Standards:
This
policy applies to University Information only (as defined below) and
is intended to improve access to these data by employees for conducting
University business. In all cases, applicable statutes, rules, and
regulations that guarantee either protection or accessibility of institutional
records will take precedence over this policy. While this policy is
especially pertinent to information stored electronically, it is applicable
to all information, such as paper, microform, and video, as well as
the content of confidential meetings and conversations. This policy
does not apply to notes and records that are the personal property
of individuals in the University community and is not directed to
data whose primary purpose is scholarly (e.g., instructional material,
research notes)
University
Information. A data element is considered University Information
if it provides support to and meets the needs of units of the University.
Guidelines
for determining University Information. Must meet one or more of the
following:
a)
It is used for planning, providing, managing, reporting, or auditing
a major administrative function
b) It is included in an official University administrative report
c) It is used to derive an element that meets the criteria above
By
default, all University Information will be designated as INTERNAL
DATA for use within the University or to satisfy University external
reporting requirements to the Board of Regents of the University System
of Georgia, State, Federal, or other external agencies. University
employees will have access to these data for use in the conduct of
University business. These data, while available within the University,
are not designated as open to the general public unless otherwise
required by law.
Data
Categories. Data stewards are responsible for categorizing
all University Information data elements within their managed systems
into one of three categories: Confidential, Sensitive, or Unrestricted.
Confidential
data. Requires the highest levels of restriction due to risk
of harm that may result from disclosure or inappropriate use. This
includes information whose improper use or disclosure could adversely
affect the ability of the University to accomplish its mission, records
about individuals requesting protection under the Family Educational
Rights and Privacy Act of 1974 (FERPA), or data not releasable under
the Georgia Open Records Act or the Georgia Open Meetings Act.
Sensitive
Data. Users must obtain specific authorization to access these
elements since unauthorized disclosure, alteration, or destruction
will cause perceivable damage to the University. It is assumed that
all administrative output from the central administrative systems
is classified as sensitive unless otherwise indicated. The specification
of data as sensitive should include reference to the legal or externally
imposed constraint that requires this restriction, the categories
of users typically given access to the data, and under what conditions
or limitations access is typically given.
Unrestricted
Data. No access restrictions. Available to the general public.
Data
Access and Stewardship Procedures. Data users are expected
to access University Information only in their conduct of University
business, to respect the confidentiality and privacy of individuals
whose records they access, to observe any ethical restrictions that
apply to data to which they have access, and to abide by applicable
laws, rules, regulations, or policies. Data stewards will work together
to define a single set of procedures for requesting access to sensitive
elements of University Information and to document these data access
request procedures. Data stewards also have the responsibility for
documenting the meta-data about their data so that users are aware
of the definitions, restrictions, or interpretations, and other issues
which ensure the correct use of the data.
Functional
Data Classifications. Data stewards represent functional
areas of the University as defined by the primary purpose served by
the data. A functional unit may be given authority for data that is
shared by many organizational units of the University.
Auxiliary
Data. Supports the auxiliary and related enterprises of the University
such as retail sales, central supplies, and other services.
Development/Alumni
Data. Supports all aspects of alumni and development data. This
includes personal data, demographic data, income, and giving data.
External
Relations Data. Supports activities, which interface between
the University and the rest of the community. This includes Event
Ticket Sales, publications and public information.
Facilities
Data. Supports the facilities and services resource of the University
including space planning data, construction, maintenance and operational
data, reservations and physical descriptive data.
Financial
Data. Supports the management of fiscal resources of the University
and includes accounting, budgeting, purchasing, accounts payable,
accounts receivable, loans, investments, capital assets, inventory,
and payroll information.
Human
Resources Data. Supports the management of employee resources
of the University. This data includes employee demographics, benefits,
retirement and EEO data, vitas, employee evaluations, promotion and
disciplinary data.
Information
Technology Data. Supports the provisioning and management of
the technology infrastructure provided by Information Systems and
Technology. This includes email addresses, registry and directory
data elements not belonging to another data type, network data, and
systems data.
Library
and Information Resource Data. Supports the management activities
and information resource collection activities of the University libraries,
including databases of purchased and locallyproduced information and
digitized files of University archives and other special collections.
Person
Registry Data. Supports the management of identity and authentication
for individuals associated with the University, including the creation
of unique data elements (such as CampusID, PantherCard number, Library
Barcode) that provide unambiguous identification and resolution for
merging of identity records. Person Registry data can be used to provision
other applications that are managing privileges to authorized individuals
or groups.
Student
Data. Supports all phases of a student’s relationship with
the University from application through alumni status except as noted
elsewhere. This includes, but is not restricted to, demographic data,
academic record, disciplinary and medical records, course information,
admissions data, housing, and financial aid, as well as employment
with the University, which is dependent on student status.
Procedures:
Request
Access to University Data
Secure
Your Workstation