Rule 3342-9-04 | University policy regarding data handling.

(A) Policy statement. The university requires the use of institutional data in order to carry out its teaching, research, and administrative missions. The university, through the division of information technology, will develop and publish policies designed to protect and use institutional data in a manner that is ethical, efficient, and supports the university's strategic goals.

(B) Responsibilities. Implementation and enforcement of institutional data handling policies is delegated to the vice president for information technology and CIO. The vice president may delegate certain responsibilities of the policies and practices in furtherance of this rule to the chief data officer (CDO) and other appropriate delegate, which may include:

(1) Oversight of data handling. "Data handling" is defined as the secure collection, storage, transmission, and disposal of institutional data.

(2) Oversight of data privacy. "Data privacy" is defined as the adherence to regulatory and industry standards regarding handling personal protected information and other forms of institutional data.

(3) Oversight of data classification. "Data classification" is defined as the process of defining and categorizing institutional data.

(4) Development, revision, approval, and oversight of data handling policies, procedures, and guidelines pursuant to this policy.

(5) Educating the university community about ethical use of data, safeguarding data, and data management responsibilities.