University of Memphis | Data Standards | Back to Contents
1.0 Data Integrity
1.1 Administrative Responsibilities
These guidelines establish measures for the protection, access, and use of the University of Memphis (U of M) administrative electronic information. They also define the responsibilities of all who access and manage this data. Offices may have individual guidelines that supplement, but not supplant or contradict, this policy statement. Data entrusted to the University by other organizations (e.g., foundations or government agencies) are governed by terms and conditions agreed upon with those organizations. Specific issues not governed by such agreed terms shall be governed by this policy.
By law, data not classified as Directory Information is confidential and may not be released without proper authorization. Users must adhere to any applicable federal and state laws as well as University of Memphis policies and procedures concerning storage, retention, use, release, and destruction of data.
Data is a vital asset owned by the University of Memphis. All institutional data, whether maintained in the central database or copied into other data systems (e.g., personal computers) remains the property of the University of Memphis. Access to data should not be approved for use outside a user's official University of Memphis responsibility. Data will be used only for authorized tasks.
As a general principle of access, University of Memphis data, regardless of who collects or maintains it, will be shared among those employees whose work can be done more effectively by knowledge of such information. Although the University of Memphis must protect the security and confidentiality of data, the procedures allowing access to data must not unduly interfere with the efficient conduct of University business.
All managers will ensure that, for their areas of accountability, each user is trained regarding user responsibilities. As part of that training, each user will read, understand, and agree to abide by the stipulations in this document.
Division/department/unit heads (or designees) will ensure a secure office environment with regard to all University data systems. Division/department/unit heads (or designees) will determine the data access requirements of their staff as it pertains to their job functions before submitting a request for access.
All procedures and data systems owned and operated by the University of Memphis will be constructed to ensure that:
- All data is input accurately.
- Accuracy and completeness of all data are maintained.
- System capabilities can be re-established after loss or damage by accident, malfunction, breach of security, or natural disaster.
- Breaches of security can be controlled and promptly detected.
1.2 Information Access
Two types of access can be granted to users:
- Inquiry-only access enables the user to view, analyze and download, but not change, institutional data. Downloaded information should be used and represented responsibly; it should not be altered when presented in word processing documents, spreadsheets, etc.
- Update access provides both inquiry and update capabilities. Update capability is generally limited to the office directly responsible for the collection and management of the data. Update access is available to administrators and users who have an authorized need to change institutional data in the routine performance of their job duties.
Access for individual users must be requested by an authorized security contact, usually a division/department head or designee, for each user under their supervision, following the established procedure, using the established forms, and providing the required signatures.
Each user of administrative information is assigned appropriate combinations of inquiry only and update access to specific parts of the administrative information system. The types of access are determined by the data stewards below.
1.3 Data Stewards
Record Type Data Steward Alumni Advancement Billing Bursar Budget/Positions Financial Planning Donor Advancement Employee, non-Student Human Resources Faculty Provost Office Employee, Student Worker Financial Aid Finance/Accounting Accounting Office Financial Aid Financial Aid Grants and Contracts Accounting Office - Grants Payroll Payroll Prospective Students Admissions Student Applications Admissions or Law Admissions Student Housing Residence Life Student Office of the Registrar or Graduate School Vendor Accounts Payable and Purchasing
A data steward, usually an administrator of a major office or department, will review the request and may deny or approve the request. Once approved, the request will be forwarded to the U of M security administrator for processing.
Before granting access to data, the data steward shall be satisfied that protection requirements have been implemented and that a "need to know" is clearly demonstrated. By approving end-user access to institutional data, the data steward consents to the use of this data within the normal business functions of administrative and academic offices. Access to institutional data shall not be granted to persons unless there is an established "need to know."
Data stewards are responsible for the accuracy and completeness of data elements that they maintain. Misuse or inappropriate use by individuals will result in revocation of access privileges.
Data stewards are also responsible for the maintenance and control of the administrative information system's shared validation and rules tables at U of M.
1.4 Information Users
University of Memphis information is one of the University's most valuable assets. Protecting that asset is the responsibility of all information users.
Users should read and become familiar with all University policies with regard to use of Information Technology Resources, Data Access, and Privacy requirements (see U of M policies at http://policies.memphis.edu/).
Users are responsible for understanding all data elements that are used. If they do not understand the meaning of a data element, they should consult the appropriate data steward or representative.
Users must observe requirements for confidentiality and privacy and must comply with control procedures to protect data from unauthorized use, disclosure, alteration, or destruction.
Users are responsible for all transactions occurring during the use of their login and password. Users are not to loan or share login identification or passwords with anyone. This is intended to help protect the integrity, security, and privacy of user accounts. Users found to be loaning or sharing their access codes or institutional data in an inappropriate way will be subject to disciplinary action, up to and including termination.
Violations of University policies with regard to Information Technology Resources, Data Access, and Privacy requirements may lead to disciplinary action by the University up to and including dismissal from the University. Under certain circumstances, such violations may also give rise to civil and/or criminal liability.
University of Memphis | Data Standards | Back to Contents
Last Updated: 03/01/2011