ITS-007: Confidentiality of Institutional Information and Research Data Policy

PLEASE NOTE: This policy is published as binding draft while under campus review. If you would like to submit feedback on the draft policy and related documents, please use the feedback form.

I. Introduction

Ethical, legal, and professional responsibility rules require appropriate management of institutional information and research data by all stewards and custodians (confidentiality). This policy establishes the foundational roles and rules of information management.

II. Policy Statement

All information and data stewards and custodians will abide by ethical, legal, and professional responsibility rules in the maintenance and appropriate use of institutional information and research data.

III. To Whom This Policy Applies and Responsibilities

  1. This policy applies to every person (employee, volunteer, etc.) who has access, manages, or manipulates institutional information and research data.
  2. Institutional Information and Data Stewards
    1. Scope: Stewards have the highest level of responsibility for administering the privacy, security, and regulatory compliance of data sets under their purview (e.g., education records, human resources, financial data).
    2. Authority/Responsibility: Information and data stewards authorize access and deactivation of individual custodians with a business need to access, manage, or manipulate institutional information and research data.
    3. Stewards must provide training in the proper handling and management of institutional information and research data for custodians under their authority.
  3. Institutional Information and Data Custodians
    1. Scope: Custodians are any individuals (employees, volunteers, etc.) who access, manage, or manipulate institutional information or research data.
    2. Authority/Responsibility: Custodians must follow campus policy and stewardship rules for handling of institutional information and research data.

IV. Standards

This policy requires adherence to ethical, legal, and professional standards, including, but not limited to: 

  1. Institutional need-only access, management, and manipulation of institutional information and research data (i.e., no "administrative voyeurism").
  2. Disclosure of institutional information and research data in compliance with law, campus policy, and stewardship rules.
  3. The obligation not to facilitate the violation of administrative policies or the circumvention of technical or physical safeguards by others.

V. Related Policies

The UMass campuses strive to maintain consistent IT policies. The Confidentiality of Institutional Information and Research Data Policy and related documents have been adopted with permission from UMass Amherst.

QuickLinks

x

+