Institutional Analytics Information Governance

The purpose of this policy is to ensure that Institutional Analytic Information is readily accessible to members of the University community while protecting confidential or sensitive information from accidental or unauthorized access.

Definitions

Author - An employee who is given access to the data to write their own reports, analysis, and dashboard.

Publisher - One employee from each department who holds Author authority. Additionally, the publisher, with the permission of the appropriate department head (data owner), can publish dashboards, analysis, and reports for public access.

Confidential Information (CI) - Information protected by federal or state law may not be shared with unauthorized persons. These laws include the Federal Privacy Act which protects social security numbers, the Family Educational Rights and Privacy Act (FERPA) which protects personally identifiable student records, the Gramm-Leach-Bliley Act (GLBA) which protects consumer financial information, and the Health Insurance Portability and Accountability Act (HIPAA) which protects personal health information.

Sensitive Information (SI) - Information protected due to proprietary, ethical, legal or privacy considerations. This information is intended for limited use within the University. Access to SI may be restricted by the author or publisher of data for Institutional Analytics.

Policy

The University has invested significant resources in creating an Institutional Analytics information and data system. The Institutional Analytics system will only be useful if University personnel have access to the robust information needed to inform institutional planning and decision making. However, it must be recognized that authors and publishers have corresponding obligations to protect Confidential and Sensitive Information from illegal or unauthorized disclosure or use. Authors, publishers, and users should be cognizant that some data may be useful in the aggregate and at the same time be unlawful or unethical to use on an individualized basis (e.g. race, age, religion, disability). Thus, authors and publishers should restrict access to confidential or sensitive data or information. Questions, concerns or disagreements regarding classification of information or data as Confidential or Sensitive should be directed to the University’s Security Information Officer.

All Authors and publishers of Institutional Analytics must read and understand the University’s Confidential Information Policy - Section 3.22 and Section 19.2 Responsible Use of Computing Resources of the Miami University Policy and Information Manual (MUPIM). Failure to adhere to these policies is grounds for revocation of authorship/publisher status and may lead to disciplinary action including termination. Authors and publishers are responsible for creating dashboards and reports for the areas for which they are responsible. Authors and publishers should not use other author’s and publisher’s data without approval. Data may not be accessed or used for personal purposes and access to Institutional Analytics may not be provided to unauthorized persons. All Authors and Publisher are required to execute the Acknowledgement of Privileged Access.

Approval(s) and Date(s)

Version 1.0 Approval by: Institutional Analytics Advisory Committee

Version 1.0 Approval on: April 7, 2014