Institutional Data Management Policy Pertaining to GEMS

About this policy

Policy contact:

Mark Napier

Date of last update:

September 28, 2018


  • Data should only be collected for a specific and documented purpose.
  • Data must be protected from unauthorized access and modification.
  • Data must only be available to those with a legitimate business need.
  • Processes that update a given data element must be standard across the information system.
  • Data must not be duplicated unless duplication is absolutely essential and has the approval of the relevant Data Steward.
  • Data should be defined consistently across Luddy.
  • Users must accurately present the data in any use that is made of them.
  • Users must ensure that data processing is in compliance with university policies and external mandates.
  • Data capture, validation, and processing should be automated wherever possible.
  • The University, rather than any individual or business unit, owns all data.
  • In cases where data classified as critical or restricted is inadvertently collected, the following steps should be applied:
  • Luddy acknowledges an obligation to ensure appropriate security for all institutional data in it's domain of ownership and control.