|
Data Access Policies Summary Document (11-17-2004) -DRAFT |
||
| Policy | Purpose of Policy | Policy Highlights |
| Roles and Responsibilities with Respect to University Data | To establish the levels of responsibilities for the control, protection and release of University data within the framwork of the University's general organizational structure. | Defines the follows roles and specifies high-level responsibilties for these roles: (1) President and/or designee(s) - primary accountability for the collection, accuracy and security of University data; Regulator - delegated or statutory responsibility for defining data values, definitions; requirements, security, confidentiality and access; Data Steward - policy-level responsibility for establishing definitions for that portion of University data assigned to him/her and developing general management, security and access procedures and guidelines for that data; Data Custodian - has day-to-day operational-level management responsibility for carrying out the procedures/guidelines developed by the Data Steward; Data Administrator - responsible for applying formal guidelines, tools, data definition documentation and record-keeping on assigned data. |
| Systems of Record | To define a 'system of record' and to ensure that the system of record is defined for all University data. | Defines System of Record, Shadow System and Recognized Data Collection Point and assigns responsibility to the Data Steward for defining the System of Record for each subset of University data assigned to him/her and for defining and documenting all official points of entry for data to the System of Record. |
| Data Classification | To establish a University-wide approach for the consistent handling and control of all University data with respect to security, access and confidentiality. | Defines four classification levels: Registered Confidential, Confidential, For Internal Use and Public/Unclassified; requires that all University data be classified according to one of these classifications and that the classification be consistent regardless of where the data resides. |
| Responsibilities for Maintaining Currency of Legal Obligations with Respect to University Data | To establish the levels of responsibilities by members of the University community with respect to maintaining currency of legal obligations resulting from Federal and State laws and regulations impacting University data. | Establishes that all University employees (collectively and individually) have a role to play in ensuring that the University maintains currency of its legal obligations with respect to University data and defines some specific responsibilities. |