Addressing event attendees last Thursday, John Watson, director of SDCOE’s Data and Impact Center of Excellence (DICE), said the first step is to define what the institution wants to accomplish with data. It might be to protect sensitive information, improve data quality or comply with laws like the Family Educational Rights and Privacy Act. Regardless of the specific goals, he said, making them happen will almost certainly involve collaboration. Involving institutional leadership early on can help ed-tech professionals connect with others who might not understand why data is important.
“We manage an awful lot of data, but when you ask the question, ‘Where is the data? Where is it being stored? How much data do you have?’ ... It's really rare to have all those components covered in one place, or a common understanding around that, or even a single person who knows all of those pieces,” Watson said.
Kirby Fell, who works with Watson at DICE, said a data governance structure should have a leadership level that sets and monitors policy, and an implementation level to carry out those policies and serve as operation experts. Common components of these structures include steering committees, data owners and data stewards, he said.
Fell added that a steering committee should bring together stakeholders who will be impacted by data governance. For example, he recommended that it include members of the institution’s cabinet, someone familiar with business and government policies, an IT director or someone familiar with data policies and security protocols, and someone who works with curriculum.
“It's really great to make sure that you include end users in the policy portion,” Fell said.
Once a working group is established, he said, schools need to take inventory of their data systems and note where data is stored, how it’s transmitted and who manages it.
Max Eissler, IT director at Berkeley Unified School District, shared at the panel discussion last week that a recent audit of his district found major areas in need of improvement.
“Every time a system was converted, they did not convert the data from the old system to the new system. So, for instance, if you graduated from a high school between like 1991 and 2004, the only place to get your records was a Windows XP machine under the desk of the registrar at the high school. That was the only place you could get that data,” he said. “We had thousands of boxes of paper records piled up in the auditorium of the high school theater. No real organization.”
After identifying weaknesses in a district's data governance system, the steering committee can create policies and procedures to address them. While some institutions may already have informal data practices, such as not sending personally identifiable information through email attachments, the new policies should be formal to ensure wider compliance, Watson said.
“When it comes to any organization, it's only as strong as its weakest link,” he said. “In this case, the weakest link may be a lack of awareness around what a data asset is, what is personally identifiable information, or who should transfer what.”
Watson said these policies might provide classifications for different kinds of data based on sensitivity. For example, public employees’ salary data is public information, whereas demographic information linked to a student is personally identifiable information. Other classifications might be internal or confidential.
On the procedural side, school districts might assign responsibility for ownership and stewardship of data to staff who manage access and monitor quality. Another issue that can go overlooked is data destruction, Watson said, so data governance should include how long data is stored and how it can be securely deleted.
Once a district has procedures and policies in place, building awareness around them is key. Fell and Watson recommend including data governance training in the onboarding process and holding regular training sessions to accommodate the fast-changing ed-tech world.
“If HR does some sort of onboarding event, [make] sure that you're there and you're a part of that onboarding event, and that you have the opportunity to provide training around data governance even for staff that are not going to be working with the data on a daily basis,” he said. “It really is everyone's responsibility.”
Similarly, those involved in formalizing data governance should continue meeting regularly to monitor progress and implement new tools if needed.
“Data culture is a journey,” Greg Pitzer, IT director at Hayward Unified School District, said at the panel discussion. “It’s not something you implement overnight.”
