NAU Data Access Policy

LouieWHat

Philosophy 

Data is one of the University’s vital resources. University Data is the property of NAU and represents official University records. Data is independent of media on which it is stored or presented; it may be on-line, in a file, printed on paper, stored on micro-fiche, or on other media.

Security is required to protect the integrity of the University’s data.

Employee access to data is a privilege granted for the express purpose of providing direct support of the University mission.

It is reasonable to attempt to meet the need to protect University data while still allowing employee access to that data.

Ethical Use of Data 

Only actions which unquestionably conform to the purpose of providing direct support of the University mission are considered ethical use of University data. Any other access, representation, application or disposition of University data is considered unethical abuse of the privilege of access to data and may be cause for discipline, including dismissal, of employees and expulsion of students, as well as criminal prosecution.

Responsibilities of an Employee in the Use of University Data 

Users who accept access to University data also accept responsibility for understanding:

  • The meaning and purpose of the data.
  • Controlling access to and release of data covered by law such as the Family Education Rights and Privacy act of 1974 (FERPA) governing confidentiality of students’ educational records.
  • Maintenance, storage and disposal of data in a secure, responsible and accountable manner.
  • Verification that alternate representations of the data, such as ad hoc reports are indeed true and fair representation of the original data and are labeled ‘unofficial’.
  • Notifying the appropriate data steward before disseminating data to external agencies or entities [Note: the data steward may issue standing authorization to certain departments or individuals for release of information to external agencies.
  • Requesting assistance from the appropriate department for data requested or required by other internal entities.
  • Reporting cases of abuse whenever and wherever they are encountered.


top