Data Governance Frameworks for Bioinformatics

Kelsey Florek, PhD, MPH
Senior Genomics and Data Scientist
Wisconsin State Laboratory of Hygiene

Slides live at:
www.k-florek.net/talks

@k-florek.net

Objectives

Understand the core concepts of data governance
Explore the challenges in genomic data management
Identify the strategies and frameworks used in research and public health
Why Data Governance matters and its relevance to public health bioinformatics

What is Data Governance?

What is Data Governance

"A data management function to ensure the quality, integrity, security, and usability of the data collected by an organization"

"The purpose of data governance is to build trust in data"

Data Governance: The Definitive Guide: People, Processes, and Tools to Operationalize Data Trustworthiness

Core Components

Discoverability

Metadata Management
Data Quality
Classification and access control

Security

Data Privacy
Data Security
Classification and access control

Accountability

Data Lineage
Auditing and Assessments
Compliance

Discoverability

Data Inventory and Cataloging: identify and list all data sources, capturing details including data type, location, owner, access list/tags, and usage

Metadata: data that provides information about other data

Technical: filename, size, creation date, modified date, location, lineage
Business: sample id, patient name, facility location
Administrative: security classification, access permissions, audit and change logs
Descriptive: keywords associated with data, geographic association of data, outbreak id

Security

Why is data privacy important?
Why is data security important?
How do you maintain access control?
Who determines the security classification of data? (Public, Internal, Sensitive, Restricted)

Accountability

Data Owners and Stewards: who is responsible for the management of the data, who uses the data, who ensures compliance

Data Provenance: a comprehensive historical record that details the data's origins, modifications, and usage. Can you answer questions like:

Where did this data come from?
how did it get here?

Data Audits: conduct review of data to ensure accuracy, consistency, and security

Data Governance Frameworks

FAIR Principles (Findable, Accessible, Interoperable, Reusable)

Data Governance Frameworks

Global Alliance for Genomics & Health (GA4GH)

Data Governance Frameworks

Public Health Alliance for Genomic Epidemiology (PHA4GE)

Who is responsible in Data Governance?

Key Roles in Data Governance

Data Stewards: responsible for ensuring the quality and fitness for purpose of the organization's data assets, including metadata
Compliance Officers: ensures an organization adheres to legal, regulatory, and ethical standards
Data Owner: the individual or group responsible for the accuracy, integrity, and use of data within an organization
Bioinformatician: develops and runs complex analyses on the data
IT and Security Leads: responsible for infrastructure and framework that ensures integrity of an organization's data

Governance Committees

Responsibilities: ensure data quality and security, develop guidelines for classification, ensure compliance, define access and sharing protocols, promote integration and interoperability, lifecycle management, risk management.

Functions: establish policies and frameworks, training and awareness, audits

Best Practices: define clear ownership, strong leadership support, interdepartmental collaboration, continuous improvement

Challenges: cultural resistance, changing compliance requirements, balancing access and privacy, data complexity

Organization Size and Data Governance

Small organizations/teams -> fewer people interacting with less data -> simplified access strategies

Larger organizations/teams -> more people interacting with larger data -> complicated access strategies

Size alone is not responsible for complexity -> research institutions are complex web of smaller departments and labs

Tools that support genomic Data Governance

Data Cataloging

Excel
Cloudera
AWS Glue
Azure Data Catalog
Google Cloud Data Catalog
Data Hub
Amundsen

Access Control and Audits

AWS Cloudtrail / Google Cloud Audit Logs / Azure Audit Logs

Data Provenance/Lineage

Terra/WDL

Nextflow

Integrations with Laboratory Infrastructure

Storage Solutions: data categories/lifecycles

Raw Data Files
Temporary Intermediate Files
Outputs
Axillary Data

Stephens et al. PLoS Biology 2015

Laboratory Infrastructure

Storage Solutions: data categories/lifecycles

Cold data - long term storage, infrequently accessed
Warm data - medium term storage, accessible but not needed frequently
Hot data - short term storage, immediately accessible and fast

Stephens et al. PLoS Biology 2015

Wisconsin Storage Infrastructure Example

Cold Storage: Backups using AWS S3 Glacier (GitHub,FastQ,Results)
Warm Storage: On-premises >400TB Storage Area Network (SAN) using Shingled Magnetic Recording (SMR) (FastQ, Projects)
Hot Storage: On-premises 30TB Storage Area Network (SAN) using high-speed hard drives and AWS S3 (FastQ, Databases, Results, Intermediate Files)

Secure Transfer

When should encryption be used?

Developing a culture around data stewardship

Data Governance Training

DataCamp Data Governance Fundamentals

Standards and Policies

Policies: statements of intent, rules that must be followed
Standards: a best practice that makes following the rules easier

Wisconsin Standard for Version Control

Steps for updating containerized software and scripts
Steps for updating pipelines, including semantic versioning approach
Steps for updating infrastructure, and change requests

Standards and Policies

Policies: statements of intent, rules that must be followed
Standards: a best practice that makes following the rules easier

Wisconsin Policy for Operational Continuity

Outline of analysis infrastructure
Rules governing the infrastructure operation (data lifecycle, backups, access, etc..)
Rules for incident response

What questions do you have?