Data Custodianship

Purpose

The University values openness and promotes access to a wide range of information; accordingly, the campus information systems have been designed to be as open as possible. This policy seeks to strike a balance between access to information, data integrity and appropriate confidentiality for University faculty, staff, and students.

Statement of Policy

The reliability, availability and accessibility of University data is critical to the day-to-day function of the University. Each member of the University community (students, faculty, staff, and guests) and designated agents are expected to protect the integrity of data and to know and adhere to University rules, regulations and guidelines for its appropriate use.
To that end, University information should be protected by acknowledging information custodial roles and responsibilities. Data owners, users and managers should each understand their particular roles in the custodianship of University data. By exercising appropriate custodial roles, appropriate due care of University information can be assured.

Roles and Responsibilities of Data Custodians

The University classifies data owners as those responsible for:

  • Knowing and understanding the data for which they are responsible;
  • Evaluating and ensuring the data has been appropriately classified based on state and federal law, regulatory agency requirements and any contractual obligations, and University regulations;
  • Establishing access and utilization criteria;
  • Exercising due care in setting standards for protection of data;
  • Monitoring compliance and enforcing policy;
  • Implement practices to assure data accuracy.

 
The University classifies data users as those responsible for:

  • Following this policy and information access procedures established by data owners;
  • Access only the information for which they are authorized;
  • Report suspected or actual violations of policies and standards to management;
  • Exercising due care in the use of confidential and restricted data.

 
The University classifies data managers as those responsible for:

  • Executing access authorizations or data transfers authorized by the data owner;
  • Using best practices to maintain the confidentiality, integrity, and availability of information;
  • Providing a mechanism for monitoring compliance and enforcing policy;
  • Exercising due care in the administration of systems hosting the data.

ICIT Responsibilities

ICIT facilitates the development of policies, and develops procedures and guidelines which enable University employees to understand their particular custodial roles and responsibilities with respect to University information. ICIT implements the technical infrastructure that allows University employees to efficiently and effectively exercise these custodial roles. ICIT also serves as the de facto data manager for most University data.