Upload File

data access policy

prev
next
out of 6
Download Data Access Policy

Upload: strokenfilled

Post on 04-Apr-2018

218 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 7/31/2019 Data Access Policy

    1/6

    Data Access Policy

  • 7/31/2019 Data Access Policy

    2/6

    Organizational

    Function

    UGA Information Assurance Policy

    Number

    MM-YYYY-

    Prog/Sys/Issue

    Policy

    Category

    Program Policy Issue Date 03-01-2011

    Effective

    Date

    06-01-2011

    Subject UGA Data Access Policy

    Review On In Review

    Office of

    Primary

    Responsibility

    UGA Office of Information Security Authorized

    By

    University Security

    Committee

    Address University of Georgia Computer Services Annex

    Athens, Georgia 30602-1911

    Responsible

    Official

    Brian Rivers

    Distribution University-wide Phone 706-524-3106

    Fax 706-524-0349

    On-Line

    Publication

    https://infosec.uga.edu/policies/ Web infosec.uga.edu

    Status Draft

  • 7/31/2019 Data Access Policy

    3/6

    The University of Georgia (UGA) shall approve access to Sensitive Institutional Data in order

    to ensure that access to sensitive data is authorized, that sensitive data with a need for

    protection are used appropriately and that authorized access complies with the UGA Privacy

    Policyand relevant state and federal laws.

    This policy governs access to Sensitive Institutional Data. Requests for records by the public

    are outside of the scope of this policy and shall be handled by the Open Records Manager inthe UGA Office of Public Affairs. This policy does not supersede circumstances in which the

    University is legally compelled to provide access to information.

    Institutional Data shall be classified in accordance with the UniversitysInformation

    Classification Standardto ascertain the level of sensitivity and criticality of the data beforeaccess is granted. Those granting access to Institutional Data must understand the

    classification and any legal requirements for protection.

    Access to Sensitive Institutional Data is approved by UGA designated Data Stewards. Data

    Stewards shall grant access in compliance with the UGA Privacy Policyand all relevant

    regulations (e.g. FERPA, HIPAA and GLBA). Data Stewards shall grant access only to those

    employees, affiliates, and systems that need the access to perform their job duties or mission.

    Data Stewards are designated inAppendix A - Data Stewards and Trusted Designees. In the

    case that a Data Steward is not designated, the data in question are owned by the dean, vice

    president, or unit head of the unit that originates the data.

    https://infosec.uga.edu/policies/classification.phphttps://infosec.uga.edu/policies/classification.phphttps://infosec.uga.edu/policies/classification.phphttps://infosec.uga.edu/policies/classification.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/classification.phphttps://infosec.uga.edu/policies/classification.php

  • 7/31/2019 Data Access Policy

    4/6

    Access to Social Security Number (SSN) data may be granted to an employee unless

    approval has been granted by a university Senior Vice President or a Senior Vice Presidents

    designee.

    Data Stewards must ensure that procedures for requesting and approving access to Sensitive

    Institutional Data exist and are followed. The procedures for requesting and approving

    access will necessarily vary from Data Steward to Data Steward and among groups of Data

    Users. However, all procedures shall include sufficient tracking for requests, approvals, and

    expiration of approvals such that authorized access to Sensitive Institutional Data is

    auditable.

    All access by individuals to Sensitive Institutional Data shall be authenticated and authorized

    by reasonable measures to prevent access by unauthorized users.

    Data Users must responsibly use data for which they have access including only using the

    data for its intended purpose and respecting the privacy of members of the university

    community. Data Users must maintain the confidentiality of personally identifiable sensitive

    data in accordance with thePrivacy Policyand theGuidelines for Handling Sensitive

    Information. Authorized access to Sensitive Institutional Data does not imply authorization

    for copying, further dissemination of data, or any use other than the use for which the

    employee was authorized. The Data Steward retains the right to approve and grant access to

    Sensitive Institutional Data.

    A Data Steward may delegate the ability to approve access to Sensitive Institutional Data to

    trusted roles. A Data Steward may delegate by creating procedures through which the

    designee may approve access by employees that have certain pre-approved roles and

    responsibilities. Data Stewards retain the responsibility for ensuring that all access to

    Sensitive Institutional Data is authorized, appropriate, and complies with relevant legal

    requirements. Trusted Designees are enumerated inAppendix A - Data Stewards and

    Trusted Designees.

    https://infosec.uga.edu/policies/privacy.phphttps://infosec.uga.edu/policies/privacy.phphttps://infosec.uga.edu/policies/privacy.phphttps://infosec.uga.edu/policies/sensitiveinfo.phphttps://infosec.uga.edu/policies/sensitiveinfo.phphttps://infosec.uga.edu/policies/sensitiveinfo.phphttps://infosec.uga.edu/policies/sensitiveinfo.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/sensitiveinfo.phphttps://infosec.uga.edu/policies/sensitiveinfo.phphttps://infosec.uga.edu/policies/privacy.php

  • 7/31/2019 Data Access Policy

    5/6

    Access to Sensitive Institutional Data by external parties shall be governed by individual

    contractual agreements or memoranda of understanding if the third party is a governmental

    organization. Such contractual agreements shall be approved by the UGA Office of Legal

    Affairs and by the appropriate UGA designated Data Steward.

    Enforcement of this policy is the responsibility of the Office of the Chief Information

    Officer.

    Each University department/unit is responsible for reviewing and monitoring internal

    procedures, reports, and other documents to assure compliance with the UGA Data Access

    Policy.

    Any student, faculty or staff member found to have violated this policy shall be subject to

    disciplinary action, up to and including termination of employment or expulsion from the

    University. Violation of this policy may result in termination of contracts or commitments

    to vendors and other affiliates. Legal action may be pursued where appropriate.

    The Office of the Chief Information Officer, in cooperation with the University Security

    Committee, will review this policy on an annual basis.

    This policy may also be used for auditing purposes by the UGA Office of Internal Audit (IT

    Audit) team.

  • 7/31/2019 Data Access Policy

    6/6

    Flow of information between a store of data and a user, system, or process.A user, system, or process is considered to have access to data if it has one or more of

    the following privileges: the ability to read or view the data, update the existing data,create new data, delete data or the ability to make a copy of the data. Access can be

    provided either on a continual basis or, alternatively, on a one-time or ad hoc basis.

    Transferring any data from one party to another in any medium is tantamount to

    permitting access to those data.

    Those data, regardless of format, maintained by the University ofGeorgia (UGA) or a party acting on behalf of UGA for reference or use by multiple

    University units. Institutional Data does not include data that is personal property of

    a member of the University community, research data, or data created and/or kept by

    individual employees or affiliates for their own use. Examples of Institutional Data

    include student education records, payroll records, human resources records, and

    enterprise directory records.

    Those Institutional Data that contain information thatcan be classified as sensitive using the UGA Information Classification Standard.

    Some examples of Sensitive Institutional Data include Institutional Data that are

    personally identifiable in nature and contain Social Security Numbers, Credit Card

    Numbers or other financial account numbers, HIPAA protected health information,

    or FERPA protected student education records. The individual responsible for the data. The Data Steward is usually

    the dean, vice president, or unit head of the university unit that creates or originates

    the Institutional Data.

    An individual that has been authorized to access data for the performanceof his/her job duties.

    Any data which can be classified as Sensitive Information using theUGA Information Classification Standard.

    Privacy Policy Information Classification Standard Guidelines for Handling Sensitive Information Data Stewards and Trusted Designees

    https://infosec.uga.edu/policies/privacy.phphttps://infosec.uga.edu/policies/privacy.phphttps://infosec.uga.edu/policies/classification.phphttps://infosec.uga.edu/policies/classification.phphttps://infosec.uga.edu/policies/sensitiveinfo.phphttps://infosec.uga.edu/policies/sensitiveinfo.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/dataappendixA.phphttps://infosec.uga.edu/policies/sensitiveinfo.phphttps://infosec.uga.edu/policies/classification.phphttps://infosec.uga.edu/policies/privacy.php

Sensitive Ecological Data—Access and Management Policy V1environment.gov.au/system/files/resources/246e674a... · 2 /Sensitive Ecological Data—Access and Management Policy V1.0

Data Access Patterns Data Access Patterns

Training module: Revised EudraVigilance Access Policy ... · PDF fileRevised EudraVigilance Access Policy: Impact on stakeholders ... Revised EudraVigilance Access Policy: Impact on

Open access to research data in a European policy context

DATA SECURITY - Prime Trust · DATA SECURITY POLICIES & CONTROLS Security Policy Overview Data Access and Transm1ss1on Pol1c1es Incident Response Customer Data . DATA ACCESS AND TRANSMISSION

European Medicines Agency policy on access to ... · PDF fileEuropean Medicines Agency policy on access to EudraVigilance data for medicinal products for human use EMA/759287/2009

Workshop on access to administrative data sources · 2.1. Plenary session – 1st day 7 2.2. Parallel Session 1 - Legal framework for statistics and general policy on data access

Common Ground: a policy framework for open access to research data

Elective Access Policy - UCLH Internet Patient access policy.pdfElective Access UCLH policy ... The completed EIA form is available from the Policy Compliance ... Policy adherence

Integrating policy-driven role based access control with ... · This paper shows how Policy-Driven Role-Based Access Control (PDRBAC) techniques can be used to extend the Common Data

Public Library Funding and Technology Access Survey: Using, Visualizing, and Contextualizing the Data John Carlo Bertot Information Policy & Access Center

European Medicines Agency policy on access to ... · European Medicines Agency policy on access to EudraVigilance data for medicinal products for human use EMA/759287/2009 Rev2 Page

Sensitive Ecological Data—Access and Management Policy V1 · 4 /Sensitive Ecological Data—Access and Management Policy V1.0 Glossary access Includes any circumstance where a person

A Policy Based Infrastructure for Social Data Access with Privacy Guarantees

ENVS 355 Data, data, data Models, models, models Policy, policy, policy

The NCEO Data Viewer: Access to National Policy Information on Students with Disabilities

Seminar on Register-based Research in the ... - WordPress.com · analytic results online. • Develop a data access system based on a formalized data access policy and procedures

Enabling data driven outcomes: Safe havens · data •Handling sensitive data Talks •National ethics policy for managing and sharing data •Enabling access to sensitive data at

Bank Policy - World Bankpubdocs.worldbank.org/...Bank-Policy-on-Access-to... · Bank Policy: Access to Information Bank Access to Information Policy Designation Public Catalogue Number

ECDC – TESSy data access policy, Gaetan Guyodo (ECDC)

Model Data Protection Policy - waltonprimary.co.ukwaltonprimary.co.uk/documents/Data Protection Policy 2…  · Web viewWalton CEVC Primary School (includes Subject Access, FoI,

Color Access Policy Manager Rev1 0...Color Access Policy Manager Oki Data Training 7 March-09 5. Click the printer to which you want to apply the policy, for this exercise there will

Information Security and Data Access Policy - DPHHS › Portals › 85 › tsd › documents › ...Information Security and Data Access Policy Author: DPHHS Subject: Information Security

A Multiple-Policy supported Attribute-Based Access Control ......A Multiple-Policy supported Attribute-Based Access Control Architecture within Large-scale ... based data access control

Data Management and Access Policy v1 0€¦ · INTRODUCTION The Data Management and Access Policy outlines how the data collected through the Health Information Workforce Census (HIWC)

Data Access Management Policy - SLEDS MNsleds.mn.gov/data/SLEDS Data Access and Management Policy 04072014.pdfSLEDS Data As of October 1, 2013 SLEDS contains the following data. K-12

Data Access Policy - TwinsUK · Data Access –Proposal Form 9 Data Access Request- Outcome 9 Proposal Approved 10 ... (DTR) Data Access Policy DATA ACCESS GENERAL Introduction

CGIAR Open Access and Data Management Implementation ...newint.iita.org/wp-content/uploads/2016/12/CGIAR-Open...According to Article 4.1.9 of the Open Access and Data Management Policy:

Access to Patient Health Records Policy · Access to Patient Health Records Policy This Policy provides guidance on the processes that are ... (PID) Personal-identifiable data or

Data Protection & Access to Records Policyd6vsczyu1rky0.cloudfront.net/32643_b/wp-content/... · Data Protection & Access to Records Policy 4 Purpose of the Policy This policy is

Policy-Attribute based Access Control Approach for Big ...infokara.com/gallery/102-dec-3393.pdf · Policy-Attribute based Access Control Approach for Big Data Architecture Security

Access Control Policy

PATIENT ACCESS POLICY

Draft Deliverable D4.1 ... - Trilateral Research · RDM – Research Data Management RECODE - Policy RECommendations for Open access to research Data in Europe ... provides an access

Access Control Scheme for Data in Cloud with Anonymous ... · Access Control Scheme for Data in Cloud with Anonymous Authentication ... In this paper key policy Attribute Based Encryption