Data Governance Policy
Policy Summary
In an increasingly digital world, the responsible collection, use, storage, and protection of data by the George Washington University (“GW” or “university”) must be central to academic, research, and business operations of the university. An effective data governance program establishes a framework for the proper management of data and provides practices that guard against inappropriate and improper use.
This policy outlines the university’s Data Governance Program, which is to promote a culture of responsible data stewardship among GW Community Members by establishing the requirements for proper collection, use, storage, and protection of data collected, used, stored, maintained or in any way managed by the George Washington University, whether stored on campus or within a third-party service (collectively, “GW Institutional Data” or “GW Data”).
Who is Governed by this Policy
- This policy applies to all faculty, postdocs, staff, students, and all other individuals and entities who interact with the GW Community, including, but not limited to, contractors, temporary employees, sponsored researchers, affiliates, visitors, and volunteers (collectively, “GW Community Members”).
Policy
There are two foundational concepts of GW’s Data Governance Program: First, GW Institutional Data are not "owned" by a particular division, unit, department, or individual of the university. GW Data are a valuable asset of the university, and for the university as a whole. Second, it is the collective responsibility of GW Community Members to use GW Data in an ethical and purposeful manner that is in alignment with the academic and research mission of the university, make GW Data available to authorized users who have a legitimate need, and to preserve and protect such information by all appropriate means.
Successful management and protection of GW Data shall be administered through the following commitments:
- GW will establish and maintain data guidance and standards that comply with applicable laws and regulations, as well as relevant contractual obligations.
- GW Data will be managed as a resource across all departments and units, applying consistent protocols concerning its use, access, disclosure, distribution, and retention.
- GW will maintain the confidentiality and security of GW Data by restricting data access, use disclosure, and with applicable information security measures outlined in the GW Data Classification Standard.
- GW Data will be made accessible to authorized individuals, as appropriate, on a timely and reliable basis
- Access to GW Data will be controlled through established roles and associated responsibilities, such as data trustees and data stewards, that have data management responsibilities and decision-making authorities within certain GW Data domains as stated in the GW Data Governance Standard.
- GW Data will be managed and retained in accordance with the university’s Record Management Policy and University Records Schedule.
- Use of GW Data will be permitted only for the conduct of university business and legitimate activities, such as institutional or academic research, which adhere to GW’s policies, its Statement of Privacy Practices, and are authorized by law. Accordingly, proposed uses of GW Data will be subject to ethical, security, and privacy considerations, including but not limited to those required for the procurement of information technology, applicable data sharing processes, research, and under the auspices of the Data Privacy Consultative Committee, as appropriate.
Enforcement and Penalties
Noncompliance with this policy may result in disciplinary action up to and including termination (employees), suspension/expulsion (students), or suspension/termination of services (contractors, third-party service providers).
Definitions
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Data Domain: A logical grouping of data that shares a common purpose, object, or concept and helps to (i.) provide a framework for understanding and managing data; (ii.) ensure data is accurate, consistent, and meaningful; and (iii.) assign accountability and responsibility for data.
Data Steward: Data Stewards are designated by and accountable to the Data Trustees. Data Stewards are university business officials with direct operational-level responsibility for the management of one or more categories of GW Institutional Data and have decision-making authority.
Data Stewardship: The process of managing and organization’s data to ensure it is accessible, secure, trustworthy, and usable, including overseeing the data lifecycle from creation to deletion.
Date Trustee: Data Trustees are the highest-ranking institutional officers at GW (i.e., Vice Presidents, Vice-Provosts, Deans). Data Trustees ensure that data within their schools and business areas is viewed as an institutional asset and is properly managed in accordance with applicable university policies and standards.
GW Institutional Data: GW Institutional Data (or GW Data) is defined as data in any form, location, or unit that is:
- Subject to a legal obligation requiring the university to manage the data responsibly;
- Substantive and relevant to the planning, management, operations, staffing, or auditing of one or more major university administrative functions, or multiple organizational units;
- Included in an official university report; and
- May be used to derive any data element that meets the above criteria.
Integrity: Guarding against improper information modification or destruction and includes ensuring information non-repudiation and authenticity.
Related Information
- Acceptable Use of IT Resources Policy
- Cybersecurity Risk Policy
- Identity and Access Management Policy
- University Access to Accounts and Electronic Information Policy
- Privacy of Student Records (FERPA) Policy
- Records Management Policy
- Privacy of Personal Information Policy
- Data Governance Standard
- Data Classification Standard
Contacts
| Contact | Phone Number | Email Address |
|---|---|---|
| GW Data Governance | dgc gwu [dot] edu (dgc[at]gwu[dot]edu) |
Responsible University Official: Vice Provost for Libraries and Information Technology
Responsible Office(s): GW Information Technology
Origination Date: December 17, 2025
Last Material Change: N/A
Last GW Community Comment Period: October 13, 2025 - November 24, 2025; no feedback was received.
Next Scheduled Review: 2027-2028 Academic Year
To provide feedback on this policy, please contact the Responsible Office(s) listed above or the Office of Ethics, Compliance, and Risk. More information describing university policies is outlined in the University Policy Principles.
Noncompliance with this policy can be reported through this website.