Data Governance
SLCC governs institutional data as a protected institutional asset. The Data Governance Framework establishes policies and standards to ensure the quality, security, accessibility, and compliance of SLCC data. This framework is reviewed and updated as needed by the Data Governance Council (DGC) and reflects compliance with all applicable laws, such as FERPA, the Higher Education Act, Utah Code Title 53B, Chapter 28, and the state data privacy requirements.
The framework applies to data created, collected, or maintained by the college for academic, operational, or regulatory purposes. It includes provisions for data classification, access management, data sharing, breach response, and compliance enforcement. Institutional data is categorized as Restricted, Sensitive (College Internal), or Public, and safeguarded accordingly based on classification and risk.
In cases of ambiguity about whether a dataset falls under the scope of this framework, the Data Governance Council will decide, guided by the principle of including data that directly identifies individuals or impacts institutional operations.
Roles and Responsibilities
SLCC's data governance model defines clear roles across the college:
| Role | Responsibilities |
|---|---|
| Data Governance | Council Oversees the governance framework, resolves disputes, ensures compliance, and reviews progress |
| Data Trustees | Senior leaders responsible for entire areas of student data (e.g., Financial Aid, Academic Records) |
| Data Stewards | Experts who manage data quality, access requests, business rules, and documentation in their areas |
| Data Custodians | Technical or operational staff who maintain the systems and protect the data |
| Data Specialists | Staff and Faculty who enter, update, or use student data and follow established procedures and privacy practices |
This structure ensures shared ownership, accountability, and communication across SLCC
How We Manage Institutional Data
Access and Quality Control
All access to institutional data must be approved by the appropriate Data Steward and follow the principle of least privilege. Annual reviews confirm ongoing need-to-know, and elevated access requires training and confidentiality agreements.
We rely on standard procedures and internal validations to ensure data is reliable.
Reporting and Use
Reporting requests are prioritized by urgency and type (regulatory, strategic, operational, and ad hoc). Stewards ensure report accuracy, security, and consistency in definitions. Recurring reports and dashboards are tracked in a report catalog with assigned owners. Self-service tools rely on curated, vetted fields, and sensitive reporting are subject to Steward and DGC review.
Privacy, Security and Oversight
If a data breach is suspected or confirmed, SLCC activates its breach response procedures. Security protocols include access logging, multi-factor authentication, encryption, and regular vulnerability scans.
Violations are taken seriously and are addressed in accordance with the Data Governance Policy.
Learn More
To read more or view related policies: