Back to the Data Governance framework site
Public Data Governance Portal · live preview
Signed in · {{ userName }}
Public data governance portal

How we govern the university's data.

Data governance is the framework of roles, standards, and processes that keeps institutional data accurate, secure, and usable. This portal is the public record of how that framework is applied to every major data initiative on campus.

{{ initiativeCount }}
major initiatives governed
5
governance components applied
6
roles from strategy to execution
The framework, in brief
{{ c.n }}
{{ c.name }}
{{ c.desc }}

Governance program metrics

Reviewed quarterly by the Governance Committee

A public, balanced scorecard of how the program is performing — one leading measure (effort) and one lagging measure (result) across each governance pillar. Figures are illustrative for this preview.

99.2%
Data quality pass rate
Records passing validation · leading
100%
Domains with stewards
Critical domains owned · leading
96%
Access reviews on time
Recertified on schedule · leading
0
Privacy incidents
Reportable, last 12 mo · lagging
88%
Staff data-literacy
Training completed · lagging
On time
Accreditation / IPEDS
Reporting cycle · lagging

Major data initiatives

Select an initiative to see how governance is applied

Each initiative has a public governance record. Sign in for staff-only artifacts — the catalog entries, access policies, quality rules, RACI charts, and compliance documentation behind each one.

Get help · the front door

Requests & reporting

Four standard requests cover almost everything. Each routes to the right steward and follows a defined turnaround.

Request data access

See or use a dataset, report, or system you don't yet have rights to.

Routes to: Trustee + Steward · 3 days
Report a data issue

Flag inaccurate, missing, duplicated, or out-of-date data.

Routes to: Data Steward · 2 days
Propose a data product

Request a new report, dashboard, integration, or dataset.

Routes to: Work Group · next cycle
Request an exception

Ask for a time-bound exception to a policy when there's a real need.

Routes to: Committee · 10 days
Report a data or privacy concern

If you suspect data has been exposed, lost, or accessed improperly, report it immediately to the Privacy Office and CISO — don't wait until you're sure. Handled under the institution's incident-response procedure (NIST SP 800-61), with notification per FERPA, GDPR, and state law.

privacy@meridian.edu
Who to ask
Data Governance Office
Policy, exceptions, the catalog
dgo@meridian.edu
Domain Data Steward
Definitions & data quality
See each initiative's record
Privacy Office
FERPA, GDPR, incidents
privacy@meridian.edu
IT Security (CISO)
Protection & incident response
security@meridian.edu
How our governance is organized

A centralized Data Governance Office.

Meridian governs its data through a dedicated central office. One authority owns policy, standards, the catalog, and access oversight for the whole institution — so every initiative on this portal is governed the same way, to the same standard.

The operating model
Strategic oversight
Data Governance Committee
Sets direction & priorities · final escalation authority
Central authority
Data Governance Office (DGO)
Led by the Chief Data Officer. Owns and enforces policy, standards, the catalog, and access oversight across every domain — the single accountable home for data governance.
The DGO sets standards for and oversees every domain
{{ d.name }}
{{ r }}

Each domain still has Trustees, Stewards, and Custodians who know their data best — but they operate within standards set and enforced centrally, not independently. This is a centralized model, not a federated one.

Two kinds of accountability

The office owns governance — Trustees still own their data

Centralized doesn't mean the central office decides everything about everyone's data. The DGO is accountable for the governance program — the rules, the platform, the oversight. Domain Data Trustees remain accountable for their data — they make the calls, within the standards the DGO sets. The office owns the rules of the road; Trustees drive their own cars.

Data Governance Office
Accountable for the governance program

That the framework exists, is applied consistently across every domain, and is enforced. Owns the how — policy, classification scheme, the catalog platform, the access process, quality methodology, and tooling. Does not own the data or make domain data decisions.

Domain Data Trustees
Accountable for their data

Who may access their data, how it's used, how it's classified, and whether it's fit for purpose. Owns the what — the actual decisions about their domain's data. Makes those calls within the standards the DGO sets.

Activity
The office sets (the program)
The Trustee decides (the data)
{{ r.activity }}
{{ r.dgo }}
{{ r.trustee }}

What the central office owns

{{ o.n }}
{{ o.name }}
{{ o.desc }}
Why a centralized office
{{ w }}
What we watch for
!{{ w }}
Policies, references & help

The public reference shelf.

How we classify data, the policies and laws that govern it, the roles and terms we use, how we govern AI, and answers to common questions.

Data classification

What the classification labels mean

Every initiative and dataset on this portal carries one of four classification tiers. The tier sets who may see the data and how it must be handled. When in doubt, data is classified up.

Public
No harm if released
Open access. Course catalog, published totals, program info.
Internal
For institutional use
Employees with a business need. Operational dashboards, internal analyses.
Confidential
Protected by law/policy
Role-based, logged, encrypted. Student records, financial aid, personnel.
Restricted
Severe harm if exposed
Named approval, MFA, full audit. SSNs, payment, health, security data.
Roles & key terms

Who governs data — and what we mean

The governance roles you'll see referenced across every initiative, plus the terms that carry specific meaning here.

Governance roles
Data Trustee
Senior owner accountable for a data domain — makes the calls about their data.
Data Steward
Day-to-day owner of definitions, quality, and appropriate use within a domain.
Data Custodian
Operates the systems that store and protect the data — usually IT.
Governance Committee
Sets direction and policy; the final escalation authority.
Key terms
System of record
The one authoritative source for a piece of data — where the truth lives.
Data catalog
The inventory of data assets with definitions, classifications, and lineage.
RACI
Who is Responsible, Accountable, Consulted, and Informed for a data activity.
Least privilege
Access is granted only to the data a role genuinely needs, nothing more.

Roles can be held by people or, increasingly, governed services — an AI agent acts as a Custodian under delegated authority while a human Trustee stays accountable.

Policy library

The policies that govern our data

Each policy has a named owner and a review cadence. Staff sign-in is required for the full text of internal procedures.

Data Governance PolicyCurrent
Scope, authority, roles, and how decisions are made. Owner: Governance Committee.
Data Classification PolicyCurrent
The four tiers and handling rules. Owner: CISO + Data Trustees.
Access & AuthorizationCurrent
Who requests, who approves, how access is reviewed. Owner: Data Trustees.
Privacy Notice (FERPA/GDPR)Current
What we collect, why, and your rights. Owner: Privacy Office.
Retention & DisposalIn review
How long records are kept and how they're destroyed. Owner: Records + Legal.
Acceptable Use & AIIn review
Rules for using data, including in AI tools. Owner: Governance Committee.
Laws & compliance

The regulations behind the reg tags

Initiatives are tagged with the laws that govern their data. Here's what each one means. This is orientation, not legal advice — the Privacy Office and Counsel determine what applies.

FERPA
Protects student education records — disclosure, consent, and the right to inspect.
GDPR
EU/EEA data subjects — consent, rights, and 72-hour breach notification.
HIPAA
Protected health information in clinics and covered components.
GLBA Safeguards
Student financial-aid data — security program and incident-response duties.
Export control (EAR/ITAR)
Restricted research data — access limits and secure handling.
State breach laws
Notice to affected residents after a breach — deadlines vary by state.
AI governance

How we govern data in AI systems

AI doesn't get a governance exception — it gets more scrutiny. A model is only as trustworthy as the governed data behind it, and a system that acts autonomously is held to the highest standard.

Our commitments
A human stays accountable for every action an AI system takes.
Models use only governed, appropriately-classified data.
High-stakes actions require human review before they take effect.
Every read and action is logged, and outputs are monitored for bias.
Why AI needs extra care
Opacity — you can't always read why a model decided.
Speed & scale — a mistake propagates faster than humans can catch.
Bias — it can learn and amplify historical inequities.
Data reuse — inputs can resurface as outputs.
NIST AI RMF EU AI Act (conditional) US state AI laws

Worked example: see the Student Success Copilot in the initiative register. Note the EU AI Act can reach US institutions where AI output is used in the EU or serves EU learners, and treats admissions, assessment, and proctoring as high-risk — Counsel sets scope per system.

FAQ

Common questions

How do I get access to data?

Submit a data access request with your purpose. The Trustee and Steward approve based on business need.

Who decides what data means?

The Data Steward for that domain owns the definition — one agreed meaning, used everywhere.

Who can see my student records?

Only staff with a legitimate educational interest, under FERPA. Access is role-based and logged.

Can our data be used in AI tools?

Only governed, appropriately-classified data — and never Confidential or Restricted data in external AI services.

My report disagrees with another. Why?

Check both draw from a governed source of truth. If definitions differ, raise it with the Steward.

How do I report a problem?

Use "Report a data issue" on the initiatives page, or email the Privacy Office for a privacy concern.

{{ sel.status }} {{ sel.classification }} {{ d }}

{{ sel.name }}

{{ sel.purpose }}

Domains & data sources
{{ s.name }}
{{ s.detail }}
Classification & compliance

{{ sel.compliance }}

{{ r }}
Governance roles
{{ r.role }}
{{ r.who }}
{{ r.unit }}
Status & timeline
{{ t.when }} {{ t.what }}

How governance is applied

Each of the five components has a governance artifact for this initiative. Public summaries are shown; the full artifacts are staff-only.

{{ a.n }}

{{ a.name }}

{{ a.publicSummary }}

Staff artifact {{ a.docName }}
{{ row.k }} {{ row.v }}
Joe Sabado  |  CampusAIExchange.com  ·  Licensed CC BY-NC-SA 4.0  ·  Developed with AI assistance Free to use and adapt for non-commercial purposes, with attribution.