University of Arizona Data Access Policy

Policy Number:

Contact: John Wilson

Effective Date: 10/4/93

Approved By: President's Cabinet

Philosophy

The value of data as an institutional resource is increased and its accuracy improved through its widespread and appropriate use; its value is diminished through misuse, misinterpretation, or unnecessary restrictions to its access.

 Scope of Policy

This policy applies to Institutional Data only, as defined below, and is intended to improve access to these data by employees in the performance of their assigned duties. This policy does not apply to public access to these data nor does it apply to: (1) notes and records that are the personal property of individuals in the university community, or (2) materials as defined in the Research Data Exclusion definition. In all cases, applicable federal, state and local statutes and regulations that guarantee either protection or accessibility of institutional records will take precedence over this policy.

 Statement of Policy

Access to institutional data - the permission to view or query institutional data - is granted to all eligible employees of the University of Arizona in the performance of their assigned duties.

Except where the data trustees have designated an element or view of institutional data as being Limited-Access Data, all institutional data is designated as being University-Internal Data for use within the University. All eligible employees are permitted access to University-Internal Data for use in the performance of their assigned duties.

As necessary, data trustees may designate some data elements and data views as being Limited-Access Data. Such designations must include the specific reference to the legal or ethical constraints or other clearly defined constraint, such as personal privacy rights, that requires this restriction. Such designations must also include a description of the categories of data users who are typically given access to the data, the conditions under which access is given or the limitation that applies to such access.

Data trustees are responsible for defining and documenting a single set of procedures by which users may request permission to access Limited-Access Data.

Any data user may request that the appropriate data steward review the restrictions placed on a data element or data view. Final decision on matters of data restriction and request for access rights to institutional data is made by the data trustees jointly.

The Center for Computing and Information Technology is responsible for providing training on the use of tools to access institutional data. Documentation of the data elements and their appropriate use is the responsibility of the data stewards.

Data users are expected to access institutional data only in the performance of their assigned duties, to respect the confidentiality and privacy of individuals whose records they access, to observe any ethical restrictions that apply to data to which they have access, and to abide by applicable laws or policies with respect to access, use, or disclosure of information. Expressly forbidden is the disclosure or distribution of institutional data in any medium, except as required by an employee's assigned duties. Explicitly forbidden is the access or use of any institutional data for one's own or others' personal gain or profit or to satisfy one's own or others' personal curiosity. Violators are subject to appropriate and immediate disciplinary action.

Definitions

(These definitions are only in reference to data access under this policy)

DATA TRUSTEES: The most senior executive officers of the University. These are the Senior Vice President for Academic Affairs and Provost and the Senior Vice President for Business Affairs.

DATA STEWARDS: Those identified by a data trustee to manage a subset of data (i.e., they are responsible for its accuracy, integrity, and privacy).

DATA USERS: Employees of the University who access institutional data in the performance of their assigned duties.

DATA VIEWS: A collection of data elements, possibly from multiple databases, that are assembled and presented together.

ELIGIBLE EMPLOYEES: Appointed personnel and staff at the University, and other employees specifically designated as eligible by the head of their department, division, or school.

INSTITUTIONAL DATA

It is relevant to planning, managing, or auditing a major administrative function of the University;

It is referenced or required for use by more than one organizational unit; 

It is included in an official university administrative report; or

It is used to derive an element that meets the criteria above.

The data trustees apply these criteria to determine which data are institutional in nature.

LIMITED ACCESS DATA: These are data elements and data views that, because of legal or ethical constraints or other clearly defined constraints such as personal privacy rights may not be accessed without specific authorization or to which only selective access may be granted.

RESEARCH DATE EXCLUSION: Applies to any unpublished information regarding any research done at or by the University, at any location, by faculty, staff and students in the course of teaching or research and not otherwise available to, or accessible by, third parties. This data includes: notebooks, protocols, progress reports, final reports, drafts, funding requests, proposed budgets, contracts (public or private), computer generated and/or computer readable material, codes, source codes or software.