home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Forum of Incident Response & Security Teams
/
Forum_of_Incident_Response_and_Security_Teams_FIRST_October_1994.iso
/
ethics
/
iuaccess.txt
< prev
next >
Wrap
Text File
|
1994-07-08
|
9KB
|
209 lines
To give you some background on the history of this document: It
was initially developed with input from a Data Administration
Subcommittee of our Administrative Computing Advisory Committee,
and was subsequently reviewed and revised by two groups
specifically designated to deal with issues of institutional data
and data access: the Committee of Data Stewards and the Committee
on Institutional Data. In October 1991 it was approved by the
IU's University Operations Cabinet and in December 1991 it was
distributed by the Office of the President.
*****************************************************************
Gerry Bernbom
Assistant Director, Data Administration and Access
University Computing Services
Indiana University
1000 E. 17th Street
Bloomington, IN 47405
Phone: (812) 855-4624
FAX: (812) 855-7868
Internet: bernbom@ucs.indiana.edu
Bitnet: bernbom@iubacs
*****************************************************************
=================================================================
INDIANA UNIVERSITY
POLICY ON ACCESS TO INSTITUTIONAL DATA
(Approved by the University Operations Cabinet, October 30, 1991)
STATEMENT OF PHILOSOPHY
The value of data as an institutional resource is increased
through its widespread and appropriate use; its value is
diminished through misuse, misinterpretation, or unnecessary
restrictions to its access.
SCOPE OF POLICY
This policy applies to institutional data (as defined in Appendix
A) and is intended to improve university-wide access to these
data. The policy does not apply to notes and records that are
the personal property of individuals in the university community,
and is not directed to data whose primary purpose is scholarly
(instructional material, research notes, etc.). In all cases
applicable statutes and regulations that guarantee either
protection or accessibility of institutional records will take
precedence over this policy.
(Note: Definitions of terms used in this policy are supplied
in Appendix A.)
STATEMENT OF POLICY
Access to institutional data -- the permission to view or query
institutional data -- should be granted to all eligible employees
of Indiana University (as defined in Appendix A) for all
legitimate university purposes.
University data stewards will be responsible for assigning each
item of institutional data and each standard view of that data to
one of three categories: public, university-internal, or
limited-access.
Except as noted below, all institutional data will be designated
as university-internal data for use within the university. All
eligible employees of the university will have access to these
data, without restriction or prior authorization, for use in the
conduct of university business. These data, while freely
available within the university, are not open to the general
public.
As appropriate, data stewards may identify data elements or views
that have no access restriction whatsoever and that may be
released to the general public. These will be designated public
data.
As necessary, data stewards may designate some data elements
limited-access data. Such designation will include: specific
reference to the legal, ethical, or other constraint that
requires this restriction and description of the categories of
data users that are typically given access to the data, the
conditions under which access is given, or the limitations that
apply to such access.
Data stewards will work together to define a single set of
procedures by which users may request permission to access
limited-access institutional data, and will be jointly
responsible for documenting these procedures. Each data steward
will be individually responsible for documenting data access
procedures that are unique to a specific information resource or
set of data elements.
Any data user may request that a data steward or the committee of
data stewards as a group review the restrictions placed on a data
element or data view, or review a decision to deny access to
limited-access data. When necessary, the Committee on
Institutional Data will make the final determination on data
restrictions and requests for access rights to institutional
data.
Data users will be expected to access institutional data only in
their conduct of university business, to respect the
confidentiality and privacy of individuals whose records they may
access, to observe any ethical restrictions that apply to data to
which they have access, and to abide by applicable laws or
policies with respect to access, use, or disclosure of
information. Expressly forbidden is the disclosure of limited-
access or university-internal institutional data or the
distribution of such data in any medium, except as required by an
employee's job responsibilities. Also forbidden is the access or
use of any institutional data for one's own personal gain or
profit, for the personal gain or profit of others, or to satisfy
one's own personal curiosity. Violation of this policy will be
dealt with seriously. Violators will be subject to the normal
disciplinary procedures of the university and, in addition, the
loss of data access privileges may result.
APPENDIX A: DEFINITIONS
COMMITTEE ON INSTITUTIONAL DATA (CID). Chaired by the Associate
Vice President for Information Resources, this committee
establishes overall policy and guidelines for management and
access to the institutional data of the university.
DATA, INSTITUTIONAL. A data element is considered institutional
data if it satisfies one or more of the following criteria: it is
relevant to planning, managing, operating, or auditing a major
administrative function of the university; it is referenced or
required for use by more than one organizational unit; it is
included in an official university administrative report; or it
is used to derive an element that meets the criteria above. The
data stewards, under the oversight of the CID, will apply these
criteria to determine which data are institutional in nature.
Any data steward, data manager, user group, or data user may
identify and suggest data elements for consideration by the
committee of data stewards.
DATA, LIMITED-ACCESS. These are data elements that, because of
legal, ethical, or other constraints may not be accessed without
specific authorization or to which only selective access may be
granted.
DATA, PUBLIC. These are data elements to which the general
public may be granted access.
DATA, UNIVERSITY-INTERNAL. These data elements may be accessed
by all eligible employees of the university, without restriction,
for the conduct of university business.
DATA ACCESS, INSTITUTIONAL. Access to institutional data refers
to the permission to view or query data.
DATA MANAGERS. University officials and their staff who have
operational-level responsibility for data capture, data
maintenance, and data dissemination.
DATA STEWARDS. University officials who have policy-level
responsibility for managing a segment of the university's
information resource.
DATA USERS. Employees of Indiana University who access
institutional data in performance of their assigned duties.
DATA VIEW. A logical collection of data elements, possibly from
multiple physical databases, that are assembled and presented
according to a defined set of rules.
ELIGIBLE EMPLOYEES. Faculty, staff and administrators holding
full-time appointment at Indiana University or other employees
specifically designated as eligible by the head of their
department, division, school, or campus.
APPENDIX B: IMPLEMENTATION
Enactment of this policy will not result in the immediate
accessibility of all institutional data. A timetable for
implementation will be the joint responsibility of the data
stewards and UCS/Data Administration. Key implementation tasks
will include: identification of data elements that are
institutional in nature; identification of current storage
locations and storage media for these data elements; assignment
of data elements to the appropriate data steward; designation of
data elements as limited-access or public, as necessary (all
other data being categorized as university-internal, as defined
in this policy); identification of standard data views;
prioritization of data elements and data views to be made
accessible as university-internal or public; definition and
documentation of access request procedures; and revisions to the
information access environment or applicable security systems to
enable access as defined in this policy. In establishing an
implementation plan for this policy the data stewards will give
priority to data stored in electronic form. Data stewards and
UCS Data Administration will promote a culture of responsible use
of institutional data by providing data users with information
and guidelines about the appropriate use of data, and by making
available data definitions and documentation to assist data users
in making reasonable and accurate interpretations of the data
they access.
The Committee on Institutional Data will provide the University
Operations Cabinet with regular reports regarding the status of
this policy and its implementation.
=================================================================