Data Management

Citation
274 FW 1
FWM Number
N/A
Date
Amended Date(s)
9/29/2022
Supersedes
274 FW 1, 3/4/2009
Originating Office
Information Resources and Technology Management

TABLE OF CONTENTS

Topics

Sections

OVERVIEW

1.1 What is the purpose of this chapter?

1.2 What is the scope of this chapter?

1.3 What are the objectives of this chapter?

1.4 What are some of the key authorities for the chapters in Part 274, Data Resource Management?

1.5 What terms do you need to know to understand the chapters in Part 274, Data Resource Management?

RESPONSIBILITIES

1.6 Who is responsible for data management governance?

1.7 What Service employees are responsible for data management?

DATA MANAGEMENT REQUIREMENTS

1.8 What are the Service’s general data management requirements?

1.9 What are the data management planning requirements?

1.10 How should data be maintained?

1.11 What are the requirements for providing access to data?

1.12 How should data be preserved?

OVERVIEW

1.1 What is the purpose of this chapter? This chapter:

A. Ensures that the U.S. Fish and Wildlife Service (Service) is a responsible public steward of data and values and manages it as a key strategic asset in support of the agency mission while following all applicable laws, regulations, and policies;

B. Establishes Service data management roles and responsibilities to improve organizational efficiency and conform to existing laws, regulations, and policies; and

C. Provides a framework for Service employees to manage data throughout its lifecycle to better accomplish our strategic goals while improving mission and business performance.

1.2 What is the scope of this chapter?

A. This chapter applies to:

(1) Data created, acquired, or distributed, by or for the Service, in any medium or form;

(2) Service employees, contractors, and volunteers who collect, create, distribute, or manage data for the Service; and

(3) To the extent feasible, legacy data that the Service is using to support an ongoing activity.

B. This chapter does not apply to legacy data unless used in an ongoing activity or provided to the public as noted above. However, Data Trustees may decide to bring certain legacy data into compliance with this policy, taking into account the costs and benefits of doing so.

C. This chapter serves as the Service’s overall data management policy and provides general requirements that apply to all types of data. Certain types of data (such as geospatial or financial data) may have additional specific requirements that apply only to that data type. Employees must follow any data-specific requirements in addition to the general requirements in this chapter.

1.3 What are the objectives of this chapter? Our objectives are to:

A. Define Service data management requirements for all stages of the data lifecycle;

B. Provide for the discoverability and accessibility of Service data to the Service, the Department of the Interior (Department), and the public, as appropriate, to facilitate use and reuse following applicable Federal and Departmental open data requirements; and

C. Improve data management practices within the Service, with the goal of:

(1) Making data more readily available to inform decision making;

(2) Improving the long-term security, preservation, and integrity of the Service’s data resources;

(3) Reducing duplication of costs and effort for data management; and

(4) Improving organizational and financial efficiency.

1.4 What are some of the key authorities for the chapters in Part 274, Data Resource Management?

A. Controlled Unclassified Information (32 CFR 2002).

B. Digital Accountability and Transparency Act (Public Law 113-101).

C. E-Government Act of 2002 (Public Law 107-347).

D. Federal Records Act of 1950 (44 U.S.C. Chapter 31, as amended).

E. Freedom of Information Act (FOIA), as amended (5 U.S.C. 552).

F. Geospatial Data Act of 2018 (43 U.S.C. Chapter 46, 2801-2811).

G. Office of Management and Budget (OMB) Circular A-130, Managing Information as a Strategic Resource.

H. OMB Memorandum M-10-06, Open Government Directive.

I. OMB Memorandum M-13-13, Open Data Policy – Managing Information as an Asset.

J. OMB Memorandum M-19-18, Federal Data Strategy – A Framework for Consistency.

K. Office of the Chief Information Office (OCIO) Directive 2018-004, DOI Data Resource Management – Managing Data as a Strategic Asset.

L. Open, Public, Electronic, and Necessary (OPEN) Government Data Act, Title II of the Foundations for Evidence-Based Policymaking Act of 2018 (Public Law 115-435).

M. Paperwork Reduction Act, as amended (44 U.S.C. 3501 et seq.).

N. Privacy Act of 1974 (5 U.S.C. 552a, as amended).

O. Secretarial Order No. 3369, Promoting Open Science, October 18, 2018.

1.5 What terms do you need to know to understand the chapters in Part 274, Data Resource Management?

A. Controlled Unclassified Information (CUI). Information that the Service creates or possesses, or that an entity creates or possesses for or on behalf of the Service, that a law, regulation, or Governmentwide policy requires or permits us to handle using safeguarding or dissemination controls as specified in 32 CFR 2002 and the CUI Registry.

B. Data. Recorded information, regardless of form or the media on which they are recorded (44 U.S.C. 3502(16)). This information can be unprocessed or processed and represented as text, numbers, or multimedia.

C. Data Custodian. The person assigned to perform the technical tasks necessary to manage the storage, integrity, and security of data.

D. Data Lifecycle. The stages of data’s useful life describing its creation, maintenance, distribution, reuse, and storage, until it becomes obsolete.

E. Data Management. Refers to the planning, collection, storage, maintenance, retrieval, and quality control and analysis of data throughout its lifecycle.

F. Data Management Plan. Describes data that will be acquired or produced; how the data will be managed, described, and stored; what standards will be used; and how data will be handled and protected during and after the completion of the activity where the data is involved.

G. Data Producer. The person who is directly involved with creating, acquiring, analyzing, or distributing data.

H. Data Repository. A centralized location where logically organized data may be stored and shared. A data repository may be general or focus on a particular topic and may be public or internal to the Service.

I. Data Steward. A technical point of contact for data and related attributes who performs the oversight and maintenance functions described in Table 1-2 (3) for data under their stewardship.

J. Data Trustee. The person responsible for ensuring that adequate resources are available to support data management for data within their scope of responsibility.

K. Legacy Data. Data created, acquired, or distributed prior to October 1, 2020.

L. Machine-Readable. A data format that a computer can easily process, without human intervention, and with no meaning being lost. See 44 U.S.C. 3502.

M. Metadata. Structural or descriptive information about data such as content, format, source, rights, accuracy, provenance, frequency, periodicity, granularity, contact information, publisher or responsible party, method of collection, and other descriptions. See 44 U.S.C. 3502.

N. Open Format. A format for data that is unencumbered by any copyrights, patents, trademarks, or other restrictions, so that anyone may use it at no monetary cost for any desired purpose. Open formats are non-proprietary, platform-independent, and machine-readable.

O. Open License. A legal guarantee that a data asset is made available at no cost to the public and with no restrictions on copying, publishing, distributing, transmitting, citing, or adapting such an asset. See 44 U.S.C. 3502.

P. Personally Identifiable Information (PII). Any information that permits the identity of an individual to be directly or indirectly inferred, including any information which is linked or linkable to an individual. Some PII is not sensitive and does not require special handling, such as information on a business card or in an email signature block. However, some PII is considered sensitive and requires stricter handling requirements. This is due to the fact it could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual if lost, compromised, or inappropriately disclosed. Examples of sensitive PII on their own include Social Security numbers, Tribal enrollment numbers, financial account numbers, date of birth, and biometric identifiers (e.g., fingerprint, facial image). Examples of PII that may become sensitive in conjunction with an individual’s identity are citizenship or immigration status, medical or health information, or performance rating.

Q. Quality Assurance. The process and procedures used to prevent errors while collecting or entering data.

R. Quality Control. The process of identifying and correcting errors and quality issues with data.

S. Records. All recorded information, regardless of form or characteristics, made or received by a Federal agency under Federal law or in connection with the transaction of public business and preserved or is appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the U.S. Government or because of the informational value of data in them. See 44 U.S.C. 3301.

RESPONSIBILITIES

1.6 Who is responsible for data management governance? The Data Management Governance Board (Board), which is a chartered Service team, provides leadership and direction for Service data management. The Service’s Associate Chief Data Officer (ACDO) chairs the Board, whose members are from the leadership of various Service programs and Regions. Broadly, the Board is responsible for:

A. Developing data management policy, standards, and guidance, including maintaining a list of approved data repositories as we describe in section 1.10;

B. Promoting data management best practices and cooperation among Service programs and Regions and across agencies;

C. Serving as an advisory board for questions that arise within the Service;

D. Improving Service data management practices;

E. Reviewing the Service’s data management-related systems and tools; and

F. Establishing technical committees and work groups, as necessary, to support Board activities or address specific tasks in data management areas.

1.7 What Service employees are responsible for data management?

A. Table 1-1 identifies Service employees and their responsibilities for data management.

Table 1-1: Data Management Responsibilities

These employees…

Are responsible for…

(1) The Director

(a) Approving or declining to approve Servicewide data management policies, and

(b) Ensuring the Service complies with all applicable data management laws and policies.

(2) Directorate Members

(a) Ensuring their employees are aware of the requirements in this chapter and any related data management policies, procedures, and guidance;

(b) Promoting effective data management practices throughout their Regions or programs, including prioritizing sharing data with Service employees and members of the public as soon as feasible;

(c) Ensuring managers/supervisors have applicable data management duties included in their performance plans;

(d) Ensuring capacity needed to carry out data management activities, including, but not limited to, funding, dedicated technical staff, personnel time, training, computer hardware and software, and other resources employees need to carry out data management activities;

(e) Evaluating overall Region or program compliance with the Service’s data management policies, standards, and requirements;

(f) Approving employees to participate in Servicewide data management initiatives, or as members of the Board, as applicable and where Directorate approval is sought; and

(g) Performing other duties assigned in Departmental policy for the Executive Data Steward, unless delegated.

(3) Associate Chief Information Officer (ACIO) (i.e., the Assistant Director-Information Resources and Technology Management)

(a) Promoting the implementation of the Service’s data management policies, practices, and procedures;

(b) Providing employees with, and managing, the information technology (IT) resources and systems required to support data management, including searching and retrieving data based on information in the metadata;

(c) Participating on, or designating another employee to participate on, the Board;

(d) Maintaining the confidentiality, integrity, and availability of the Service’s data and related information systems; and

(e) Ensuring the Service develops and implements Service policies, procedures, and guidance for protecting PII, CUI, and other types of data requiring special protection.

(4) Associate Chief Data Officer (ACDO)

(a) Promoting data management practices to help ensure the Service’s data are available, reliable, consistent, accessible, secure, and timely to support the mission and activities of the Service;

(b) Providing leadership, advice, and technical assistance on the Service’s overall data architecture and other data management-related issues;

(c) Serving as the Chair of the Board;

(d) Collaborating with Service leadership to create and implement data and metadata management policies, procedures, standards, and guidance focused on governing, guiding, monitoring, standardizing, and communicating Servicewide data management requirements;

(e) Monitoring the implementation and effectiveness of the Service’s data management policies, practices, and procedures;

(f) Coordinating with the ACIO and other officials to conduct strategic planning activities for data management;

(g) Serving as a liaison to the Service’s scientific, business, and Information Resources and Technology Management (IRTM) communities on data management-related issues;

(h) Communicating the availability of Service data to key stakeholders and the public;

(i) Working with the Chief, Division of Training, at the National Conservation Training Center and others to develop data management training for employees; and

(j) Performing other duties assigned in Departmental policy.

(5) Managers/

Supervisors

(a) Ensuring employees under their supervision practice data management;

(b) Encouraging employees to participate in Servicewide data management initiatives, as applicable;

(c) Assigning or serving as a Data Trustee for new data collections and acquisitions;

(d) Ensuring employees with data management responsibilities have data management duties included in their performance plans;

(e) Ensuring employees have the necessary training, skills, and resources to manage data, including the appropriate technical skills; and

(f) Ensuring employees preserve data according to Service policy and coordinating with the applicable Data Trustee or Steward so management responsibility is transferred when an employee leaves a position.

(6) Service Employees

(a) Following applicable data management-related Federal laws and regulations and Service and Departmental policies;

(b) Fulfilling the responsibilities of any of the roles in Table 1-2 to which they are assigned;

(c) Handling data in accordance with applicable access and use restrictions;

(d) Practicing data management following the best practices, guidance, and procedures that the Board and ACDO develop; and

(e) Informing their managers/supervisors about training they need to practice data management.

B. Table 1-2 describes the roles associated with data management. These roles may each be filled by a different employee, or the same employee may fill multiple roles depending on the amount of data involved, resources available, and other factors.

Table 1-2: Data Management Roles

These employees…

Are responsible for…

(1) Data Trustee

(a) For data within their scope of responsibility:

     (i) Advocating for and ensuring adequate resources are available to properly manage data throughout its lifecycle;

     (ii) Assigning Data Stewards and Custodians and ensuring these designations are updated in the appropriate location, such as within the metadata, whenever necessary;

     (iii) Ensuring Service data management policies, guidance, and procedures are implemented appropriately;

     (iv) Following data management plans; and

     (v) Ensuring the data are covered by a data management plan and that all Stewards, Custodians, and Producers involved with the data do so following the established plan.

(b) Maximizing data sharing and accessibility to the extent possible given security, privacy, and other use constraints, both internally within the Service and externally with members of the public and other Federal and non-Federal entities.

(2) Data Producer

(a) Creating and maintaining data following Service and Departmental policies and guidance, including applicable data management plans;

(b) Following applicable data management plan(s) when creating or acquiring data;

(c) Creating metadata to document data produced or collected;

(d) Complying with data use constraints and limitations as identified in metadata; and

(e) Communicating and working with Data Custodians, Data Stewards, and Data Trustees, as needed.

(3) Data Stewards

(a) Serving as the technical point of contact for data;

(b) Ensuring data within their scope of responsibility meets applicable quality, security, privacy, and retention standards;

(c) Coordinating with the Data Trustee to develop a data management plan using the National Data Management Plan template, updating it as needed, and maintaining data in accordance with that plan throughout its lifecycle;

(d) Developing or complying with existing standards for the data;

(e) Working with the Data Custodian and Producer to keep data current and ensure it is preserved once it reaches the end of its lifecycle;

(f) Ensuring metadata quality; and

(g) Raising issues associated with data (e.g., a suspected or actual loss of integrity, accuracy, or quality) to the Data Trustee for further evaluation and action.

(4) Data Custodians

(a) Following data management plans;

(b) Ensuring that data and metadata are preserved and maintained in accordance with the approved data management plan. This includes maintaining data in a usable format for storage and accessibility in an appropriate repository over the duration of the data’s expected lifespan;

(c) Ensuring Service data are stored in a manner that is resilient to changes in staff, technology, and policy;

(d) Performing data transfers and migrations from legacy systems as they are decommissioned;

(e) Assisting Data Stewards with performing data maintenance activities;

(f) Applying and maintaining appropriate access rights to information systems and repositories where the data are stored; and

(g) Periodically reviewing metadata fields such as online linkages and contact information to ensure their accuracy.

DATA MANAGEMENT REQUIREMENTS

1.8 What are the Service’s general data management requirements?

A. Prior to using Service resources to collect or generate data, employees must determine whether relevant data that would meet their purpose or need already exists and access these data if possible. Employees should ask the ACDO if they have questions about whether particular data exist within the Service. When it is necessary to collect or generate additional data, we must:

(1) Ensure the data falls under a data management plan that describes how the data will be managed throughout its lifecycle. Data Stewards and other employees who are responsible for creating and maintaining data management plans must use the National Data Management Plan template to create the official version of the plan. This will ensure it meets the planning requirements described in section 1.9.

     (a) The plan must be available within the Service’s National Data Management Plan Repository. Using the national template ensures this requirement is met.

     (b) If the data are related to other ongoing data activities, an existing plan may be sufficient to meet this requirement.

(2) Ensure contracts and agreements awarded to non-Service entities to collect, create, distribute, or manage data for the Service:

     (a) Specify management and stewardship responsibility,

     (b) Identify possible restrictions on use,

     (c) Describe preservation responsibilities,

     (d) Ensure that the Service maintains access to our data, and

     (e) Incorporate any other applicable requirements in this policy.

B. The Service’s data must be:

(1) Compliant with Service data standards relevant to the particular type of data;

(2) Described using metadata following an applicable metadata standard (e.g., Federal Geographic Data Committee-compliant metadata for geospatial data). The metadata must identify the Data Steward for the data and must be:

     (a) Created in a machine-readable and open format;

     (b) Adequately described so the data can be found, understood, and used by Service employees and others who have access to it;

     (c) Updated throughout the lifecycle of the data to keep it current; and

     (d) Preserved alongside the data, whether digital or hardcopy, in a Board-approved repository as long as required by Service records management policy.

(3) Maintained in a machine-readable and open format to the maximum extent possible.

C. Through the Service’s IT project and investment review processes, IRTM must ensure the Service’s information systems:

(1) Implement open formats to the maximum extent possible;

(2) Facilitate access, storage, and maintenance of data; and

(3) Adequately implement privacy and security controls as described in 270 FW 7, Information Technology Security Program, and related policies and procedures.

1.9 What are the data management planning requirements?

A. The data management plan described in section 1.8A must, at a minimum, address the following elements:

(1) The type(s) of data to be collected (e.g., tabular or spatial data);

(2) The Data Steward, Trustee, Custodian, and Producer(s);

(3) The Board-approved repository where the data will be stored;

(4) Any special access or use restrictions that might apply;

(5) Resources needed to maintain, store, and access the data throughout its lifecycle (e.g., special software, staff with specialized skills, or financial resources needed to store the data);

(6) Metadata standards that will be used to describe data;

(7) Records schedule and disposition;

(8) Instructions on how to access the data;

(9) Quality assurance and quality control processes that will be applied to the data; and

(10) The frequency with which the data and metadata will be reviewed and updated.

B. The data management plan must be accessible consistent with section 1.8 and section 1.11.

1.10. How should data be maintained? For data to be accessible, the Service needs to know how and where data are stored and how they are maintained. Given changing technologies and the possible need to access data long after it has been collected, formats in which data are saved can become inaccessible as new technologies emerge. As people change positions or leave the Service, knowledge of where data are stored may be lost. It is the policy of the Service to ensure that data are maintained in such a way that they continue to be accessible after they have been collected, and that we know how to access them. The following are the Service’s requirements for maintaining data:

A. Repositories: Data must be stored within a Board-approved repository throughout its useful lifecycle. Repositories can be either internal or external to the Service consistent with appropriate laws and policies.

(1) The Board maintains the list of approved repositories on the Service’s internal data management website.

(2) The repository chosen must be appropriate for the topic, type, and level of security of the data in question.

B. Records Schedule: All data must be maintained for the length of time specified by Federal law, regulation (36 CFR 1220-1249), and policy relating to records management, including the Service’s Records Disposition Schedule (see 283 FW 2, Disposition Schedules) or the Department’s Administrative and Policy Schedules. Employees should ask the Service’s Chief Records Officer if they have questions about how long data must be kept.

C. Converting Data: As we adopt new technologies for collecting and storing data, the Data Custodian must transfer any data stored on an older storage technology to the new storage medium when we decommission that technology so the data continue to be accessible. They must also preserve the data in their original format until quality assurance and control procedures validate the successful transfer of the data to the new format.

D. Maintaining Contacts: Data Trustees must make sure the names and contact information of Data Stewards and Custodians are up-to-date in data repositories.

1.11 What are the requirements for providing access to data? To be useful, data must be accessible. It is Service policy to ensure appropriate access to its data, whether by the public and other external entities following Federal open data policy, or internally for use in decision making and other mission and business-related purposes. The following are the Service’s requirements for providing access to data:

A. Public Access to Data: Federal law, regulation, and policy, including the OPEN Government Data Act and OMB Circular A-130, require us to share our data with the public in an open and accessible format, to the extent possible and legally permissible.

(1) All of the Service’s data that are subject to disclosure under FOIA are potentially subject to release, as required by 44 U.S.C. 3504(b)(6)(F).

(2) To the maximum extent possible, all Service data provided to the public must be:

     (a) Machine-readable in an open format and under an open license that is generally in common use by the public,

     (b) Documented with metadata, and

     (c) Discoverable in a Board-approved repository when released.

B. Limitations on Public Access: When determining whether data are appropriate for public access and release, we must consider whether the data:

(1) Pose a privacy, confidentiality, or security risk either in isolation or when combined with other available information;

(2) Are subject to specialized requirements that govern access as defined in Federal law, regulation, and policy, such as PII or CUI.

     (a) Service Manual chapter 204 FW 1, Privacy Act Program, is the Service’s policy for protecting and handling PII. Employees can consult that chapter or contact the Service’s Associate Privacy Officer (APO) for additional guidance.

     (b) We must protect CUI following the requirements of 32 CFR 2002. Employees can review the guidance that the National Archives and Records Administration (NARA) provides in the Federal CUI Registry or contact the Service’s CUI contact for more information.

(3) Contain confidential business information, or any other information that is exempt from disclosure under the FOIA, as found in 5 U.S.C. 552(b)(1)-(9);

(4) Are subject to intellectual property rights;

(5) Have access restrictions as part of a contract or other binding, written agreement;

(6) Will result in the Service violating any existing law or policy, if released; or

(7) Meet other needs for restricting the data as documented in the metadata.

C. Documentation of Restrictions to Public Access: The Data Trustee must ensure any restrictions to public access are documented and justified in the metadata for that data. Any data that are restricted from public access need to follow appropriate procedures for FOIA and CUI and include:

(1) Who does or does not have access,

(2) A justification of why data are being withheld (a mere assertion that an exemption applies is insufficient), and

(3) A description of when access restrictions can be removed or might otherwise change.

D. Internal Access to Data: We must also ensure data are available for Service employees to access internally for lawful Government purposes, such as making regulatory decisions. To facilitate this, the Data Custodian must store data in a repository that will allow the appropriate Service employees to access it in a timely manner and document this location as part of the metadata along with instructions on how to access it.

E. Section 508 Compliance: Service employees must comply with 270 FW 4, Implementing Section 508 of the Rehabilitation Act, as applicable.

1.12 How should data be preserved?

A. We must continue to preserve data in a repository throughout its useful life, per the requirements of this policy.

B. When data qualifies as a record or is part of an official record, in must be preserved in accordance with Service records policy, including the Service’s latest approved records disposition schedules and the Department’s Administrative and Policy Schedules, as applicable.