in place by the Data Owner and/or relevant committees and have the expertise to understand the data and its processing in their area at a detailed level. They have the expertise or can command the expertise to resolve data issues in their area and should therefore be the first point of liaison where data issues are identified by data users. They are responsible for training and communications relating to their area, as well as ensuring stakeholders are consulted on changes to structures or processes.

Examples of data steward activities might be:

  • Overseeing the work of implementing retention schedules, ensuring data is archived or deleted in compliance with policies agreed with the data owner;
  • Undertaking or supervising work to resolve data quality issues identified through either internal reporting or raised by data users from other areas;
  • Liaising with ITS colleagues to ensure integrations with master systems (e.g. iTrent for HR data, LUSI for student data) are deployed appropriately;
  • Identifying opportunities to improve working practices and data security in their areas, including compliance with GDPR.

A data co-ordinator is a member of staff in a School or Service responsible for maintaining a data asset register of all personal data held within their area that sits outside centrally managed systems. They have a number of responsibilities to support good data management in their School or Service as set out in the role description.

A business service owner is the person, usually in a Professional Service, responsible for a given IT system (IT systems are referred to as a Service within ITS).  They will be the first point of liaison for questions regarding the deployment and further development of a given system. They will usually also be a data stewards for at least some of the data in their system. Where data in their system is drawn from other systems, they will be responsible for ensuring the processing of that data complies with policies articulated by relevant data owners and they will liaise as necessary with the relevant data stewards.

A business service administrator is person in the business responsible for the administration of a given IT system (e.g. assigning user permissions to individuals).  They will generally report into the business service owner, though for smaller systems may be the same person.

A technical service owner is an ITS staff member with a technical understanding of a given IT system and with management responsibility for it. They will be the first point of liaison for business service owners who have significant technical questions about the operation or development of a given system (day-to-day system issues are handled via the ITS Service desk). They will also be responsible for managing the development and/or implementation of any technical tools to support data governance, such as archiving, reporting, data validation, or advising on integration with master systems. 

Data Domains

A Data Domain is a specific group of data assets, recognised as essential for the operation of the University’s key functions, for example, finance data or staff data.

Each Data Domain will have a Data Owner, with one or more Data Stewards. Data Owners are responsible for all data deemed to be within the relevant domain in accordance with the overall University information governance policies and framework. This includes data held in corporate systems, as well as setting the policies and frameworks for locally held datasets relating to that domain.

The confirmed core data domains, along with their respective owners and stewards are listed for University Staff in the link below.

More about Data Domains (for staff only)
More about data security contacts (for staff only)