Developing an organizational data strategy that aligns with your mission requires thinking about how different people and systems interact with data over its entire lifecycle.
Data Lifecycle Decisions: Collection
Technology
- Are the data being collected passively or actively (through crowdsourcing, e.g.)?
- Are they being collected through structured mechanisms such as surveys or interviews?
- When do OS defaults need to be changed (location, ID numbers, etc.)?
Governance
- Are the sources of the data giving active consent to have their information gathered?
- What rights are contained within that consent?
- If information is being collected passively, what rights do people have to correct or remove their data?
-
Under what circumstances is Personally Identifiable Information (PII) collected?
Management
- Communicate and implement data ownership and confidentiality conditions
Data Lifecycle Decisions: Analysis
Technology
- Where is the analysis done and how is it done?
- Will the raw data be shared for additional external analysis?
Governance
- If expertise will be required for analysis, how will this expertise be determined?
- Will the raw data be shared for additional external analysis?
Management
- How will analysis be shared?
Data Lifecycle Decisions: Storage
Technology
- Where will data be stored – In the cloud? Onsite?
- What security/encryption protections are needed?
- With iterations of data, how often are the data stores updated?
- Are multiple datasets required for data protection/anonymization?
- Will they be stored separately?
Governance
- What types of data need to be redacted, anonymized, removed?
- Is encryption needed?
Management
- How will redactions/anonymization choices influence data use, validity, and sharing?
- How will these decisions be communicated during collection process?
Data Lifecycle Decisions: Access and Sharing
Technology
- What security/firewall systems are necessary for providing external access to data?
Governance
- Will users have free access to raw data? To analysis?
- If there is a price how will it be determined and charged?
- Are there licenses needed?
- Will data be shared with full rights to manipulate and re-share?
- What liability protections are in place regarding external use/analysis
- Are data accessible all the time or only one-time?
Management
- Who will manage licensing process and monitor use/analysis/external use?
Data Lifecycle Decisions: Security
Technology
- How will data be protected – from what and where?
- What backup process will be used for which data sets?
Governance
- Are all data sets protected under same guidelines?
- When are exceptions made?
- What steps are in place in case of data breaches?
Management
- Determine protection level required and implement appropriate steps.
Data Lifecycle Decisions: Destruction
Technology
- What systems are necessary to ensure data destruction?
Governance
- How do retention/destruction policies align with mission and perceived risks?
Management
- Implement necessary timelines for data destruction and communicate these as part of data collection/analysis process.
Information experts and specialists, like librarians, know a lot about managing information and data. Here’s a simplified version of the many steps involved in a professional process.
At each step in the lifecycle there are several layers of decisions and decision makers:
- Technology
- Governance (including communications)
- Management