Explanation of Good Data Practice

 

The University of Georgia's institutional data are valuable resources that should be used in a legal, ethical and responsible manner. The value of institutional data is increased through appropriate, shared use that is consistent with policies, procedures, and legal requirements; its value is diminished through misuse, misinterpretation, and unnecessary restriction to its access.

• Institutional data are shared assets stewarded by individual units for the benefit of the University of Georgia, its students, and stakeholders.
• The value of data as an asset is enhanced by the consistent application of policies, procedures, and common definitions.
• Data are managed to ensure high quality and access that is consistent with legal and ethical requirements.
• Data are governed through a collaborative process that includes representation from units that have responsibility for the data.

Institutional data shall be used solely for legitimate business purposes of the University. Users of this data must understand and abide by the University Data Access Policy. Violation of these policies may result in initiation of disciplinary or legal action by the University, which might include dismissal.

Access to networks and computer systems owned and operated by UGA impose certain responsibilities and obligations and is granted subject to UGA policies and procedures as well as local, state, and federal laws. Appropriate use should always be legal, ethical, reflect community standards, and show restraint in the consumption of shared resources. It should demonstrate respect for intellectual property, ownership of data, system security mechanisms, and individual rights to privacy.

 

For more information on how to protect your data visit the Office of Information Security

For more information on protecting student data according to the Family Educational Rights and Privacy Act (FERPA) visit the Registrar's page What is FERPA?

 

Acceptance of Good Data Practice Policies

 

I understand that data from any source is the property of the University of Georgia (UGA), is private and confidential, and is available to me solely because of my relationship with UGA. I agree that I will not disclose to anyone or to any entity private and confidential data to which I have access, and shall use it solely for the performance of my official duties. I also understand that I may have the capacity to access data outside of my unit of responsibility. I agree to NOT access data outside of my unit of responsibility without express written authorization from the administrative authority responsible for that unit.

The use of the UGA Data Warehouse is granted upon acceptance of the following specific responsibilities:

• I will not misuse or be careless with confidential and sensitive information, and I am responsible for my use or misuse of confidential data.
• I am responsible for any access obtained with the use of my passwords.
• I will keep my passwords secret and will not share them with anyone except if requested by my supervisor, unit, or department head, and/or upon separation from UGA
• I will not use anyone else’s password to access UGA confidential sites
• I will lock my workstation each and every time I leave my workstation, regardless of the length of time I will be away
• I will not show, communicate, copy, give, sell, review, change, or discard any confidential information unless it is a requirement of my job. If it is a requirement, I will follow the correct departmental procedure and/or process
• I will use only those data resources for which I have authorization
• Protect the access and integrity of the resources
• I will use data resources for intended purposes
• Users will immediately report any incident of unauthorized data access
• Prior approval will be obtained before utilizing personally owned devices for UGA business purposes, and will utilize device access protection and ensure sensitive data is protected using data encryption
• Communications of sensitive or confidential nature should never be sent through email unless they are encrypted. This includes any personally identifiable information (PII)
• Personally Identifiable Information (PII) should only be stored in a secure directory. If PII is stored in a spreadsheet or other type document, the document should be password protected
• PII that is printed shall be safeguarded and should be shredded prior to disposal
• PII should not be stored on removable drives or ever leave the physical facilities