Data Governance sets out the standards for handling data from when it is created or collected to its disposal to protect its confidentiality and integrity.
The policy establishes three data classification groups that define the sensitivity levels for university data based on the privacy legislation governing each group, legal requirements and the University's information security and data privacy policies and principles. The classification groups also set out the requirements for handling the data under each category.
The categories are summarized below:
Restricted: Data governed by privacy laws and legal agreements. Examples are social security numbers, health records, credit card information, financial records, commercially sensitive information, intellectual property data, unpublished University plans, strategies or research plans and proposals, sensitive IT system information, etc.
Internal: Internal to the University and only shared with external parties when required by law, contractual obligations, or authorized by the data owner. Examples are internal memos, disciplinary information, performance review, unpublished financial and audit reports, unpublished salaries, organizational restructuring, coursework, third-party contracts, course transcripts, assessments, test results, etc.
Public: Available in the public domain such as University website contents, employee and student directory information, policies, procedures, published financial or audit reports, statistical data, etc.
Furthermore, the policy defines the procedures and the roles and responsibilities for implementing the data governance process along with guidelines for complying with the policy.
Information Handling Requirements
The University's information security standards are the baseline requirements for using University or personal devices for work purposes and for handling University data. The legislation governing each data type may require additional handling procedures that must be implemented alongside the baselines to enable compliance with the requirements of the legislation.
To learn how the University implements data governance, see the Data Governance Policy.