Procedure to Implement Data Classification Policy
The University of North Carolina at Greensboro
Policy Reference: Data Classification Policy
Approved: November 30, 2006
Document Maintainer: Interim Director, ITS - Data Management
Roles and Responsibilities
The following structure is established for carrying out University data policy and applies to all enterprise-level administrative data for which Information Technology Services (ITS) serves as the custodian:
Data Owner
UNCG is the owner of all enterprise-level administrative data.
Data Trustee
Data trustees are senior level University officials, or their designees, who have planning and policy-level responsibility for data within their functional areas and management responsibilities for defined segments of institutional data.
Responsibilities
- Be aware of all enterprise-level data areas that fall within their functional area of responsibility.
- Assign a data steward for each functional data area and provide the ITS Office of Data Management with a copy of each letter of delegation (see Assignment of Data Stewards below).
- Establish enterprise level data policies.
- Promote data resource management for the good of the entire University through:
- Assuring that data subsets are managed in such a way as to meet the needs of the broader University.
- Promoting the key values of data integrity, accuracy, security, privacy, and accessibility.
The following table shows the administrative functional areas of the University and their respective data trustees.
| Administrative Area | Data Trustee |
|---|---|
| Academic Affairs | Provost |
| Business Affairs | Vice Chancellor for Business Affairs |
| Information Technology Services | Vice Chancellor for Information Technology Services |
| Student Affairs | Vice Chancellor for Student Affairs |
| University Advancement | Vice Chancellor for University Advancement |
| Chancellor's Office | Chancellor |
Data Steward
Data stewards are University officials having direct operational level responsibility for information management - usually department directors.
Responsibilities
- Evaluate and determine the appropriate classification of data based on state and federal law; regulatory agency requirements; contractual obligations; University policies/guidelines; and the confidentiality, criticality and sensitivity of the data.
- Specify business rules regarding the treatment, modification, and reporting of data elements within their functional area of responsibility
- Assure data accuracy and data quality.
- Understand the impact their design and access decisions have on the information and business needs of the users of the data.
- Evaluate and approve or disapprove access to data at a level commensurate with the user's job requirements.
- Coordinate with the data custodian to establish appropriate security measures for the data for which they have responsibility.
- University policy may restrict or dictate the Data Steward's role regarding data design and control.
Assignment
Data Stewards will be assigned through a letter of delegation from the appropriate Data Trustee specifying the data subset, applications, and/or databases for which the Data Steward has been given responsibility. There must be an assigned data steward for all functional area data subsets.
The Data Trustee will provide the ITS Office of Data Management with a copy of each letter of delegation so that a listing of Data Stewards and their areas of responsibility can be maintained and published by that office.
The following tables show functional data areas of the University and their data stewards.
| Data Subset for Academic Affairs | Proposed Steward for Academic Affairs |
|---|---|
| Course Data | University Registrar |
| Enrolled Student Data | University Registrar |
| Academic History | University Registrar |
| Continual Learning Non-credit Student Data | Assistant Dean, Continual Learning |
| Undergraduate Admissions Data | Director, Undergraduate Admissions |
| Undergraduate Recruitment Data | Director, Undergraduate Admissions |
| Graduate Admissions Data | Associate Dean, Graduate School |
| Graduate Recruitment Data | Assistant Dean/Director of Recruitment, Graduate School |
| Space Assignment Data(FAMIS) | Director of Space Management |
| Financial Aid Data | Director of Financial Aid |
| Student Academic Services Data | Director, Student Academic Services |
| University Library Data | Assistant Director for ITER and Head of ERIT |
| EPA Personnel Data | Assistant Vice Chancellor for EPA Personnel |
| Data Subset for Business Affairs | Proposed Steward for Business Affairs |
|---|---|
| Payroll Data | Assistant Controller |
| SPA Personnel Data | Director of Employee Services |
| Benefits Data | Assistant Vice Chancellor for Personnel Services |
| Position Data | Director, Financial Planning and Budgets |
| FirstCard Center | Director, UNCG FirstCard Center |
| Postal Services | Director, UGP & Postal Services |
| Fixed Assets | Assistant Controller |
| Budgets | Director, Financial Planning and Budgets |
| Accounting | Assistant Vice Chancellor for Finance |
| Accounts Payable | Assistant Controller |
| Accounts Receivable | Manager, Cashiers and Student Accounts |
| Foundation Accounting | Assistant Vice Chancellor for Foundation Finance |
| Contracts and Grants | Director, Contracts and Grants |
| Purchasing | Director, Purchasing and Risk Management |
| Public Safety & Police Data | Chief of Police |
| Facilities Design & Construction Data | Director, Facilities Design & Construction |
| Facilities Operations Data | Assistant Vice Chancellor for Facilities |
| Parking Data | Director, Parking Operations and Campus Access Management |
| Data Subset for ITS | Proposed Steward for ITS |
|---|---|
| CSAM Data | Assistant Vice Chancellor for Systems |
| Telephone Services Data | Director, Telephone Services |
| Data Subset for Student Affairs | Proposed Steward for Student Affairs |
|---|---|
| Student Health Data (Counseling & Testing Center Data) | Director, Student Health Services |
| Career Services Data | Director, Career Services |
| Campus Recreation Data | Director, Campus Recreation |
| Disability Services Data | Director, Disability Services |
| Housing and Residence Life Data | Director, Housing and Residence Life |
| Orientation Data | Director, Office of Orientation |
| Dean of Students Data | Dean of Students |
| Data Subset for University Advancement | Proposed Steward for University Advancement |
|---|---|
| Advancement Data | Director, Advancement Services |
| Prospect Tracking Data | Assistant Vice Chancellor for Central Development |
| Annual Giving Data | Director of Annual Giving |
Data Custodian
Information Technology Services is the data custodian.
Responsibilities
- Develop and enforce security procedures, operating practices, and university information security policies that support the security measures specified by the data steward and are in keeping with state and federal law.
- Advise data stewards regarding security best practices and work with the data stewards to make sure that appropriate security safeguards are in place.
- Protect data through physical security practices, backup and recovery, and business continuity planning.
Data User
Data users are individuals who use or maintain University data as part of their assigned duties or in fulfillment of assigned roles or functions within the University community.
Responsibilities
- Be knowledgeable of and adhere to all business rules, data classification requirements, privacy requirements, proper usage standards, and policies related to all data they maintain or use. Data users with a legitimate business need-to-know may access restricted data.
Summary of Applicable Laws
Public Data
- NC Public Records Act
Scope:- All information associated with business transactions by any NC government agency.
- All data is public except that which is specifically restricted by State or Federal law.
- Individual's State tax information, date of birth, driver license number, social security number, bank account number, credit card number.
- Data that is restricted by specific State or Federal law (see information below).
Restricted Data
- Federal Educational Rights Privacy Act (FERPA)
Scope:- All student educational records.
- All data is restricted except directory information.
- Directory information is restricted if an individual has requested that it be confidential.
- Student name, mailing and permanent address, telephone numbers, email addresses, date of birth, place of original enrollment, major field of study, enrollment status, dates of attendance, anticipated date of graduation, degrees and awards received, most recent institution attended, and honors information.
- NC Privacy of State Employees Personnel Records
Scope:- All personnel records of former and current employees, and applicants for employment.
- All data is restricted except for items listed under Exceptions.
- Name, age, date of original employment, current position title, current salary, date and amount of most recent salary change, date of most recent promotion, demotion, transfer, suspension, separation or other change in position classification, agency, and location to which employee is assigned.
- Health Insurance Portability and Accountability Act (HIPAA)
Scope:- All personally identifiable health information.
- All data is restricted.
- NC Identity Theft Protection Act of 2005
Scope:- Information that personally identifies an individual. All data is restricted, including: social security number, driver license, State ID or passport number, any number or information that can access a person's financial resources, passwords and PINs.
- Payment Card Industry (PCI) Compliance
Scope:- Credit card information
For additional information, see the following:
- FERPA Information
- UNCG Data Classification Policy
- HIPAA Compliance Policy
- Personnel Records and Reports Policy (PDF: requires a reader such as Adobe Reader)
Banner Security Committee
The following table shows the current members of the Banner Security Committee. Members of this committee serve as security administrators for Banner data.
| Member | Office | Banner Module |
|---|---|---|
| Laura Young (Chair) | Business Affairs | |
| Ellen Robbins | Academic Systems and Student Achievement | Student |
| Deborah Tollefson | Financial Aid | Financial Aid |
| Larry O'Barr | Cashiers | Accounts Receivable |
| Chris Burnett | Financial Systems Support | Finance and Human Resources |
| Donna Sexton | Advancement Services | Advancement |
| Kelly Rowett-James | University Registrar | Student |
| Moreland Smith (ex officio) | ITS | |
| Craig Montgomery (ex officio) | ITS | |
| Susan Hensley (ex officio) | ITS | |
| Tim Lowrance (ex officio) | ITS | |
| Laura Kelley | Academic Systems and Student Achievement | |
| Valerie McFadden (ex officio) | ITS |