Academic Policy 1900.20
Use of UAConnect Data by Direct Access Users
The purpose of allowing direct access to information on or from UAConnect (student information system) system is to provide management information including information to assist deans and vice chancellors in making data-driven decisions for their school/college or division. Direct access to UAConnect data is not available for general use by faculty or staff. This policy addresses only the access privileges and handling procedures specific to UAConnect data.
1. The data contained on UAConnect are private and confidential. Authorization to
use these data is given solely for job-related, educational purposes. Any use or disclosure
of such information that is not permitted by state or federal law or university policy
is strictly prohibited.
2. The Office of Institutional Research (OIR) remains the official source of academic
management information (data, statistics) for the university. OIR will consult with
departments, colleges, and other units on established definitions and data parameters
to ensure the consistency of data generated for planning purposes. OIR will continue
to be responsible for official enrollment, instructor and course information for planning
and program review purposes.
Consistent with arrangements made with the OIR, any college, school or functional offices
in charge of inputting data should handle requests to them for such data/information,
particularly requests made by individuals not affiliated with the University.
3. Recommending the granting of access to personnel within a school/college or division
(but outside functional offices and the OIR) rests with the dean or vice chancellor.
The dean or vice chancellor may recommend to the UAConnect director a limited number
of individuals to have the broad access given to direct access users. UAConnect information
will only be accessed, transmitted or disseminated on a need-to-know basis by and
for those individuals with a mission- and function-related need for the data for their
unit. UAConnect data forwarded in response to a report request should include a statement
indicating that discretion should be used in further forwarding the information to
other parties e.g., "The following report contains potentially sensitive data provided
in response to a specific need-to-know request. Discretion should be used in forwarding
this information to additional parties."
4. Direct access users have access to universitywide data in UAConnect, but are obligated
to use only data specific to their needs. Sensitive data such as social security numbers,
student grades and grade point averages, and student financial information will not
be used except when essential to the project or as directed by authorized reporting
agencies, and should always be handled with particular care. In addition, Free Application
for Federal Student Aid (FAFSA) and financial aid data can only be used for the application,
award, and administration of federal, state, or institutional aid. Where possible,
the University Personal Identification number (UID) will be used instead of the social
security number. An example of unauthorized use of data would be for a college to
generate mailings sent to admitted or prospective students who have not indicated
an interest in that college, or mailings otherwise inconsistent with Office of Admissions
policy.
5. Under no circumstances may UAConnect information be displayed, copied or emailed
for purposes unrelated to the user’s administrative duties or to individuals for personal
knowledge or gain. No employee of the university may generate lists of names from
the UAConnect database to distribute to an unauthorized third party for purposes apart
from the mission of the university. An example of unacceptable distribution of UAConnect
data would be to provide a local business with the names and addresses of incoming
students for advertising that business’ products or services.
6. Non-aggregate student data will not be stored outside of UAConnect unless the storing of such data is necessary to the project or operations. Typically, non-aggregate student data will be stored in secure locations that are certified as secure by the IT Services security team. If it is necessary to store these data on laptops or desktops, measures must be taken to secure the data including such measures as the following:
-
- the use of personal firewalls on the machines,
- hard drive encryption,
- security audits of such machines by IT Services at least once a year.
7. Direct access users are responsible for protecting all data consistent with university policy. Users are required to read and be familiar with this UAConnect policy and the following areas of national and university policy and to sign the form at the bottom of this policy statement signifying their agreement to comply with all applicable policies in order to be given direct access to UAConnect data. Examples of such policies include but are not limited to the following.
-
- GLBA
- Academic Policy 1900.10
- the Institutional Research Board’s policies on human test subjects
- the Code of Computing Practices
Failure to comply with any provision of these policies may result in loss of access to UAConnect data and/or disciplinary action, including the possibility of dismissal.
1/11/17
1/21/16
Reformatted for Web October 1, 2014
3/15/07
Policy Documents
Attachment last revised 1/21/16