PLEASE NOTE: This policy is published as binding draft while under campus review. If you would like to submit feedback on the draft policy and related documents, please use the feedback form.
1. Institutional Information and Research Data Categorization Quick Start Guide
One's responsibilities for any particular use of data will dictate roles. For example, a faculty member working on academic advising for a student will be working on an education record that falls under academic student data, subject to the rules set out by the steward of that data, the Provost.
A faculty member who is the Principal Investigator for a research project is also the steward of that data. It is up to the faculty member whether they want to choose a data administrator to manage that data according to the rules that he or she set, as might be the case in the use of very large data sets worked on by any number of custodians such as graduate or work study students.
A faculty member may serve as a Data Steward, Data Administrator and Data Custodian of the same data set.
As Data Steward, the Principal Investigator can set additional controls for the protection of the research data under their care.
How do I know if I am a Data Steward?
You are a steward if in your role on campus charges you with management of large data sets of institutional information such as education records, human resources or financial data.
If you are a Principal Investigator, you are the steward of the research data.
If you are a faculty and have research data or original work, you are the steward of that data and intellectual property you have created.
How do I know if I am a Data Administrator?
You are a data administrator if a steward has so designated you as one. That steward may a vice chancellor who is a steward of a large institutional information data set or a faculty member, usually a principle investigator, who has designed you as the administrator of the research data.
How do I know if I am a Data Custodian?
Anyone who handles institutional information or research data is a custodian.
How does UMass Dartmouth define institutional information datasets?
|Student Academic Information||Provost & Executive Vice Chancellor|
|Student Non-Academic Information||Vice Chancellor for Student Affairs|
|Alumni and Donor Information||Vice Chancellor, University Advancement|
|Research Administration Information||Associate Provost for Research and Economic Development|
|Financial Information||Vice Chancellor for Administration and Finance|
|Employee Information||Vice Chancellor for Talent and Chief Diversity Officer|
|IT Infrastructure Information||Associate Vice Chancellor for Computer & Information Technology / CIO|
|Medical Information||Director, Health Services|
2. Roles and Responsibilities
Data Stewards Roles and Responsibilities
The primary roles of the Data Stewards are to preserve the utility, security, and privacy of institutional information and research data under their purview at UMass Dartmouth, and ensuring its compliance with applicable regulations through:
- Setting policies on the appropriate sharing, storage, and use of said information and data.
- Instituting training for those individuals who have access to said information and data.
- Setting policies and requirements for reviewing user access to said information and data.
- Deciding upon issues of sharing, storage and use of said information and data for which a policy has not been created.
- Working with other stewards to ensure consistency between policies, and to evaluate those data sets which cross into multiple areas, such as HR information for student employees.
A steward may designate a delegate who will act on behalf of the steward for a portion or all of the information and data under their purview. The delegate(s) should be identified in writing to the Associate Vice Chancellor for Computer & Information Technology / CIO as well as the Chief Information Security Officer, along with how long the delegation will be in place.
Data Administrators are those individuals who are responsible for a particular line of business or who may have special knowledge of and responsibility for the compliance requirements for certain information or data sets. They have one or two primary responsibilities:
- Inform the appropriate Steward(s) of any requirements or considerations that may influence Policy.
- Set procedures, standards, or guidelines consistent with Steward policies as they relate to information or data for their particular line of business.
Anyone who handles institutional information or research data is a custodian. Data custodians must comply with steward policy and implementation directives of data administrators.
Individuals seeking an exemption from a procedure, standard, or guideline set forth by a Data Administrator shall adhere to the following procedure:
- Seek an exemption from the Administrator. The procedure, standard, or guideline may include a specific process for requesting an exemption.
- If this request is denied, appeal to the Data Steward Delegate, if one has been identified, for the information or data.
- If this appeal is denied, appeal to the Data Steward.
- In the event that multiple information and data areas are involved, and therefore multiple stewards, and they cannot reach agreement on whether an exemption should be granted, the appeal will be brought before the Chancellor or the Chancellor’s delegate for final determination.
The Chief Information Security Officer shall be copied on all steps of the procedure.
4. Related Documents
- ITS-006: Information Security Policy
The UMass campuses strive to maintain consistent IT policies. The Information Security Policy and related documents have been adopted with permission from UMass Amherst.