Academic Policy 1900.20
Use of UAConnect Data by Direct Access Users
The purpose of allowing direct access to information on or from UAConnect (student information system) system is to provide management information including information to assist deans and vice chancellors in making data-driven decisions for their school/college or division. Direct access to UAConnect data is not available for general use by faculty or staff. This policy addresses only the access privileges and handling procedures specific to UAConnect data.
- The data contained on UAConnect are private and confidential. Authorization to use
these data is given solely for job-related, educational purposes. Any use or disclosure
of such information that is not permitted by state or federal law or university policy
is strictly prohibited.
- The Office of Institutional Research (OIR) remains the official source of academic management
information (data, statistics) for the university. OIR will consult with departments,
colleges, and other units on established definitions and data parameters to ensure
the consistency of data generated for planning purposes. OIR will continue to be responsible
for official enrollment, instructor and course information for planning and program
review purposes.
Consistent with arrangements made with the OIR, any college, school or functional offices in charge of inputting data should handle requests to them for such data/information, particularly requests made by individuals not affiliated with the University. - Recommending the granting of access to personnel within a school/college or division
(but outside functional offices and the OIR) rests with the dean or vice chancellor.
The dean or vice chancellor may recommend to the UAConnect director a limited number
of individuals to have the broad access given to direct access users. UAConnect information
will only be accessed, transmitted or disseminated on a need-to-know basis by and
for those individuals with a mission- and function-related need for the data for their
unit. UAConnect data forwarded in response to a report request should include a statement
indicating that discretion should be used in further forwarding the information to
other parties e.g., "The following report contains potentially sensitive data provided
in response to a specific need-to-know request. Discretion should be used in forwarding
this information to additional parties."
- Direct access users have access to university-wide data in UAConnect, but are obligated to
use only data specific to their needs. Sensitive data such as social security numbers,
student grades and grade point averages, and student financial information will not
be used except when essential to the project or as directed by authorized reporting
agencies, and should always be handled with particular care. Where possible, the University
Personal Identification number (UID) will be used instead of the social security number.
An example of unauthorized use of data would be for a college to generate mailings
sent to admitted or prospective students who have not indicated an interest in that
college, or mailings otherwise inconsistent with Office of Admissions policy.
- Under no circumstances may UAConnect information be displayed, copied or emailed for purposes
unrelated to the user’s administrative duties or to individuals for personal knowledge
or gain. No employee of the university may generate lists of names from the UAConncet
database to distribute to an unauthorized third party for purposes apart from the
mission of the university. An example of unacceptable distribution of UAConnect data
would be to provide a local business with the names and addresses of incoming students
for advertising that business’ products or services.
- Non-aggregate student data will not be stored outside of UAConnect unless the storing
of such data is necessary to the project or operations. Typically, non-aggregate student data
will be stored in secure locations that are certified as secure by the IT Services
security team. If it is necessary to store these data on laptops or desktops, measures
must be taken to secure the data including such measures as the following:
- the use of personal firewalls on the machines,
- hard drive encryption,
- security audits of such machines by IT Services at least once a year.
- Direct access users are responsible for protecting all data consistent with university
policy. Users are required to read and be familiar with this UAConnect policy and
the following areas of national and university policy and to sign the form at the bottom
of this policy statement signifying their agreement to comply with all applicable
policies in order to be given direct access to UAConnect data. Examples of such policies
include but are not limited to the following.
- GLBA
- Academic Policy 1900.10
- the Institutional Research Board’s policies on human test subjects
- the Code of Computing Practices
Failure to comply with any provision of these policies may result in loss of access to UAConnect data and/or disciplinary action, including the possibility of dismissal.
1/21/16
Reformatted for Web October 1, 2014
3/15/07
You are viewing an archived policy. View the most recent version.
Policy Documents
Attachment last revised 1/21/16