University of Wisconsin–Madison

Data Management

Develop and formalize procedures for the handling of data classified as “High Risk” by the UW-System data classification policy.

  • Institutions appoint Data Stewards for specific types of data, e.g., the Registrar for student data. It is the responsibility of the Data Steward to work with Security, Privacy and/or Data Officers to assure that the data is classified appropriately.
  • Each UW Institution identifies and assigns a Record Custodian to meet the Record Custodian responsibilities.
  • Institutional Record Custodians verify that data retention schedules are properly implemented at each UW Institution to meet regulatory, contractual and compliance requirements.
  • Ensure that Data Stewards are enforcing compliance of data retention and destruction policies.
  • Establish a requirement for Data Stewards to review data classifications at least annually.
     
  • Verify and validate that the requirements regarding the encryption, prevention of loss, data leakage and integrity, as prescribed in the Data Protection Standard have been achieved at each institution.

Campus group

Office of Cybersecurity

Goals

  • Identifies and assigns a Record Custodian to meet the Record Custodian responsibilities.
  • Update and publish UW Data Classification and Protection Policy and Standards documents [1031, 1031.A and 1031.B] are updated and published.
  • UW-Madison appoints Data Stewards for specific types of data (e.g. the Registrar for student data). It is the responsibility of the Data Steward to work with Security, Privacy and/or Data Officers to assure that the data is classified appropriately.
  • Institutional Record Custodians verify that data retention schedules are properly implemented at UW-Madison to meet regulatory, contractual and compliance requirements.
  • Ensure that Data Stewards are enforcing compliance of data retention and destruction policies.
  • Establish a requirement for Data Stewards to review data classifications at least annually.
  • Verify and validate that the requirements regarding the encryption, prevention of loss, data leakage and integrity, as prescribed in the Data Protection Standard have been achieved at UW-Madison.

Deliverables

  • UW Data Classification and Protection Policy and Standards documents [1031, 1031.A and 1031.B]
  • Requirements regarding the encryption, prevention of loss, data leakage and integrity, as prescribed in the Data Protection Standard
  • Verification of properly implemented data retention schedules at UW-Madison, meeting regulatory, contractual and compliance requirements.
  • Verification and validation that the requirements regarding the encryption, prevention of loss, data leakage and integrity, as prescribed in the Data Protection Standard have been achieved at UW-Madison.
  • Assignment of a Record Custodian
  • Appointment of Data Stewards
  • Requirement for Data Stewards to review data classifications at least annually

Progress

While the overall status is “pending”, some subtasks are completed, or at least complete from UW- Madison’s perspective. Others are in progress, and still others are awaiting UWSA actions.

Completed Tasks

  • Each UW Institution identifies and assigns a Record Custodian to meet the Record Custodian responsibilities.

In Progress

  • UW Data Classification and Protection Policy and Standards documents [1031, 1031.A and 1031.B] are updated and published.
  • Institutions appoint Data Stewards for specific types of data (e.g. the Registrar for student data). It is the responsibility of the Data Steward to work with Security, Privacy and/or Data Officers to assure that the data is classified appropriately.
  • Institutional Record Custodians verify that data retention schedules are properly implemented at each UW Institution to meet regulatory, contractual and compliance requirements.
  • Ensure that Data Stewards are enforcing compliance of data retention and destruction policies.

Pending

  • Establish a requirement for Data Stewards to review data classifications at least annually.
  • Verify and validate that the requirements regarding the encryption, prevention of loss, data leakage and integrity, as prescribed in the Data Protection Standard have been achieved at each institution.

Stakeholders

TBA

Core Project Team

  • Alan Ng (co-lead)
  • McKinney Austin (co-lead)
  • Nick Tincher
  • Andy Goldstein
  • Sarah Grimm
  • Dharvesh Naraine