Business Policy Manual

General Administration

BPM-108 Information Management

Revised February 1, 2000

Purpose:

To state policy regarding the availability of University data and information to University employees.

Information maintained electronically within the University is a University-wide asset that is available to the Board of Curators, administrators, faculty, staff and students. Timely access to such information will be provided for the effective discharge of academic or business responsibilities.

University information will be safeguarded against misuse such as unauthorized destruction, modification, or disclosure.* Abuse of this policy will result in denial of access to University data and may be cause for dismissal.

*NOTE: An example of unauthorized disclosure would be that part of the student educational record that is protected by the Family Educational Rights and Privacy Act known as the Buckley Amendment.

Individuals Granted Access

• must understand the meaning, purpose, and interpretation of the underlying data;
• must assure the accurate and responsible presentation of information derived from the data;
• must attend data and technical training at the discretion of the Information Manager.

Information Manager

An Information Manager will be designated for each of the University's system-wide applications by the President. Information Managers for other applications that maintain data of institutional value outside of the source of origination will be designated by the appropriate General Officer.

Examples of system-wide applications include human resources, financial, student, library and the alumni and development systems. Information Managers may exist at both the System and campuses.

Examples of applications that are not system-wide include patient information, equipment inventory, facilities and parking.

The duties and responsibilities of an Information Manager are to:

• assure that all decisions regarding the collection and use of data are in compliance with the law and with University policy and procedures;
• define and describe the data elements within the system;
• assure the validity, reliability, and consistency of the data contained in the system;
• respond to all requests for access to the data or for information;
• provide accurate documentation for access, use, and maintenance of the system;
• coordinate or provide data education and training;
• make known the rules and conditions that may affect an accurate presentation of the information;
• assure compliance with periodic backup requirements of Business and Policies Procedures of Section 911.
• work through Records Management to determine the appropriate retention of administrative, fiscal, legal, research and historical data.

Chief Technology Officers

Each campus, under the auspices of the Chief Technology Officer , will be responsible for establishing, publishing, maintaining, and enforcing this information access policy, as well as appropriate privacy and security procedures concerning access to University information managed by the campus.

Information Technology Management Council (ITMC)

The Information Technology Management Council is appointed by the Vice President Information Systems. It consists of managers from each of the campus and the system IT organizations.

Responsibilities of the ITMC include:

• provides advice to the Vice President Information Systems regarding levels and types of access to be provided to various users;
• recommends technical and security standards for University information;
• assists in monitoring the University's information security policies.