Preamble
This Charter establishes the University of Pittsburgh Institutional Data Review Committee (IDRC). It is authorized by the Vice Chancellor and Chief Information Officer (VC/CIO) upon the recommendation of the Information Technology Advisory Committee, and will serve at the VC/CIO’s discretion. This Charter outlines the purpose, relevant background, scope, responsibilities, composition, and operations of the Committee.
Background and Purpose
Institutional Data is a critical University asset and consists of all data (excluding research data) generated as work product created, stored, sent, or received by any and all members of the University community. Institutional Data is generated throughout the University and is collected, stored, managed, and analyzed on a wide range of University enterprise and departmental computer systems and is controlled by a large number of data stewards, whose positions place them in the position of deciding for what purposes, when, and by whom the Institutional Data for which they are responsible may be used. Without central guidance, data stewards must develop their own standards for making important decisions about Institutional Data. Use of this data is hampered when standards conflict or are too restrictive.
To address these problems, the Data Governance Subcommittee (DGS) of the Information Technology Advisory Committee (ITAC) made two important recommendations, which were endorsed by the ITAC on May 12, 2022. The first recommendation is to adopt a set of Data Principles and Values (Appendix) to guide the University community in making decisions about Institutional Data. The second is to establish a data governance team, now called the IDRC.
Responsibilities
The specific responsibilities of the IDRC are to:
- Create and maintain standards and procedures to be followed by all members of the University community for collection, storage, use, and management of Institutional Data.
- Work with Pitt Information Technology to design and implement a mechanism by which members of the University community and data stewards can apply online for data use permissions in situations where use cases fall outside the guidelines already established by the Committee.
- Review, in consultation with relevant University data stewards, requests for access to Institutional Data not already covered by the University’s Federated Authorization process.
- Review requests involving Institutional Data that fall outside established data access request process and/or outside the Data Values and Principles. The Committee will consult with relevant offices such as the Office of University Counsel where needed to ensure that the requested use also conforms to applicable policies, laws, and regulations and will communicate its decisions to requesters in writing.
- Establish an appeals process to reconsider previous decisions in light of new information submitted by the requester in support of any application which the Committee has rejected.
- Engage the ITAC and its Data Governance Subcommittee for advice on adjustments to the Data Values and Principles identified as desirable through the Committee’s efforts.
- Communicate the Data Values and Principles, standards, and procedures to the University community via public website.
Composition:
Membership will initially include data stewards from major operating areas of the University, members of the University Offices of Compliance and Investigations, Internal Audit, University Counsel, and other administrative offices as appointed by the CIO. Members will serve two-year renewable terms.
Operations
The Committee will meet as often as needed to carry out its responsibilities, but at least once per calendar quarter.
Amendment and Termination
Any amendments to this Charter must receive the endorsement of the ITAC and the approval of the CIO or designee.
This Committee will be re-evaluated within one year after the date of this Charter’s approval unless otherwise directed by the CIO.
This Charter was endorsed by the ITAC and approved by the VC/CIO on June 11, 2023.