Back to Data Domains

Legal and Compliance Data Domain

Resources

Legal and Compliance data includes information related to an institution's legal and regulatory obligations, as well as records of compliance activities to ensure adherence to relevant laws and regulations, mitigate legal risks, and support strategic decision-making.

The Legal and Compliance Data Domain is divided into Subdomains providing information on a more granular level.

Data Trustee: Darryl Lunon

Subdomains

  • Conflict of Interest (COI)

    Conflict of Interest data domain encompasses information related to the identification, management, and mitigation of situations where an individual's personal interests or relationships may compromise their ability to act impartially or in the best interest of an organization. This may include data on disclosures, reviews, approvals, and monitoring activities.

    Data Steward: Spruell Driver

    Regulatory Compliance Requirements: N/A

    Data Classification:  TBD

    Major Data Systems & Applications

    System NameWarehouseData Classification
    Novelution  
    Grants Dashboard  
    NetDocuments  
  • Internal Audit

    Internal Audit data domain encompasses information related to audits and advisory reviews of university departments and areas. This may include samples of confidential data, financial data, IT and systems controls, operational documents, risk management data, audit recommendations, and management action plans.

    Data Steward: Jennifer Miller

    Regulatory Compliance Requirements:  N/A

    Data Classification:  TBD

    Major Data Systems & Applications

    System NameWarehouseData Classification
    PFX Engagement (legacy)  
    Baker Tilly systems  
    NetDocuments  
  • ERM (Risk Management)

    ERM data domain encompasses information related to enterprise-level risks and special projects facilitated or conducted by ERM. This may include annual risk survey data, annual enterprise risk profiles, risk mitigation efforts, confidential data, project recommendations, and risk rating data.

    Data Steward: Jessie Napier

    Regulatory Compliance Requirements:  N/A

    Data Classification:  TBD

    Major Data Systems & Applications

    System NameWarehouseData Classification
    NetDocuments  
  • Legal and Litigation

    Legal data domain encompasses information related to ongoing or closed legal matters handled by members of the Legal team. This may include files related to litigation, business transactions, regulatory compliance, or other privileged attorney-client counseling.

    Data Steward: Tanya Valli

    Regulatory Compliance Requirements:  N/A

    Data Classification:  TBD

    Major Data Systems & Applications

    System NameWarehouseData Classification
    SimpleLegal  
    NetDocuments  
  • Clery

    Clery data domain encompasses information required under the federal Clery Act designed to promote transparency and ensure compliance with campus safety regulations. This may include statistics on reported crimes, fire incidents, timely emergency notifications, and security notices, as well as institutional policies related to safety, security, and crime prevention.

    Data Steward: Cherri Harris

    Regulatory Compliance Requirements: N/A

    Data Classification:  TBD

    Major Data Systems & Applications

    System NameWarehouseData Classification
    CleryEdge  
    NetDocuments  
  • Compliance Hotline

    The Compliance Hotline data subdomain encompasses reports submitted by faculty, staff, students, and members of the public regarding alleged violations of state or federal laws and regulations, or any other University policies or procedures. This may include personally identifiable information (PII), such as names, addresses, phone numbers, and email addresses, as well as unverified allegations of a sensitive nature.

    Data Steward: Nicholas Roberts

    Regulatory Compliance Requirements: N/A

    Data Classification:  TBD

    Major Data Systems & Applications

    System NameWarehouseData Classification
    RealRecruit (future state)  
    Navex/EthicsPoint  
    NetDocuments  
  • Risk and Insurance Management

    Risk and Insurance Management domain encompasses all data related to the reporting, investigation, and resolution of incidents involving students, faculty, staff, visitors, or contractors across Vanderbilt University. This may include confidential and sensitive reports related to safety, workplace injuries, misconduct, harassment, discrimination, property damage, bodily injury, or policy violations, and is used to identify trends that inform risk mitigation strategies.

    Data Steward: Stephanie Shipp

    Regulatory Compliance Requirements: N/A

    Data Classification:  TBD

    Major Data Systems & Applications

    System NameWarehouseData Classification
    Origami  
    NetDocuments  
  • Youth Protection

    Youth Protection data domain encompasses youth protection incidents, child abuse reports, and protection of minors misconduct/conduct code violations, as well as data on all registered youth programs operated by Vanderbilt (including student organizations approved to work with minors) and third party organizations contracted for events in VU spaces. This may include confidential and sensitive reports, names of program leaders and personnel (participating VU adults engaging with minors in events), program characteristics, and imported data on background check and training dates of personnel (from VU systems).

    Data Steward: Dawn Riddle

    Regulatory Compliance Requirements: N/A

    Data Classification:  TBD

    Major Data Systems & Applications

    System NameWarehouseData Classification
    VUIT POM system (retired)  
    Ideal-Logic  
    Origami  
    NetDocuments  
  • Policy Management

    Policy Management data domain encompasses all University Policies. This may include edits, feedback, and approvals from campus partners and executive leadership involved in the University Policy Approval Process.

    Data Steward: Sophia Saison

    Regulatory Compliance Requirements: N/A

    Data Classification:  TBD

    Major Data Systems & Applications

    System NameWarehouseData Classification
    ConvergePoint  
    NetDocuments  

Additional Data Classification Rationale & Guidance for Legal & Compliance Data
Specific domain data may have different data classification levels depending on the type and format of a dataset.
Below are some domain specific guidelines and examples on classifying data. (more examples coming soon) 

Classification Type of Data ElementsExample(s)
Level 4 - CriticalN/AN/A
Level 3 - RestrictedProtected ID’s, private personal dataNational Identification numbers, Date of Birth, Sex at Birth
Level 2 - Institutional Use OnlyNon-sensitive directory informationDirectory Information (name, address, email, phone)
Level 1 - PublicAggregated Data and non-personally identifiable row level data

Some aggregate data may not be made public if there is a risk of personally identifying data classified at the internal or higher level.

If you are not sure which classification level your data falls in or have questions about data handling and sharing, contact Data Governance Program Office.

Minimum Training & Requirements to Request Access to Legal & Compliance Data

  • Departmental Approval Required.

test

Not sure how to start?

Reach out if you don’t know where to begin. The Office of Data and Strategic Analytics Partnering Team collaborate with leaders and serve as trusted advisers.  Partners provide subject matter expertise and are available to assist with your data needs.

Request Help