Ò»±¾µÀÎÞÂë

Guidelines for Internal Data Sharing and Use

The purpose of these guidelines is to provide information to facilitate data sharing across Ò»±¾µÀÎÞÂë.

Applies To

These guidelines apply to all students, faculty, staff, and any external parties who have access to institutional data.

Definitions

Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the university should that data be disclosed, altered, or destroyed without authorization.

A data user is the individual or business entity that utilizes institutional data.

A data steward is a senior-level employee of the university who oversees the lifecycle of one or more sets of institutional data. See the Information Security Roles and Responsibilities for more information.

Institutional data is defined as all data owned or licensed by the university.

Guidelines

The following recommendations are encouraged in order to facilitate data sharing across the university:

• Data on the website accessible to the general public is public information. Any data that requires authentication credentials to access that data is to it should only be used internally and not shared publicly. Approval must be obtained to share that data externally.
• Data access requests should be submitted to the data steward or data stewards who oversee that data. Data requests should include a clear business need for use of the data.
• Data approved for use for one purpose cannot be used for another purpose without approval from the Data Steward(s).
• Data is to be handled appropriately per the Guidelines for Data Classification and the Guidelines for Data Protection.
• If data is lost or stolen or was copied or stored on a device that was is lost or stolen, the Ò»±¾µÀÎÞÂë Police Department and the Information Security Office should be notified immediately. The Procedure for Reporting Unauthorized Release or Access of Data should be followed.

The following are the expectations and responsibilities for Data Stewards concerning data sharing:

• Data Stewards are expected to respond to data access requests in a timely manner.
• Data Stewards are expected to indicate the reason for the rejection of any data access requests, providing transparency into the data access request process.
• All data overseen by the data steward should have a data classification assigned, per the Guidelines for Data Classification.

The following are the expectations and responsibilities for data users concerning their utilization of the data:

• Data users are expected to provide accurate and complete information to the data steward for the business need for the data and list how it will be used, stored, and maintained.
• Data users are responsible for being informed about and complying with all applicable laws, regulations, standards, and guidelines concerning the data for which they are using.
• Data users are responsible for not sharing data or information with other members of the University community unless they are authorized by a data steward to view that data or information.
• Data users are expected to contact the data steward if there is a question concerning the use of the data.
• Data users are expected to use the data that is appropriate for business needs.
• Data users are responsible for alerting the data steward when the data is no longer needed.
• Data users are expected to follow the Procedure for Responding to Unauthorized Release or Access of Data when necessary.

Revision History