|Skip to Main Content|
  1. PROSPECTIVE STUDENTS
  2. CURRENT STUDENTS
  3. FACULTY & STAFF
  4. ALUMNI
  5. COMMUNITY & FRIENDS
 
  1. CAMPUS LINKS
    1. Inside UNCG
    2. University News
    3. Admissions
    4. Academics
    5. Online Courses & Degrees
    6. Libraries
    7. Administration
    8. Research & Centers
    9. International Programs
    10. Continuing Education
      & Outreach
    11. Technology
    12. Arts &Entertainment
    13. Athletics
    14. Employment
    15. Giving to UNCG

The University Policy Manual

Home » Policy Manual » Data
  1. Introduction
  2. Academic / Academic Support
  3. Administration 
  4. Business
  5. Personnel
  6. Research
  7. Student Service
  8. Appendix

Data Classification Policy

The University Of North Carolina At Greensboro

(Approved by the Chancellor, July 19, 2004)

  1. Purpose
    UNCG enterprise-level administrative data are an asset owned by the University of North Carolina at Greensboro (hereinafter "University") and must be protected accordingly. A data policy is necessary to provide a framework for securing data from risks including, but not limited to, unauthorized destruction, modification, disclosure, access, use, and removal. This policy outlines measures and responsibilities required for securing data resources. It shall be carried out in conformity with state and federal law.

    This policy serves as a foundation for the University’s information security policies, and is consistent with the University’s data management and records management standards. The University recognizes that the value of its data resources lies in their appropriate and widespread use. It is not the purpose of this policy to create unnecessary restrictions to data access or use for those individuals who use the data in support of University business or academic pursuits.
  2. Scope
    This policy applies to all centrally managed University enterprise-level administrative data and to all user-developed data sets and systems that may access these data, regardless of the environment where the data reside (including mainframe systems, servers, personal computers, mini-computers, etc.). The policy applies regardless of the media on which data reside (including electronic, microfiche, printouts, CD, etc.) or the form they may take (text, graphics, video, voice, etc.).
  3. Policy
    Data must be maintained in a secure, accurate, and reliable manner and be readily available for authorized use. Data security measures will be implemented commensurate with data value, sensitivity, and risk.
    1. To implement security at the appropriate level, establish guidelines for legal/regulatory compliance, and reduce or eliminate conflicting standards and controls over data, data will be classified into one of the following categories:
      1. Restricted – data whose disclosure to unauthorized persons would be a violation of federal or state laws or University contracts.
      2. Public – data to which the general public may be granted access in accordance with the North Carolina Public Records Act.

      Data in both categories will require varying security measures appropriate to the degree to which the loss or corruption of the data would impair the business or research functions of the University, result in financial loss, or violate law, policy or University contracts.

    2. Security measures for data are set by the data custodian, working in cooperation with the data stewards, as defined below.

      The following roles and responsibilities are established for carrying out data policy:

      1. Data Trustee: Data trustees are senior University officials (or their designees) who have planning and policy-level responsibility for data within their functional areas and management responsibilities for defined segments of institutional data. Responsibilities include assigning data stewards, participating in establishing policies, and promoting data resource management for the good of the entire University.
      2. Data Steward: Data stewards are University officials having direct operational-level responsibility for information management – usually department directors. Data stewards are responsible for data access and policy implementation issues.
      3. Data Custodian: Information Technology Services is the data custodian. The custodian is responsible for providing a secure infrastructure in support of the data, including, but not limited to, providing physical security, backup and recovery processes, granting access privileges to system users as authorized by data trustees or their designees (usually the data stewards), and implementing and administering controls over the information.
      4. Data User: Data users are individuals who need and use University data as part of their assigned duties or in fulfillment of assigned roles or functions within the University community. Individuals who are given access to sensitive data have a position of special trust and as such are responsible for protecting the security and integrity of those data.

      Clarification of roles in data classification is the responsibility of the Data Management department of the Information Technology Services Division.

  4. Enforcement
    Enforcement measures implemented for data security will be dictated by the data-classification level. Measures will include an appropriate combination of the following:
    1. Encryption requirements
    2. Data protection and access control
    3. Documented backup and recovery procedures
    4. Change control and process review
    5. Data-retention requirements
    6. Data disposal
    7. Audit controls
    8. Storage locations
    9. User awareness
  5. Review
    The Chancellor has approved the Data Classification Policy. The Director of Data Management will review the policy periodically and bring concerns to the Information Security Committee, which will recommend revisions as appropriate.
  6. Links to Related University Policies
    Enterprise Systems Policy
    Acceptable Use of Computing and Electronics Resources Policy
    Security of Networks and Networked Data Policy
 
Information Technology Services
The University of North Carolina at Greensboro
Greensboro, NC 27402-6170
Technical Support 336.256.TECH (8324)