Main menu

Administrative Data Access Policy

Guiding Principles

Information maintained by the College is a vital asset that will be available to all employees who have a legitimate need for it, consistent with the College’s responsibility to preserve and protect such information by all appropriate means. The College is the owner of all administrative data; individual units or departments may have stewardship responsibilities for portions of that data. The College intends that the volume of freely accessible data be as great as possible, given limitations of budget and applicable federal, state and local laws.

The value of data as an institutional resource is increased through its widespread use; is diminished through misuse, misinterpretation, or unnecessary restrictions to its access. The College does not condone the use of administrative data for anything but the conduct of College business. Employees accessing data must: observe requirements of confidentiality and privacy, comply with protection and control procedures, and accurately present the data in any use.

The College determines levels of access to administrative data according to principles drawn from various resources. State and federal law provides clear description of some types of information to which access must be restricted. In an academic community, ethical considerations are another important factor in determining access to administrative data.

Definition of Administrative Data

The College’s database consists of information critical to the success of the College as a whole. The College database is shared data and is managed within a conceptual framework. The College database is distributed across processing units both within and outside the College.

Data may be digital text, graphics, images, sound or video. The College regards data that are maintained in support of a functional unit’s operation as part of the College’s administrative database if they meet any of the following criteria:

  • If at least two administrative operations of the College use the data and consider the data essential;
  • If the College must ensure the integrity of the data to comply with legal and administrative requirements for supporting statistical and historical information externally;
  • If a broad cross section of users refers to or maintains the data; or
  • If the College needs the data to plan.

Some examples of administrative data include student course grades, employee salary information, vendor payments, and the College’s annual report of facts (Red Book). Administrative data does not include personal electronic calendar information and similar material.

Data Administrators

Data Administrators are individuals directly responsible for creating, maintaining, and using data to support the College’s operation and information needs within their functional area.

Responsibilities of Data Administrators

Data Administrators will assign each item of administrative data and each standard view for their area of responsibility to a security class. For example, data can be viewed by anyone; data can be viewed by a select few; or data is totally restricted.

The Data Administrators are also responsible for maintaining data integrity. They will determine the most reliable sources of data and regularly evaluate the quality of the data under their purview. Data Administrators will identify gaps and redundancies in the data and, to the extent possible, will ensure that only needed versions of each data element exist. They will also monitor the data for accuracy, integrity, and dependability, and where appropriate, will initiate action concerning these issues.

The Data Administrators, in consultation with the person assigned to administrative data security in ITS, will determine security requirements for their data and will be responsible for monitoring and reviewing security implementation and authorized access.

Data Administrators will also define the criteria for archiving the data to satisfy retention requirements.

Responsibilities of ITS Staff

ITS is ultimately responsible for defining and implementing polices and procedures to assure that data are backed up and recoverable. ITS is also responsible for carrying out the security identified by Data Administrators as well as system security. Some examples include redundancy plan, physical security of hardware, system interfaces, authentication and protocols.

Developing and applying standards and/or procedures for the management of institutional data and for ensuring that data are accessible to those who need it is another function that is carried out by ITS.

In cooperation with the Data Administrators a standard method for naming and defining data will be developed. ITS will help facilitate conflict resolution in data definitions, if it occurs.

Requests for Access

Access to legally restricted or limited access data by College employees requires that a formal request be made to the appropriate Data Administrator. All requests for exceptions to the data access policies must be made in writing to the Data Administrator. Email requests are acceptable. The request must specify the data desired and their intended use.

The Data Administrator must provide a written record of the reasons for denial of any access request. Email records are acceptable.

Members of the College community may appeal any data access decision. Appeals may be made to the appropriate Vice President, who in consultation with the Vice President of Business Affairs and the Vice President of Academic Affairs will render a decision.

Responsibilities of Users

College employees or persons with access to Administrative Data shall not:

  • Make unauthorized use of any information in files maintained, stored, or processed by ITS or permit anyone else to make unauthorized use of such information.
  • Seek personal benefit or permit others to benefit personally from any confidential information that has come to them by virtue of their work assignment.
  • Exhibit or divulge the contents of any record or report to any person except in the conduct of their work assignment and in accordance with College and departmental policies.
  • Knowingly include or cause to be included in any record or report a false, inaccurate or misleading entry.
  • Operate or request others to operate any College equipment for one’s own personal gain or profit, for the personal gain or profit of others, or to satisfy personal curiosity.
  • Divulge personal ID’s or passwords for Administrative Data to unauthorized personnel.

Users will also comply with all reasonable protection and control procedures for administrative data to which they have been granted access.

All violations of these guidelines shall be reported to the Assistant Vice President of Information Technology Services immediately. The information provided will be investigated and if found to have credence, will be sent to the appropriate Vice President for handling through College policies and procedures.

Any violations of these guidelines may be cause for immediate dismissal or other appropriate personnel action.

Addendum

Datatel System

Office Responsible

Academic Records

Registrar

Accounts Payable

Business Office

Accounts Receivable

Business Office

Budget Management

Business Office

Campaign Management

Development

Campus Organizations

Student Affairs

Cash Receipts

Business Office

Colleague Financials

Business Office

CORE

Admissions, Human Resources, Registrar, Business Office

Curriculum Management

Registrar

Degree Audit

Registrar

Faculty Information

Academic Affairs, Human Resources

Financial Aid System

Financial Aid

Fixed Assets

Plant Operations, Business Office

General Ledger

Business Office

Gift and Pledge Processing

Development

Human Resource System

Human Resources

Inventory

Business Operations, Student Affairs, Library, Business Office

Physical Plant

Plant Operations

Purchasing

Business Office

Recruitment and Admissions Management

Admissions

Registration

Registrar

Residence Life

Student Affairs

Reviewed and approved by the Technology Implementation Committee April 11, 2002.

Reviewed by the R17 Conversion Committee June 2002.

Reviewed and approved by Cabinet November 2002.

Reviewed: 5/11/16

Back to Top