Hawai i Data exchange Partnership. Data Governance Policy March 4, 2014

Transcription

1 Hawai i Data exchange Partnership Data Governance Policy March 4, 2014

2 Hawai i Data exchange Partnership Data Governance Policy Table of Contents Purpose... 3 Underlying Assumptions of the Three- and Five-Partner Memoranda of Understanding... 3 Hawaiʻi DXP Partners... 4 Definition... 4 Obligations... 5 Benefits... 5 Access to Data... 5 Hawaiʻi DXP Affiliates... 6 Definition... 6 Obligations... 6 Affiliate Access to Data... 6 Roles & Responsibilities... 7 Executive Committee (EC)... 7 Data Governance & Access Committee (DG&A)... 7 Organizational Partner... 8 Sub-Committee Roles and Responsibilities... 9 Research and Data Request Sub-Committee (RDR)... 9 Security and Access Sub-Committee (S&A) Data Quality Subcommittee (DQ) Misuse of Hawaiʻi DXP Data Attachment A: Committee Membership Executive Committee Data Governance and Access Committee Research and Data Request Sub-Committee Security and Access Data Quality Attachment B: Authorized List of Personnel with Access to Identified Data Attachment C: List of Partner-Based Collaborative Projects Hawai i DXP Data Governance Policy 2

3 Hawai i Data exchange Partnership Data Governance Policy Purpose The Hawaiʻi Data exchange Partnership s (Hawaiʻi DXP) Executive Committee recognizes that the development of a statewide coordinated data governance policy and associated processes are critical to supporting the demand for high quality education and workforce data. The purpose of this statewide, cross-sector data governance is to enable the sharing of data to support research that will improve the educational and workforce outcomes for the citizens of Hawai i. The Data Governance and Access Committee ( DG&A formerly known as the Steering Committee) has been established by the Executive Committee and functions as the overall coordinating Committee to facilitate the development of data sharing and access policies. DG&A has also delineated the roles and responsibilities for three key areas of data governance: 1) Research and Data Request Sub-Committee; 2) Data Quality Sub-Committee; and 3) Security and Access Sub-Committee. The DG&A Committee will meet monthly or on an agreed upon schedule. A foundational premise of the Hawaiʻi DXP is that individual privacy interests and confidentiality rights apply to all shared data. To avoid the inappropriate use of data, the Partners agree to share data in a manner that safeguards the confidentiality of educational data as defined by the federal Family Educational Rights and Privacy Act ( FERPA ) and workforce data as provided by the Hawai i Revised Statutes ( HRS ) and/or the Hawai i Administrative Rules ( HAR ), Partner internal privacy policies and any other applicable laws and regulations. The Partners agree that the data will be used for workforce and educational research and that data will be reported in aggregate format or in de-identified format for unit-level datasets. Underlying Assumptions of the Three- and Five-Partner Memoranda of Understanding The assumptions listed below underlie the foundation of the data sharing for each Partner committed to the establishment and sustainability of the Hawaiʻi DXP: 1. Hawaiʻi DXP is a new, de-identified, merged database that is owned by the Partnership as a whole. Access, use and reporting of Hawaiʻi DXP data are subject to Hawaiʻi DXP policies, procedures and processes. 2. Data from the Hawaiʻi DXP is to be used for research, evaluation, and audit purposes to improve the educational and workforces outcomes that benefit the citizens of Hawaiʻi. 3. Hawaiʻi DXP is a Pipeline or cross-sector longitudinal data system. Requests for data and/or reports using Hawaiʻi DXP data will be for cross-sector data only. 4. Approved research requests will result in data output from Hawaiʻi DXP that will be in two basic formats: a. Aggregate reporting with appropriate masking of data for small cell sizes; or b. De-identified unit level data. Hawai i DXP Data Governance Policy 3

4 5. Each Partner has data to contribute to the Hawaiʻi DXP, and that sector-based data has its own unique complexities. 6. As stipulated by HRS 27-7C (aka Act 41), and the Three- and Five-Partner Memoranda of Understandings (MOU), the DG&A Committee and associated Sub-committees with Partner and/or Affiliate representation will be established. 7. Policies, processes, and procedures will be developed by the appropriate DG&A subcommittees which will provide guidance on the access to and use of Hawaiʻi DXP data. 8. Personally Identified Information (PII) can be used, but only for matching data from within and across sectors to the correct individual. a. Redaction of PII prior to any release of data is necessary in order to comply with the conditions and agreements set forth in the Three- and Five-Partner MOUs and is the basis for the data models underlying the Hawaiʻi DXP. 9. Use and distribution of de-identified data is determined by policy created by the DG&A [see Section: Roles & Responsibilities] 10. Hawaiʻi DXP conducts data-related activities under federal, state, and local policies and regulations particularly as it pertains to privacy and confidentiality. 11. The exchange, merging, and de-identification of sector-based data creates a new deidentified database that allows us to conduct the research, evaluation, and audit activities that Partners could not do as individual sectors. 12. Hawaiʻi P-20 Partnerships for Education (Hawaiʻi P-20) has been established as the Organizational Partner of the Hawaiʻi DXP. Senate Concurrent Resolution 146 (2009) requests that Hawaiʻi P-20 convene appropriate agencies, track student progress and develop the Hawaiʻi DXP. a. Consensus or a formal vote by Executive Committee membership may change the Organizational Partner. Definition Hawaiʻi DXP Partners 1. A Hawaiʻi state agency by statute, that is providing data considered to be essential to the pipeline/longitudinal nature of Hawaiʻi DXP, (i.e. cradle to grave ); and; 2. Has signed a Memorandum Of Understanding (MOU) to share data with Partner agencies, and; 3. Partners are vested in the quality of the input and/or output of data, OR; 4. An organizational or administrative unit of a Partner (i.e., Organizational Partner) that is responsible for the core functions of Hawaiʻi DXP including but not limited to: a. the administration of Hawaiʻi DXP; b. management of Hawaiʻi DXP data governance; c. development and maintenance of cross-sector reporting; d. resource and strategic planning for the short- and long-term sustainability of Hawaiʻi DXP; and Hawai i DXP Data Governance Policy 4

5 Obligations e. technical oversight of the Hawaiʻi DXP data warehouse. 1. Provide resources for the Hawaiʻi DXP for ongoing maintenance and support to effectively use the Hawaiʻi DXP data. a. Partners commit funds and personnel to support the long-term sustainability of Hawaiʻi DXP. 2. Provide data on (at a minimum) an annual basis, or as negotiated through MOU processes. 3. Abide by and enforce all Hawaiʻi DXP policies and processes. 4. Provide resources and subject matter expertise for the correct use/definition of data elements for data quality and reporting purposes. 5. Provide committee representation in all committees and sub-committees. 6. Securely transfer and protect data in use and at rest to prevent inappropriate disclosure of PII. 7. Provide the technical assistance to Hawaiʻi DXP to ensure the protection of identified and de-identified data. Benefits 1. Partners set the statewide Critical Policy Questions (CPQ) agenda. 2. Partners have final approval on research priorities and research/data requests. 3. Partners establish data governance policies, processes, and procedures, and determine penalties for the misuse or inadvertent disclosure of Hawaiʻi DXP data. 4. Partners have access to the de-identified Research Data Store (RDS) for preliminary analysis in preparation for a full data request/study. a. Once the preliminary analysis is completed, Partners must follow all research and/or unit level data request/approval processes established by the Research and Data Request Sub-Committee. b. Partners are prohibited from publishing, or publically releasing data or reports without approval by the Research and Data Request Sub-Committee. Access to Data 1. Partner access to identified data is prohibited under the terms of the Three- and Five Partner MOUs. 2. Hawaiʻi DXP s Organizational Partner, Hawaiʻi P-20 (aka Data Team ) have role-based access to identified data for Hawaiʻi DXP data management and for the validation and/or creation of reports and ad hoc datasets [see Sections: Underlying Assumptions Item 12; and Roles and Responsibilities]. 3. DG&A Committee approves Partner role-based access to the RDS. Hawai i DXP Data Governance Policy 5

6 Definition Hawaiʻi DXP Affiliates 1. Provides new data sources to existing sectors in Hawaiʻi DXP, e.g. Early Childhood, K12, Postsecondary, or Workforce. 2. Provides new unique individuals that are not in public sectors or provides new information/data on existing individuals in Hawaiʻi DXP sectors. 3. Data to be provided meets the mission and purpose of the Hawaiʻi DXP, i.e. allows the Partnership to better answer a CPQ. 4. Are invested in quality input and output of data. 5. Have been approved as Affiliates by the DG&A Committee. Obligations 1. Provide data on (at a minimum) an annual basis, or as negotiated through MOU processes. 2. Abide by and enforce all Hawaiʻi DXP policies and processes. 3. Provide resources and subject matter expertise for the correct use/definition of data elements for data quality and reporting purposes. 4. Provide representation in all Hawaiʻi DXP Sub-Committees as requested and appropriate. 5. Securely transfer and protect data in use and at rest to prevent inappropriate disclosure of PII. 6. Provide the technical assistance to Hawaiʻi DXP to ensure the protection of identified and de-identified data. 7. Will be responsible for any fees for services as negotiated via contract and/or MOU. a. Services may include processes such as data integration into the Hawaiʻi DXP, as well as the creating de-identified datasets and reports. Affiliate Access to Data 1. Affiliates will adhere to all established data governance policies, processes and procedures to comply with data quality and access to reports and/or de-identified unit level data. 2. All requests for reports and/or de-identified unit-level data will be submitted to the Research and Data Request Sub-Committee. 3. For an approved study or data request, Affiliates will have access to de-identified data that are linked to the population submitted by the Affiliate to the Hawaiʻi DXP. Hawai i DXP Data Governance Policy 6

7 Roles & Responsibilities Executive Committee (EC) (See Attachment A) Responsibilities 1. Meets, at a minimum, two times per calendar year or on an as needed basis. 2. Serves as the final decision-making body, particularly in cases of dispute that cannot be resolved by the Data Governance and Access Committee ( DG&A ). 3. Serve as resource allocators to sustain Hawaiʻi DXP core functions. 4. Approves all data governance policies developed by the DG&A. 5. Serves as a voting member to the Hawaiʻi DXP. a. Each Partner is responsible to have the lead Executive, or their designee present for each meeting and/or vote, or the vote for that Partner is forfeited. i. Partners may assign a designee for voting. b. A vote may be presented and recorded electronically. 6. The decision process requires, at a minimum, a quorum which is defined as a simple majority of the eligible Partners (e.g., at least two of three Partners) a. EC decisions are based on consensus; b. If a dissenting opinion is recorded, the EC will vote; c. A simple majority is required for a measure to pass, so long as there is a quorum present for all formal votes. d. One vote per Partner that have contributed data to Hawaiʻi DXP. 7. Voting membership: a. Hawaiʻi State Department of Education: Superintendent b. University of Hawaiʻi: President c. Department of Labor and Industrial Relations: Director d. Department of Health: Director (voting rights on hold until data are shared with Hawaiʻi DXP) e. Department of Human Services: Director (voting rights on hold until data are shared with Hawaiʻi DXP) 8. Other Partner Representation a. Partners may assign additional representatives to attend Executive Committee meetings. Data Governance & Access Committee (DG&A) The Data Governance & Access Committee is formerly known as the Steering Committee. Responsibilities 1. DG&A will meet at least monthly, or on an agreed upon schedule. Hawai i DXP Data Governance Policy 7

8 2. Develops and implements policy and is responsible for enforcement of all approved policies. a. DG&A forwards all developed policies to the Executive Committee for final approval. 3. Approves processes, related to policy as determined by Sub-Committees. 4. Provides oversight, management support, and conflict resolution to all Sub-Committees. 5. Defines user roles and levels of access to Hawaiʻi DXP data. 6. Approves role-based user access to Hawaiʻi DXP. 7. Guides the prioritization of Critical Policy Questions. 8. In cases where consensus cannot be reached, the issue will be referred for decision to the Executive Committee. Organizational Partner Responsibilities 1. Adheres to all established policies/processes for the Hawaiʻi DXP. 2. Management of the Hawaiʻi DXP resource and strategic planning for long-term sustainability. 3. Provision of the technical oversight of the Hawaiʻi DXP data warehouse which includes Management of data extraction, transformation, and load (ETL) processes into and out of the Hawaiʻi DXP. 4. Functions as the central point of contact for all Hawaiʻi DXP communications and management of resources which includes staffing for Hawaiʻi DXP for the administration, cross-sector reporting, training of end-users on data use, and provision of strategic planning for resource allocation. 5. Responsible for the development, implementation and maintenance of cross-sector transition reporting. 6. Cross-sector coordination of data governance policies and processes. 7. Cross-sector coordination of Hawaiʻi DXP Committee and Sub-Committee meetings. 8. Development and maintenance of Hawaiʻi DXP data element dictionaries and glossaries. 9. Development, implementation and maintenance of training for Hawaiʻi DXP data use appropriate to the level of stakeholder group knowledge and skills. 10. Liaison for the Hawaiʻi DXP Partners to negotiate, write, implement and maintain new MOU s for data sharing on behalf of the Hawaiʻi DXP Partners. 11. Provision of administrative reporting of Hawaiʻi DXP use, e.g. usage data/statistics. 12. Maintenance of data requests, approvals, data destruction dates and other administrative functions related to the transfer and use of Hawaiʻi DXP data. 13. Ensure Institutional Review Board approval is complete and up-to-date. Access to Data 1. Responsible for the reporting and technical infrastructure of the Hawaiʻi DXP, and will therefore have access to PII for the purposes of: Hawai i DXP Data Governance Policy 8

9 a. Validating the matching of data to the correct individual, b. Creating, validating and resolving ad hoc unit-level data requests and questions on datasets, i. This includes tracking data user questions on outlier data to resolve data conflicts or anomalies for the end user (e.g., resolving what appears to be an inappropriate age for a 3 rd grade state assessment test), 2. Will identify and maintain a list of staff (known as the Data Team ) that are directly responsible for the management of the technical infrastructure, data validation and all functions related to the development and maintenance of Hawaiʻi DXP cross-sector reporting and ad hoc unit-level data requests. a. Data Team members are required to sign the Hawaiʻi DXP confidentiality form, as well as undergoing and maintaining Partner confidentiality and privacy training in order to be versed in individual Partner, federal, state and internal policies. 3. Will adhere to Research and Data Request Sub-Committee policies and processes regarding data requests for reports and/or de-identified unit-level data that will be publically released. 4. Responsible for filling approved data sharing requests for collaborative Partner-based projects that require cross-sector data. a. Collaborative, cross-sector projects are defined as projects where at least two Partners have agreed to implement and execute a shared project such as GEAR UP Hawaiʻi (see Attachment C for a list of Partner-shared projects). Sub-Committee Roles and Responsibilities All Sub-Committees will meet at least monthly or on an agreed upon schedule. Sub-Committees will ensure that a quorum is present for all meetings in which a decision must be made. A quorum is defined as a simple majority of the eligible representatives. Decisions will be made by consensus among the representatives, and may be made in-person, or in electronic format. Research and Data Request Sub-Committee (RDR) Responsibilities 1. Develops and implements guidelines for the review and prioritization of cross-sector research and data requests. 2. Reviews all data requests and requests for reports. a. The RDR may send back the request for clarifications, or to address any issues raised by the RDR. b. If the data request is denied, the Requestor may appeal the decision to the DG&A Committee. 3. Review all modifications to approved research and data requests. 4. RDR prioritizes all approved research and data requests. Hawai i DXP Data Governance Policy 9

10 a. Works with the Organizational Partner s Data Team to create the prioritization schedule and provide input as necessary. 5. Reviews all completed reports/studies prior to public release. a. Ensures compliance to the researcher s original data request(s) and confidentiality obligations. Security and Access Sub-Committee (S&A) Responsibilities 1. Develops and implements audit and monitoring best practice processes for the security of Hawaiʻi DXP. 2. Develops and implements the policy and processes for investigations of misuse of Hawaiʻi DXP data. 3. Develops and implements Security Breach Guidelines for Hawaiʻi DXP. 4. Conducts all investigations on data misuse. 5. Develops recommendations for penalties based on the result of any investigation of misuse of data. 6. Provides recommendations to DG&A for corrective action for the protection of Hawaiʻi DXP data [see Section: Misuse of Hawaiʻi DXP Data]. Data Quality Subcommittee (DQ) Responsibilities 1. Identify and escalate data quality issue(s) to the correct sector(s) for resolution. 2. Develop policies and processes for the correction of quality issues. a. E.g., notification to data users of data caveat or recommended business rule to handle a data anomaly. 3. Maintain an issue log to define data quality anomalies. 4. Regularly edit, approve and monitor Hawaiʻi DXP Data Element Dictionary and all associated glossaries. 5. Provides timely resolution of data quality issues by Partner or Affiliate representative for their respective area. Misuse of Hawaiʻi DXP Data Misuse of data is defined as: 1. Data that have been stolen or lost (e.g., a lost or stolen portable device), 2. Data that have been inappropriately accessed, including the inappropriate transfer or disclosure of Hawaiʻi DXP data to individuals who have not been granted permission to access and/or the use of data in ways other than what was approved (i.e., re-purposing a dataset); or the violation of any condition of the Hawaiʻi DXP Confidentiality Form and data request form(s). Hawai i DXP Data Governance Policy 10

11 3. Reports of misuse with Hawaiʻi DXP data are forwarded to the S&A Sub-Committee for penalty recommendation(s) to the DG&A for enforcement or resolution. a. Any reported misuse of Hawaiʻi DXP data will result in an internal investigation. 4. If an individual(s) or any organization or entity is determined to have misused Hawaiʻi DXP data, a penalty may be enforced such as, a five-year ban from access to Hawaiʻi DXP data. a. Individuals, organizations or other entities may still be subject to federal, state or internal penalties as warranted. Hawai i DXP Data Governance Policy 11

12 Attachment A: Committee Membership Executive Committee Voting Membership: Hawaiʻi State Department of Education: Superintendent University of Hawaiʻi: President Department of Labor and Industrial Relations: Director Department of Health: Director (on hold until data is shared with Hawaii DXP) Department of Human Services: Director (on hold until data is share with Hawaii DXP) Attending Membership: Executive Office on Early Learning: Director Workforce Development Council: Executive Director Department of Labor and Industrial Relations Research and Statistics: Director Unemployment Insurance Division: Administrator Hawaiʻi State Department of Education Office of Information Technology Services: Assistant Superintendent Data Governance, Director University of Hawaiʻi Academic Affairs: Executive Vice-President/Provost Information Technology Services: Vice-President Community Colleges: Vice-President Hawaiʻi P-20 Partnerships for Education: Executive Director Office of Information Management and Technology: State Chief Information Officer Data Governance and Access Committee Hawaiʻi State Department of Education: Data Governance, Director Office of Strategic Reform, Assistant Superintendent University of Hawaiʻi: Data Governance, Director Institutional Research and Analysis Office: Director Hawaiʻi P-20 Partnerships for Education: Program Manager, Project Director Honolulu Community College, Chancellor Information Technology Security Officer Department of Labor and Industrial Relations: Hawai i DXP Data Governance Policy 12

13 Research and Statistics, Director Workforce Development Council: Employment Analyst, WorLDS Project Manager Unemployment Insurance Division: Administrator Department of Health: Director (on hold until data is shared with Hawaiʻi DXP) Department of Human Services: Director (on hold until data is shared with Hawaiʻi DXP) Research and Data Request Sub-Committee University of Hawaiʻi Academic Affairs: representative from Council of Chief Academic Officers Community College System Office Hawaii P-20 Partnerships for Education Institutional Research and Analysis Office Student Affairs: representative from Council of Chief Student Affairs Officer Hawaiʻi State Department of Education Data Governance Office Office of Strategic Reform System Evaluation and Research Section Department of Labor and Industrial Relations Research and Statistics Workforce Development Council Department of Health: (on hold until data are shared with Hawaiʻi DXP) Department of Human Services (on hold until data are shared with Hawaiʻi DXP) Security and Access University of Hawaiʻi Information Technology Security Officer Hawaiʻi P-20 Partnerships for Education: Program Manager Hawaiʻi State Department of Education Office of Information Technology Services: Assistant Superintendent Department of Labor and Industrial Relations Electronic Data Processing Systems Office, Chief Department of Health: (on hold until data is shared with Hawaiʻi DXP) Hawai i DXP Data Governance Policy 13

14 Data Quality Department of Human Services (on hold until data is shared with Hawaiʻi DXP) Office of Information Management and Technology University of Hawaiʻi Hawaiʻ i P-20 Partnerships for Education: Analyst Institutional Research and Analysis Office: Analyst Hawaiʻi State Department of Education Data Governance Office: Institutional Analyst III (Data Quality) Department of Labor and Industrial Relations Research and Statistics: Research Statistician V Department of Health Women, Infants and Children: Early Intervention Services: Department of Human Services Hawai i DXP Data Governance Policy 14

15 Attachment B: Authorized List of Personnel with Access to Identified Data In accordance to Hawaiʻi Data exchange Partnership s data governance policy, the Organizational Partner will maintain a list of personnel who have been authorized to have direct access to identified unit-level data for the sole purpose of performing their duties in connection with the uses authorized by the Data Governance Policy. The Authorized List of Personnel will be updated on an annual basis (at a minimum) and will be reported to the Data Governance and Access Committee. Hawai i DXP Data Governance Policy 15

16 Attachment C: List of Partner-Based Collaborative Projects Update: December 2, 2013 College and Career Readiness Indicators Report Report Administrator: Hawaiʻi P-20 Partnerships for Education Partners: University of Hawaiʻi; Hawaiʻi State Department of Education Gaining Early Awareness and Readiness for Undergraduate Projects (GEAR UP) Hawaiʻi Program Administrator: Hawaiʻi P-20 Partnerships for Education Partners: University of Hawaiʻi; Hawaii State Department of Education Hawaiʻi Public High School Graduates Enrolled in English and Mathematics Classes at the University of Hawaiʻi Report Administrator: Hawaiʻi P-20 Partnerships for Education Partners: University of Hawaiʻi; Hawaiʻi State Department of Education High School Background of First-Time Students (beginning Academic Year ) Report Administrator: Hawaiʻi P-20 Partnerships for Education Partners: University of Hawaiʻi; Hawaiʻi State Department of Education State Fiscal Stabilization Fund Program: Federal Register Requirements Jan 31, 2012: College Enrollment and College Credit Earned Report Administrator: Hawaiʻi P-20 Partnerships for Education Partners: University of Hawaiʻi; Hawaiʻi State Department of Education Teacher Education Coordinating Committee: Annual Report Hawaiʻi Educator Preparation Programs (Beginning Fall 2014) Report Administrator: Hawaiʻi P-20 Partnerships for Education Partners: Hawaiʻi State Department of Education Hawai i DXP Data Governance Policy 16