1.0: Policy and Background

2.0: Definition of Administrative Data

3.0: Roles and Responsibilities

4.0: Requests for Access to Administrative Data

5.0: Responsibility of Data Users

Definitions of Important Terms

Appendix A: Definitions and Examples of Administrative Data Categories

Appendix B: Roles and Responsibilities

Appendix C: Current Listings of Persons Performing Relevant Roles

5.0 Responsibilities of Data Users

5.1: Use of administrative data only in the conduct of institutional business

The institution expressly forbids the disclosure of unpublished administrative data or the distribution of such data in any medium, except as required by an employee's job responsibilities and approved in advance by the data custodian. In this context, disclosure means giving the data to persons not previously authorized to have any type of access to it. The institution also forbids the use of any administrative data for one's own personal gain or profit, for the personal gain or profit of others, or to satisfy personal curiosity.

5.2: Maintenance of confidentiality and privacy

Users will respect the confidentiality and privacy of individuals whose records they access, observe any ethical restrictions that apply to data they access, and abide by applicable laws and policies with respect to accessing, using, or disclosing information. All data users having any access to legally restricted or limited-access data will formally acknowledge (by signed statement or some other means) their understanding of the level of access provided and their responsibility to maintain the confidentiality of data. Each data user will be responsible for the consequences of any misuse.

5.3: Protection of data

Users will comply with all reasonable protection and control procedures for administrative data to which they have been granted the ability to view, copy, download, create, modify or delete. This includes the requirement that they maintain their personal computing environments, whether on-campus or off-campus, in accord with institutional security mandates and recommendations (see related policy ).

5.4: Accurate presentation of data

Users will be responsible for the accurate presentation of administrative data, and will be responsible for the consequences of any intentional misrepresentation of that data.

5.5: Maintenance of data quality

Users are responsible for notifying data stewards or data security contacts when they recognize that data is in error, incomplete, obsolete or missing.

See also Training and Managing Employees in Safeguarding Information ( http://www.umw.edu/policies/customerinfo/employees )