Data Governance for Monitoring Evaluation and Learning

July 1, 2022 by Andrea Kornfeld

There are data governance decisions during each phase of the data life cycle.

To help you create a data governance plan, I created a google template. Open the template, click on the File menu and select Make a Copy, and then save in your own drive. You can share your data management plan with your colleagues.

As you read each section of the data life cycle, please also fill out the data management template.

Data Collection

What types of data will be collected and the reason for collecting it?
Will PII or sensitive data will be collected?
Will your organization or another organization collect the data?
How and with whom will the data be shared or published?
Who is responsible for data during each step of the data life cycle?
Who will have access to the data during each step of the data life cycle?
What tools will you use during each step of the data life cycle?
What is your budget for data collection and storage?
Are there relevant privacy laws?

Risk Management

Think about the risks for each type of data collected:

Who might try to improperly use each type of data?
How could they gain access to it?
What would happen if they were successful? [1]

For additional see risk management questions, see the Electronic Cash Transfer Learning Action Network - Privacy Impact Assessment [1]

Storing Data

When storing data, there are several privacy and security considerations:

How will you secure the data?
Do you have storage procedures to ensure data is secure? (File formats, naming conventions, classifying the dataset)
Will the data be reused? If so, how? Do you have consent?
If there is PII or sensitive data, you will need to clean the data and anonymize the data.

Data validation and cleansing

If PII is collected, anonymize the data. According to Wikipedia, Data anonymization is the process of removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous. In other words, we will not know the actual data owner by looking at the data

To anonymize a data set, replace the key with a number.

Key	First Name	City	Age
4346	Joseph	Yaounde	27
8624	Francine	Doula	34

For more detailed instructions, here are some tips on anonymizing data sets.

Sharing data

While sharing data, these are some considerations:

How and with whom will the data be shared?
Will the data be re-used?
How will you secure the data?
Are there any regulations preventing you from transferring data across borders?

Look into whether there will be any issues with transferring data across borders. According to IAPP, “The transmission of personal information from one jurisdiction to another. Many jurisdictions, most notably the European Union, place significant restrictions on such transfers. The EU requires that the receiving jurisdiction be judged to have “adequate” data protection practices.”

Data Retention, Archival, and Disposal

Make sure you have a data retention plan, review data regularly, and dispose of the data after you no longer need it. Only retain what you need to retain.

Data Retention - Create a data retention plan. The purpose of a data retention plan is to minimize the amount of sensitive data in your organization.
Archival – Archiving data is intentionally preserving data. Look into regulations that may require you to archive data and determine how long the data needs to be stored.
Disposing – This is process of deleting data responsibly. Papers with sensitive data needs to be shredded. Delete files from the cloud, hard drives, thumb drives, and the recycling bin. Avoid emailing sensitive data. If you email a document containing sensitive information, it may be hard to track the document and dispose of it properly.