Confidentiality of Information and Research Data

Catalog Number
IT
003
Scope

This policy applies to every person (employee, volunteer, etc.) who has access, manages, or manipulates institutional information and research data.

Purpose

Ethical, legal, and professional responsibility rules require appropriate management of institutional information and research data by all stewards and custodians (confidentiality). This policy establishes the foundational roles and rules of information management.

Policy

All information and data stewards and custodians will abide by ethical, legal, and professional responsibility rules in the maintenance and appropriate use of institutional information and research data.

Institutional Information and Data Stewards

  1. Scope: Stewards have the highest level of responsibility for administering the privacy, security, and regulatory compliance of data sets under their purview (e.g., education records, human resources, financial data).
  2. Authority/Responsibility: Information and data stewards authorize access and deactivation of individual custodians with a business need to access, manage, or manipulate institutional information and research data.
  3. Stewards must provide training in the proper handling and management of institutional information and research data for custodians under their authority.

Institutional Information and Data Custodians

  1. Scope: Custodians are any individuals (employees, volunteers, etc.) who access, manage, or manipulate institutional information or research data.
  2. Authority/Responsibility: Custodians must follow campus policy and stewardship rules for handling of institutional information and research data.

This policy requires adherence to ethical, legal, and professional standards, including, but not limited to:

  1. Institutional need-only access, management, and manipulation of institutional information and research data (i.e., no "administrative voyeurism").
  2. Disclosure of institutional information and research data in compliance with law, campus policy, and stewardship rules.
  3. The obligation not to facilitate the violation of administrative policies or the circumvention of technical or physical safeguards by others.
Policy Manager
Matthew Dalton, Chief Information Security Officer
Contacts
Contact Name
Matthew Dalton
Contact Title
Chief Information Security Officer
Contact Email
Contact Telephone
Contact Name
Chris Misra
Contact Title
Vice Chancellor for IT
Contact Email
Contact Telephone
Approval Authority
Vice Chancellor and Chief Information Officer
Executive Unit
Information Technology