About working with institutional data at IU

On this page:


Overview

At Indiana University, institutional data (or information) is defined as:

Data in any form, location, or unit that meets one or more of the following criteria:

  • It is subject to a legal obligation requiring the university to responsibly manage the data.
  • It is substantive and relevant to the planning, managing, operating, documenting, staffing, or auditing of one or more major administrative functions, or multiple organizational units, of the university.
  • It is included in an official university report.
  • It is clinical data or research data that meets the definition of "university work" under the university's Intellectual Property Policy (UA-05).
  • It is used to derive any data element that meets the above criteria.

The University Data Management Council is responsible for establishing policies, procedures, and guidelines for managing institutional data at IU.

Data Stewards have management and policy-making responsibilities for specific data subject areas (e.g., student data, Human Resources data, faculty data, medical data, and research data, among others).

Data Managers, located in functional offices across the university (e.g., Admissions, Purchasing, Registrar, and Student Financial Aid, among others), are responsible for reviewing and approving requests for access to university information systems, and for ensuring that users of those systems receive appropriate orientation and training.

Official classification levels

Official classification levels for institutional data are defined in IU's DM-01 policy. From least sensitive to most sensitive, IU's official data classification levels for institutional data are:

  • Public: Few restrictions apply; public data generally can be released to the public upon request (e.g., name, jobs title, compensation, and business address)
    Note:
    If you receive a request for data classified as "Public", contact the appropriate Data Steward for advice. If the request is made pursuant to the Access to Public Records Act (Indiana Code 5-14-3), contact the Office of the Vice President and General Counsel (OVPGC), as well as the appropriate Data Steward, for advice.
  • University-internal: Anyone employed by IU on a part-time or full-time basis, or working under contract for IU, may access these data elements for the purpose of conducting university business (e.g., IU ID number, prior name, and part-time or full-time employment status)
    Note:
    Data classified as "University-internal" are freely available within the university but are not available to the general public. Proper access controls (i.e., permissions) must be set to prevent inappropriate access.
  • Restricted: Due to legal, ethical, or other constraints, this information may not be accessed without specific authorization, or only selective access may be granted (e.g., date of birth, home phone number, marital status, and military status)
  • Critical: Inappropriate handling of this information may result in criminal or civil penalties, identity theft, personal financial loss, invasion of privacy, or unauthorized access by an individual or many individuals (e.g., student loan information, Social Security number, driver's license number, passport or Visa number, and state ID card number)
  • Note:
    Personal health data protected by the Health Insurance Portability and Accountability Act (HIPAA) Security Rule are classified as "Critical". For help determining which data elements classified as "Critical" are considered protected health information (PHI), see Which data elements in the classifications of institutional data are considered protected health information (PHI)?

Standards for managing institutional data

Indiana University has official standards for managing institutional data that apply to all users and administrators of university information technology resources. These standards include rules for managing access, maintaining data integrity and security, manipulating and extracting data for reports, and choosing appropriate locations and methods for storing various institutional data elements.

If you work with institutional data at IU, you are responsible for meeting the university's official data management standards to prevent inappropriate disclosures of personal or confidential information. For details, see the university's Management of Institutional Data (DM-01) policy page.

Especially stringent standards apply to work involving sensitive institutional data (i.e., data elements classified Restricted or Critical). Always follow best practices when storing sensitive institutional data; for example:

For more on best practices for handling sensitive institutional data at IU, see:

Getting help

For help understanding how to securely handle, store, and share institutional data, use the Data Storage and Handling (DSH) tool.

If you have questions about IU's classification of data elements, contact the appropriate Data Steward.

For help determining the highest classification of institutional data you can store on any given UITS service, see At IU, which dedicated file storage services and IT services with storage components are appropriate for sensitive institutional data, including research data containing protected health information?

UITS provides consulting and online help for Indiana University researchers who need help securely processing, storing, and sharing data containing PHI. If you have questions about managing HIPAA-regulated data at IU, or need help, contact UITS HIPAA Consulting. For additional details about HIPAA compliance at IU, see HIPAA Privacy & Security on the University Compliance website.

For more about managing institutional data at IU, see the IU Data Management website.

This is document avqg in the Knowledge Base.
Last modified on 2017-04-19 17:05:44.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.