Enterprise Data Stewardship Policy

• Table of Contents
• 100.00 Introduction
• 200.00 Policy
• 300.00 Procedures
• 400.00 References
• 500.00 Definitions

100.00 Introduction

Data associated with administrative functions and research activity is a vital asset to the University. As such, maintaining the confidentiality, integrity, and availability of University data is critical to the success of the University. The University expects all stewards and custodians of its administrative and research data to manage, access, and utilize this data in a manner in accordance with this policy.

Proper stewardship of data protects against misuse while providing for appropriate use, balancing the three core values of availability, integrity, and confidentiality.

200.00 Policy

200.10 Board of Regents policies governing the use of university information technology apply to all University faculty, staff, students, and patrons. All users of University information technology must comply with MSU Enterprise policies as well as Board of Regents policies, state and federal law. References to associated policies and laws are provided in section 400.00.

200.20 All University information that is stored, processed or distributed is subject to the specific parameters of the University Data Stewardship Guidelines, Board of Regents policies, Montana state government policies, Montana State University policies, and state or federal laws as they may apply.

200.30 Data collected and/or produced under programs supported through external funds may also fall under requirements specific to the funding agency.

200.40 Certain University authorities are identified as Data Stewards with responsibility for the protection and appropriate use of data  on their campus .

200.50 All University constituents shall understand and comply with the Data Stewardship practices on their campus as codified in 300.00 below.

200.60 Individuals who create, collect, handle, or manage data are responsible for complying with the Data Stewardship Standards.

200.70 Responsibilities are assigned to specific Data Stewards and detailed in each campus’ Data Stewardship Procedures. The following positions are the official top-level Data Stewards for each campus data area. Responsibility for data elements may be delegated by the Data Steward to different individuals; however, the Data Steward retains ultimate accountability for proper stewardship. 

Any delegation of stewardship responsibility shall be documented and communicated to the Chief Information Officer and Legal Counsel.  This data shall be reviewed annually by the Data Governance Council.

¹ Student Data examples: GIDs, grades, application information
² Instructional Data examples: faculty teaching loads, student credit hour production, promotion and tenure
³ Financial Data examples: Credit card and banking information, Student Loan Balances and payment information
⁴ Personnel Data examples: social security numbers, financial information, birthdates
⁵ Research Data examples: research expenditures, research personnel and activities, and research products created by Montana State faculty or staff 

200.80 

The authority to interpret this policy rests with the President and is delegated to the  Chief Information Officer, University Legal Counsel and the Data Governance Council, in conjunction with the appropriate Data Stewards.

300.00 Procedures

Individual campuses maintain campus-specific standards and procedures that implement this policy. Constituents will be required to comply with any standards and procedures developed for their campus:

• MSU-Billings http://www.montana.edu/uit/security/documents/Billings_DataStewardshipStandards.pdf
• MSU-Bozeman http://www.montana.edu/uit/security/documents/Bozeman_DataStewardshipStandards.pdf
• Great Falls College MSU http://www.montana.edu/uit/security/documents/GFC_DataStewardshipStandards.pdf
• MSU-Northern http://www.montana.edu/uit/security/documents/Northern_DataStewardshipStandards.pdf

* MSU agencies follow MSU-Bozeman campus procedures

400.00 References

Report broken links to PMO@montana.edu.

• Family Educational Rights and Privacy Act (FERPA), available at http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html.
• Gramm-leach-Bliley (GLB), available at http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act.
• Health Insurance Portability and Accountability Act (HIPAA), available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html.
• MUS Board of Regents policy 1300.1 Security of Data and Information Technology Resources, available at http://mus.edu/borpol/bor1300/bor1300.asp.
• MUS Board of Regents policy 1306. Logging On and Off Computers, available at http://www.mus.edu/borpol/bor1300/bor1300.asp.

500.00 Definitions

“Constituent” refers to any individual or group associated with the University including students, staff, faculty, or patrons as well as any contractors, regents, committees, councils, groups, agencies, departments, entities, campus, or community.

“Data Steward” refers to a University authority, or designate, who has management responsibility for defined segments of institutional data.

“Information Technology” or “IT” refers to any resource related to the access and use of digitized information, including but not limited to hardware, software, devices, appliances, network bandwidth and resources.

“University” refers to any and all campuses, agencies, departments, or entities within the Montana State University enterprise.

“University authority” refers to an official of the University with significant responsibility for campus activities, who has the authority and duty to respond to issues on behalf of an institution, including but not limited to a Vice President, Provost, Chief Information Officer, Dean, or Athletic Director.

“University Legal Counsel” refers to the University’s attorney and/or designated legal staff based at MSU-Bozeman.