POLICY 4-001: Institutional Data and Information Management and Access (Revision)

Executive Summary

This policy replaces the University Institutional Data Management Policy that was written in 1996. The primary purpose of the revision is to balance the competing needs for access to information and the security of information.

What does this policy do?

1. Defines in general terms what institutional data is and isn’t (administrative vs. academic/research)
2. Establishes the role of the Chief Information Officer as the person responsible for making information securely and reliably available to individuals and organizations for the performance of the business of the University.
3. Defines the role of governance committees and councils.
4. Defines levels of responsibility for the stewardship, management, and consumption of institutional data.
5. Defines policy in terms of principles:
   1. Data is valuable and should be used.
   2. Data is accessible for the appropriate purposes.
   3. Appropriate purposes include (among other purposes):
      1. Improving services to campus.
      2. Increasing the understanding, usefulness, ease of use of data.
      3. Improving efficiency.
   4. Use is subject to “best practices” including appropriate security.
   5. Data must be kept accurate, complete, and current.
   6. Appropriate access to data should not be delayed or withheld.
   7. Data Steward is responsible for security, validity, correctness of data, and conditions of use of the data.
   8. Data Steward may pre-approve data for ready access.
   9. Denied or delayed requests may be appealed to the designated governing body. The CIO renders the final decision.