Data Governance Board
IDA+A (Institutional Data Analytics and Assessment) partnered with units across campus to form a governing body (the “Board”) to analyze, deliberate, and make recommendations about appropriate uses of data. The Board convenes to consider recommendations by Purdue analytics staff or Purdue faculty on the use of analytics products that will impact Purdue persons. On a case-by-case basis, the Board is charged with ultimately approving, rejecting, or calling for further study of or changes to the recommended uses of analytics products brought before them. They also ensure data custodians and other subject matter experts knowledgeable in the domain of a case, as well as the leadership of any impacted university units are fully included in the decision-making process.
The Board maintains a balanced number of faculty and administration, plus one graduate and one undergraduate student representative. Faculty appointments should ensure social, cultural, technical, and management aspects of privacy and data protection. Administrative appointments should have direct involvement with institutional management of privacy matters.
More information about the Board, guiding principles, and additional responsibilities is below. A PDF version is also available.
For questions, please contact idata@purdue.edu.
The scope of data the Board governs includes all “Purdue Institutional Data,” which is defined as:
- Data Purdue possesses that is personally identifiable or easily linked to any Purdue staff, faculty or student and
- Data Purdue possesses on any person that was generated during the scope of the person’s business with the University, including any data that were sent to someone at the University
The definition of Purdue Institutional Data specifically excludes:
- Research data under the purview of IRB regulations
- Protected Health Information (PHI) governed by HIPAA, or individually identifiable health information in campus student healthcare facilities
“Subject” is defined as any individual about which Purdue possesses Purdue Institutional Data.
At Purdue, the following guiding principles will inform the governance of all decisions with respect to Purdue Institutional Data. Application of these guiding principles must consider both the institutional responsibilities of the university as well as the benefits and impacts to each Subject.
Principle | Purdue Responsibilities | Subject Benefits & Outcomes |
Respect |
Strive to balance the good of the Subject, the institution’s needs, and improving higher education generally Ensure algorithms do not completely replace a meaningful level of human interaction in determining subject outcomes Observe “minimum necessary” principles - strive to use anonymized, de-identified or aggregate data first, unless there is a legitimate need to use personally identifiable information |
Purdue persons contribute their data to research and then interventions that ultimately benefit themselves and/or other Purdue persons. Purdue will observe a “minimum necessary” standard to limit the use or disclosure of personally identifying information of Subjects. |
Transparency |
Disclose to Subjects that the University views analytics as a legitimate business and educational interest and that certain data will be made available to appropriate parties for research and pedagogical/institutional improvements Inform Subjects of the types of information that is collected about them; how it is used; and with whom it is/may be shared |
Subjects have a right to know what data the university possesses about them and how it will use the data. |
Accountability |
Create and enforce policies and processes for appropriate data-sharing that ensure security, privacy, quality and proper stewardship of data. Have a defined process to question data accuracy |
Subjects have the ability to review and amend their data consistent with all federal and state laws. |
Empowerment |
Only use personally identifiable information to provide services that either directly inform or benefit the specific individual whose data are used or that answer specific questions that will have a concrete and measurable impact on operations or learning at Purdue or in higher education. |
A subject has the right to revoke consent and opt out of further uses of their data, consistent with other laws and institutional reporting requirements. |
Continuous Consideration |
Always seek to revisit and reexamine models, policies, and decisions in order to ensure ongoing analytics work is providing value and appropriately balancing the value of research and outcomes with privacy and ethical considerations. |
Updates and revisions to the applications of analytics products will be made available for review to any Subject involved. |
IDA+A will partner with units across campus to form a governing body (the “Board”) to analyze, deliberate, and make recommendations about appropriate uses of data. The Board will convene to consider recommendations by Purdue analytics staff or Purdue faculty on the use of analytics products that will impact Purdue persons. On a case-by-case basis, the Board is charged with ultimately approving, rejecting, or calling for further study of or changes to the recommended uses of analytics products brought before them. They should also ensure data custodians and other subject matter experts knowledgeable in the domain of a case, as well as the leadership of any impacted university units are fully included in the decision-making process.
The Board maintains a balanced number of faculty and administration, plus one graduate and one undergraduate student representative. Faculty appointments should ensure social, cultural, technical, and management aspects of privacy and data protection. Administrative appointments should have direct involvement with institutional management of privacy matters.
- 3 Faculty members with staggered three-year terms (1 representative from the Education Policy Committee, and 2 from the campus at-large)
- Senior Vice Provost for Teaching and Learning
- Designee from Information Technology
- Designee from Legal Counsel
- One undergraduate student designated by the Undergraduate Students Association Council (one year term)
- One graduate student designated by the Graduate Students Association (one year term)
The Board will make available online all documentation brought to it regarding any approved uses of analytics products, for review by any Purdue person, past or present, who may have had their data used in said product.
In addition, this Board & website should serve as a liaison between the Purdue community and the owners of any approved analytics product deployed at Purdue for the following purposes:
- Enable any Purdue person wishing to opt out of the use of an analytics product to impact them to do so
- Allow any Purdue person whom the analytics product impacts to review their data as the product sees it
- Communicate inaccuracies to the analytics team responsible for the product, facilitating a response with an explanation or correction within 60 days
In addition, the committee will hold a yearly meeting to review all approved analytics products which have not been reviewed for over two years. During this process, the committee may discontinue, adjust, or call for the retraining of the analytics product or its associated intervention methods.