About this policy
Policy contact:
Date of last update:
September 28, 2018
Policy statement
Luddy operates in a complex, data-oriented environment that requires those who are responsible for collecting,managing and disseminating data to do so in a systematic, planned and managed way. Data generated and held by Luddy during admission processing and student management are key assets that must be managed correctly in order to ensure that Luddy GEMS functions correctly and in compliance with university data governance policies. This policy serves four primary purposes:
- This policy establishes the framework of standards and guidelines to be followed in the management of institutional data during admission processing and student record management.
- It assigns data management responsibilities for Luddy administrative data.
- Abides by applicable laws, regulations, standards, and policies with respect to access, use, disclosure, retention, and/or disposal of information: Indiana University Data Awareness
- Respect the confidentiality and privacy of individuals whose records may be accessed.
Luddy is committed to the following principles of data management and expects adherence to them.
Exceptions to policy
None
Procedures
- Data should only be collected for a specific and documented purpose.
- Data must be protected from unauthorized access and modification.
- Data must only be available to those with a legitimate business need.
- Processes that update a given data element must be standard across the information system.
- Data must not be duplicated unless duplication is absolutely essential and has the approval of the relevant Data Steward.
- Data should be defined consistently across Luddy.
- Users must accurately present the data in any use that is made of them.
- Users must ensure that data processing is in compliance with university policies and external mandates.
- Data capture, validation, and processing should be automated wherever possible.
- The University, rather than any individual or business unit, owns all data.
- In cases where data classified as critical or restricted is inadvertently collected, the following steps should be applied:
- Luddy acknowledges an obligation to ensure appropriate security for all institutional data in it's domain of ownership and control.