An important step for any institution to consider is to conduct an inventory of what data is collected across campus, how it is collected, and where it is housed. This also includes an explicit accounting of which offices or departments have agreements or contracts with third parties that involve data. As research and grey data become an increasingly integral part of how institutions operate, there is a great risk of losing control of this data if not tracked and managed across the often distributed operating architecture of higher education institutions. Many institutions have not yet conducted such an inventory, and the task may seem onerous at first. However, an accurate inventory is a prerequisite for next steps.
While individual institutions may have varying approaches for conducting such inventories, the process has several commonalities. It generally begins by designating a person or team to be responsible for the following activities:
- Conducting and maintaining an inventory with standard information on what data is collected, by whom, in what formats, and for what purposes.
- Evaluating the quality of the data, including how it is generated, how often it is updated, any issues that arise with its generation and aggregation, and its consistency across departments/offices/schools/campuses.
- Developing plans to standardize data collected across the institution when needed.
- Coordinating with the procurement and legal departments to analyze contracts or agreements with third parties (regardless of whether they are commercial vendors, other academic institutions, funding bodies, or governments) to understand the contractual obligations of each party connected with data and data analytics on campus.
The successful completion of such an inventory lays a strong foundation for subsequent risk mitigation actions to be taken.
