New data policy covers faculty, staff, students

Twitter Facebook

In an effort to protect the University of Oregon’s information assets and business processes, President Michael Gottfredson and the university Senate recently approved a new policy statement for data access.

The policy affects faculty, officers of administration, students, staff and any other person allowed access to UO information assets.

Authorized personnel need to access certain UO databases or other information assets to complete necessary duties. The university must balance that access with its responsibility to protect information entrusted to it, ensure the effective operation of business critical processes, and comply with the security policies established by its governance board, and other state and federal laws.

The policy statement, “Data Access,” sets forth the terms and conditions under which authorized personnel may have general and/or remote access to information assets.

Under general access, for example, authorized personnel will be granted access only to the extent and for such time that a business need exists and access shall be limited to the least permission necessary for the performance of duties.

The policy states that the Vice Provost for Information Services should implement procedures including authorization of access, both logical and physical, only to authorized personnel.

“Authorization and access must be removed for authorized personnel whose employment has been terminated, who have received notice of termination or nonrenewal, or who have announced their decision to terminate employment, unless an exception has been authorized by the relevant appointing authority,” the policy states.

Remote access to information assets, meanwhile, may only be provided through a secured system approved by the Chief Information Officer, according to the policy.

“Remote access is provided only under a business need basis (and) is subject to the approval of the data owner,” the policy states.

An employee who is subject to state or federal overtime compensation requirements may be granted remote access only if he or she agrees in writing not to work any hours that will result in overtime compensation being due, unless doing so is authorized in advance by the employee’s supervisor, according to the policy.

For more information, contact Woo or Information Services.

Submit Your Story Idea

Subscribe to Around the O