Data Management Groups manage the access and use of data here at CU.

A Data Management Group (DMG) for each business domain is typically composed of data stewards and data custodians and/or their designees. These individuals shall be appointed by and accountable to the data trustees for the related business domain.  The DMGs are part of the data governance program established by the Data Governance policy, APS 6010, to ensure that data is managed as a material asset, data provides value, meets compliance requirements, and risks are managed appropriately. Projects involving single-campus data should contact the appropriate data trustee to request approval for the use of that data on their campus.

DMG Process

Decisions about new uses of multicampus data are made by the corresponding Data Management Groups (DMG). There are three main multicampus DMGs: student, employee and finance.  The data management groups are composed of the data stewards (the delegates of the data trustees) from each campus and representatives from IT groups to assist with questions.  Decisions are made by the data stewards or data trustees.  Each of these groups typically meets on a monthly basis to discuss multicampus data issues. In the event of a more urgent need for discussion, the groups may choose to discuss via email or call an out of cycle meeting.  Because each DMG group only meets monthly, please plan ahead in your projects and come well prepared to avoid a need for a second meeting. If you have any questions about preparing for a DMG meeting, contact data.governance@cu.edu.

If a project involves a new use of multicampus data or a system or process change that will impact multiple campuses, then requestors should complete a data governance request form and submit the competed form to data.governance@cu.edu.  It will be reviewed by the Office of Information Security, who may reach out for more details or clarification.  After review, OIS will forward the request to the appropriate data management group for discussion in their next meeting.  The organizer of the DMG meeting will contact the requestor to invite them to the DMG meeting where they can answer any questions from the data stewards or data trustees. 

So You Need To Submit A DMG Request, What Now?

  1. Complete the request form.
  2. Email the form to data.governance@cu.edu.
  3. Provide any additional needed details or clarification.
  4. OIS will send the request to the DMG meeting organizer.
  5. The DMG meeting organizer will contact the requestor with meeting details.
  6. The requestor and other relevant individuals will attend the DMG meeting for discussion.
  7. The DMG will provide a decision or may request additional information/tasks.

DMG Responsibilities

  • Developing and managing processes to ensure confidentiality, integrity, availability and usefulness of data (see next section)
  • Managing risk to data including escalating identified significant risk to data owners and advising data trustees on risk acceptance decisions
  • Defining access, quality and usage guidelines for data
  • Reviewing and managing requests for access to data
  • Educating and sharing best practices with respective campus and system stakeholders
  • Managing data quality processes
  • Constructing business access that dictates security procedures and rules for third-party usage of system data

DMG Evaluation Considerations

  • Authority and purpose for data collection including:
    • determine the legal bases that authorize a particular personally identifiable information (PII) collection or activity that impacts privacy
    • provide adequate notification of the purpose(s) for which PII is collected
  • Accountability, audit, and risk management of data to ensure effective controls for governance, monitoring, and mitigation to demonstrate that units are complying with applicable privacy protection requirements and minimizing overall privacy risk.
  • Data quality and integrity processes to ensure that highly critical data is accurate, relevant, timely, and complete for the purpose for which it is to be used, as specified in public notices and in support of the university strategic objectives.
  • Data minimization and retention processes so that the university collects, uses, and retains only personally identifiable information (PII) that is relevant and necessary for the purpose for which it was originally collected.
  • Individual participation and redress processes so that individuals are active participants in the decision-making process regarding the collection and use of their personally identifiable information thus enhancing public confidence.
  • Transparency by providing public notice of information practices and the privacy impact of programs and activities.
  • Guidelines and processes to ensure that use of personally identifiable information (PII) is limited either as specified in their public notices, in a manner compatible with those specified purposes, or as otherwise permitted by law.

Membership of Current DMGs


Student Data Management Group

CU Boulder

Sally Page

Gwen Pomper

Robert Stubbs

Kristi Wold-McCormick - Data Steward

UCCS

Tracy Barber - Data Steward

Janet Kemper

Kirk Moore

CU Denver and AMC

Carrie John - Data Steward, Chair

Vaughn Larsen

Heather Peterson

Nahshon Walker

CU System Office

Phillip Curry

Molly Doyle

Matt Lemme

Rana Silver

Al Wirtes

Information Security

Sarah Braun

Brad Judy

 

Employment Information

CU Boulder

Lisa Landis - Data Steward

UCCS

Susan Watson- Data Steward

CU Denver and AMC

Florie Montoya - Data Steward

CU System Office

Ryan Allred

Molly Doyle

Carolyn Proctor - Data Steward

Information Security

Sarah Braun

Brad Judy

Financial Resources Data

CU Boulder

Laura Ragin - Data Steward

Robert Stubbs

UCCS

Carolyn Rupp - Data Steward

CU Denver and AMC

Amy Gannon - Data Steward

Ryan Yu

CU System Office

Molly Doyle

Sandy Hicks

Bob Kuehler - Data Steward, Chair

Carl Sorenson

Information Security

Sarah Braun

Brad Judy