Privacy and Data Governance FAQ

Data governance advances institutional goals for excellence and builds a strong culture of data access, quality, literacy, informed decision-making and data protection. It ensures the formal management of data within the university through the use of clear practices and processes to support data-informed decision-making and the protection of ASU data throughout its lifecycle. The guiding principles of data governance at ASU are shared responsibility, appropriate access, adaptive and continuous improvement and transparency. You can find more information about ASU data governance model here.

We are always looking forward to receiving new ideas and feedback. The best way to contact us is by sending an email to [email protected].

Data Users are all users granted access to ASU’s information resources and data. Individual Data Users play a critical role in protecting the confidentiality and privacy of university information resources and data while helping to ensure the appropriateness, accuracy, and timeliness of data

Data Trustees are the highest-ranking divisional leaders with responsibility for ensuring that data is properly managed and appropriate compliance is practiced related to data-related functions for their units.

Data Stewards view data as an institutional resource, maintain broad institutional knowledge of data, and deeply understand data sets in their responsibility area, as well as how that data may be used across the university. Data Stewards have the primary responsibility for the accuracy, privacy, classification and security of the institutional data under their responsibility.

Data Custodians share, present, store, combine, distribute, or otherwise manage disaggregated data. Employees who collect original records of information are also data custodians. Data custodians are expected to protect and control the release of the data according to the guidance of the appropriate Data Steward and all applicable laws, rules, regulations, and policies.

More information about the different roles can be found at (insert link).

Before sharing, presenting, or distributing any university data it is important to know what type of information the data consists of. ASU uses four classification levels for data: public, internal, sensitive and highly sensitive (see ASU’s Data Handling Standard for further information). You can use ASU’s Data Classification Tool to assist with determining the classification of the data and for data handling tips.

In many cases, the respective Data Steward should be consulted when there are questions concerning sharing, presenting, or distributing university data. General questions can also be sent to [email protected].

Data experiences at ASU vary depending on your role. Those in roles who focus almost entirely on analyzing, preparing, and managing data can request access to core databases. Access to the schemas in these databases are managed by data stewards who ensure the data is protected and access is appropriately granted.

Data citizens include all other data users who mostly use reports, dashboards and other curated data assets prepared by others in order to make business decisions. Most of these assets are made available to data citizens through the ASU Analytics Portal. The Analytics Portal is a repository of dashboards and reports that have been published by data professionals across ASU. Visit the ASU Analytics Portal today to learn more.

Data leaders across ASU also serve as key contacts for accessing and appropriately using data. Visit our [Key Data Contacts] for more information.

The primary mechanism for managing access to data assets at ASU is through Analytics Groups in the ASU Analytics Portal. An Analytics Group is a collection of reporting and data assets, owned and managed by Power Users and Group Owners who serve as the steward and custodians of the data presented in the Analytics Group.

If you do not already have access to a report, there will be a 'Request Access' button on reports and group pages. A popup will occur guiding you through the steps to fill out a Reporting Data Access Request form within ServiceNow. Once you submit a ServiceNow form, your request will go through a series of approvals from the Data Trustees. After all approvals have been completed, you will be granted permission.

To learn more about Analytics Groups access, visit the Analytics Portal Support Page.

Additionally, data leaders across ASU and our Data Stewards serve in key roles to determine how access is distributed and controlled. Visit our [Key Data Contacts] for more information.

The timing of data access requests varies depending on the area you are requesting access to. Generally, most access requests are processed within 2 weeks. However, some data custodians and stewards may take longer to process your request depending on their capacity.

As a data user, sharing any data should respect the access controls, stewards and custodians who manage the asset you are using. If another ASU employee needs access to an asset you are using, they can utilize the Analytics Group access process to gain access.

If the asset is managed outside of the Analytics Portal, sharing should always be determined by the owner of the asset. Owners of data assets have taken on the responsibility of serving as a data custodian.

Data custodians are expected to protect and control the release of the data according to the guidance of the appropriate Data Steward and all applicable laws, rules, regulations, and policies.

Data leaders and data stewards at ASU are a resource to those looking to share data internally and externally. These individuals are experts in the specific considerations for sharing data in their domain. Additionally, these individuals can help data users navigate the laws, rules, regulations, and policies governing data. See our [Key Data Contacts] page for more information.

For more assistance in understanding how to safely and ethically share data, use our [Data Governance Slack Channel].

There are a variety of sector-specific (e.g. FERPA, HIPAA, and GLBA) and foreign laws (e.g. GDPR and PIPL) that apply to various types of data at ASU.

You can learn more about these specific regulations by reviewing ASU’s Privacy Regulatory Alignment Matrix

Privacy Regulatory Alignment Matrix
How can I make sure my product, project, or service is compliant with privacy laws?

Awareness is the first step to complying with the variety of privacy regulations that apply to ASU.

If you need assistance with conducting a Privacy by Design session to review your product, service, or project against privacy laws and best practices, contact Ben Archer at [email protected]

Privacy and Data Governance FAQ

What does ASU need data governance?

How do I forward along a great idea for data governance?

How do I know my role in data governance?

Who should I ask when I have a questions about how data can be shared, presented, or distributed?

How do I find data at ASU?

How do I get access to data at ASU?

How long will it take for my data access request to be approved?

How can the data I have access to be shared?

Which privacy laws apply to ASU?