Skip to main content
Close
A-Z
Quick Links

Data Governance

This policy was posted for public comment from March 26 – April 10, 2026

  • Comments have been condensed and reformatted.

Responses

Does the scope of this policy include oversight or coordination related to Title II digital accessibility compliance for institutional data and reporting systems, and if so, where is that responsibility defined?

Thank you for the comment. No revisions were made to the policy. Data Governance agrees that data accessibility is important and should be supported by the institution. However, this concern is outside the scope of the Data Governance Policy.

1. Policy

Consider revising this section to function more clearly as a policy statement. The opening sentences read more like general background on the importance of data than a statement of policy. Perhaps begin closer to “Data governance is a shared responsibility…” and remove repetitive or non-operative language. Also, there was a suggestion to revise the policy statement to ensure consistency in voice.

Thank you for the comment. The policy statement has been revised to incorporate these suggestions.

3. Definitions

3.E: Consider clarifying the composition of the Data Governance Council if membership is intended to be role-based and consistent over time. If specific offices or functions are expected to serve on the council as a standing matter, that should be stated more clearly.

Thank you for the comment. College policies are typically updated once every 5 years in compliance with the Policy Development Policy. It is important to maintain flexibility for the composition of the Data Governance Council to adapt to changing institutional needs. As such, it is not appropriate to list the Data Governance Council membership in the policy, as it may change within the next 5 years.

3.G.: Consider clarifying the relationship between data custodians and records custodians. The current materials do not make clear whether those are distinct roles, overlapping roles, or functionally the same in some contexts. Additionally, some of the role-assignment materials on the linked SharePoint are out of date.

Thank you for the comments. In the Records Management Policy, Records Custodian is defined (3.K). They are the individuals within the division’s departments responsible for implementing the records management program for their areas. The VP or their designee is best suited to determine this for their divisions and/or departments. Data Custodians are defined on the Data Governance SharePoint site. They are typically IT staff, database administrators, or operational personnel who manage the technical environment of databases and information systems. These are distinct roles. With turnover at the college, the role-assignment materials on the SharePoint site may sometimes be slightly out of date. We will notify the relevant parties of this noted discrepancy.

4. Procedures

4.A.1: Revise the language addressing the collection, sale, and sharing of personal data for clarity. The current phrasing creates confusion, particularly the use of “sell” and the statement that the College will not share personal data unless permitted by law, which could be read as implying that the College will share data whenever legally allowed. Also, consider breaking this provision into separate subparts so that collection, sale, and sharing are treated distinctly and more clearly.

Thank you for the comment. This subsection has been revised to state, “The college:

  1. will not sell personal data unless expressly required by law; and
  2. will only share personal data if permitted by law and college policy.”
4.B.1: The SharePoint linked throughout the policy is not accessible to some employees (e.g., faculty). If all employees and third parties must adhere to the data governance procedures and processes posted to the Data Governance Site, those materials should be accessible to all parties.

Thank you for identifying this issue with faculty access. Access to the SharePoint site has now been granted to faculty. As the college moves towards the creation of an intranet, all employees will have access to the site. We will be able to share the site with external third parties via email on an as needed basis. These third parties must first enter into an agreement with the college before they are allowed access.

4.C.2: The language in this subsection about training should be more concrete. The draft states that the council will coordinate training to ensure employees understand their roles and responsibilities. Employees may not know what roles they have, what training applies to them, or how role-specific training works in practice.

Thank you for the comment. No revisions were made to the policy. Section 4.C. clarifies DGC’s responsibility to coordinate training to ensure all employees understand their roles and responsibilities under this policy. Part of that training will be educating employees about their roles and role-specific duties based on the changing needs of the institution.

4.C.3: Consider clarifying whether the Data Governance Council is responsible for monitoring compliance itself or only creating mechanisms by which compliance will be monitored.

Thank you for the comment. No revisions were made to the policy.

4.D.1.b: Consider revising the phrasing “may involve” the Data Governance Council or OIT. As written, this suggests their involvement is optional, when in practice those offices are ordinarily involved. The language should more clearly reflect the expected level of involvement without implying that the council is making legal compliance determinations.

Thank you for the comment. No revisions were made to the policy. The review process is outlined in the Contract Review and Signatory Authority Policy. As part of that policy, DGC or OIT will be included in the process when appropriate. DGC is working with Legal to create boilerplate language for 3rd party contracts that would assist employees at the college when entering into these contracts and would not necessitate the involvement of DGC and OIT in every single contract review.

Technical Suggestions

The definition for “Data Domains” is out of alphabetical order.

Revision accepted.

Comments

Does the scope of this policy include oversight or coordination related to Title II digital accessibility compliance for institutional data and reporting systems, and if so, where is that responsibility defined?
  1. Section 1:
    1. Consider revising the policy statement so it functions more clearly as a policy statement. The opening sentences read more like general background on the importance of data than a statement of policy, and they do not meaningfully summarize what follows. Consider beginning closer to “Data governance is a shared responsibility…” and removing repetitive or non-operative language.

      Additionally, the separate statements that the policy applies to “all employees” and “all institutional data” appear repetitive in light of language already contained in the paragraph.

    2. Revise the policy statement for consistency of voice. The draft shifts into first-person phrasing such as “us,” but SLCC policies are written from the institution’s perspective. The language should conform so it consistently refers to “the college” rather than shifting perspectives.
  2. Section 2: no comments.
  3. Section 3:
    1. The definition for “Data Domains” is out of alphabetical order.
    2. 3.E: Consider clarifying the composition of the Data Governance Council if membership is intended to be role-based and consistent over time. If particular offices or functions are expected to serve on the council as a standing matter, that should be stated more clearly.
    3. 3.G.: Consider clarifying the relationship between data custodians and records custodians. The current materials do not make clear whether those are distinct roles, overlapping roles, or functionally the same in some contexts. The policy or related role documentation should make that distinction clearer so employees can understand what role they hold and what responsibilities go with it.

      Additionally, some of the role-assignment materials on the linked SharePoint are out of date. Some individuals listed in the related materials are no longer at the College or are no longer serving in the listed roles.

  4. Section 4:
    1. A.1: Revise the language addressing collection, sale, and sharing of personal data for clarity. The current phrasing creates confusion, particularly the use of “sell” and the statement that the College will not share personal data unless permitted by law, which can read as though the College will share data whenever legally allowed. Also, considering breaking this provision into separate subparts so collection, sale, and sharing are treated distinctly and more clearly.
    2. B.1: The SharePoint linked throughout the policy is not accessible to some employees (e.g. faculty). If all employees must adhere to the data governance procedures and processes posted to the Data Governance Site, those materials should be accessible to all employees. The current draft creates a mismatch between the scope of the obligation and access to the linked materials.

      Another option would be to more clearly define those roles (e.g., stewards, trustees, custodians, etc.) in the policy itself.

    3. C.2: The training language should be more concrete. The draft says the council will coordinate training so employees understand their roles and responsibilities, but employees may not know what roles they have, what training applies to them, or how role-specific training works in practice. This section would benefit from clearer language connecting designated roles to training expectations.
    4. C.3: Consider clarifying whether the Data Governance Council is responsible for monitoring compliance itself or only creating mechanisms by which compliance will be monitored. The current wording leaves responsibility for compliance monitoring unclear.
    5. D.1.b: Consider revising the phrasing “may involve” the Data Governance Council or OIT. As written, this suggests their involvement is optional, when in practice those offices are ordinarily involved. The language should more clearly reflect expected involvement without implying that the council is making legal compliance determinations.
    6. D.2: If third parties must follow procedures posted on the Data Governance Site, consider whether those procedures are actually accessible to third parties. The draft directs third parties to materials that even some employees are unable to access.

Other Comments:

  • Any linked documents the policy relies on should be accessible to the audience expected to use them. Several links sit behind restricted SharePoint permissions. If the policy expects employees or third parties to rely on those materials, they should be broadly accessible, or the necessary substance should be incorporated directly into the policy or into an accessible companion document.