3.2.1 Data Classification
Data will be classified based on the following:
- Public data are the least sensitive information and are acceptable for public consumption.
- Internal data are moderately sensitive information. All university data are considered internal unless classified otherwise.
- Restricted data are highly sensitive information for which an unauthorized disclosure may result in identity theft or university liability for costs or damages under laws, government regulations or contracts.
3.2.2 Roles & Responsibilities
All members of the Pacific Lutheran University community are responsible for the protection of the confidentiality, integrity, security, and availability of university data.
- Data Owner: PLU maintains ownership of all data stored in administrative information systems.
- Data Trustee: Data trustees are senior university officials (or their designees) who have planning and policy-level responsibility for data within their functional areas and management responsibilities for segments of institutional data. Responsibilities include assigning data stewards, participating in establishing policies, and promoting data resource management for the good of the entire university.
- Data Steward: Data stewards are university officials having direct operational-level responsibility for information management – usually department directors. Data stewards are responsible for data access and policy implementation issues. The data stewards may also be named by the data trustee to act as a designate on the trustee’s behalf.
- Data Custodian: Data custodians are performing operational level data entry and maintenance
- Data User: Data users are individuals who need and use university data as part of their assigned duties or in fulfillment of assigned roles or functions within the university community. Individuals who are given access to nonpublic data have a position of special trust and as such are responsible for protecting the security and integrity of those data.
- System Administrator: The administrator is responsible for providing a secure infrastructure in support of the data, including, but not limited to, providing physical security, backup and recovery processes, granting access privileges to system users as authorized by data trustees or their designees (usually the data stewards), and implementing and administering controls over the information.