Ohio Administrative Code
Title 3341 - Bowling Green State University
Chapter 3341-6 - Compliance with Occupational Safety and Health Standards
Section 3341-6-18 - Data use and protection

Universal Citation: OH Admin Code 3341-6-18

Current through all regulations passed and filed through September 16, 2024

(A) Policy statement and purpose

Information in the form of data is an essential and vital asset of Bowling Green state university (BGSU). BGSU collects and stores vast amounts of data essential to university business. The purpose of this policy is to ensure that BGSU faculty, staff, and students appropriately protect data from improper use or release.

(B) Policy-definitions

(1) Data - BGSU data includes, but is not limited to, student records, personnel data, research data, BGSU financial data, BGSU or department administrative records, alumni and donor information, library circulation information, and medical information. Such information may be in existing or archived form, or in physical or digital form. Data may include facts, files, records, reports, or any information meant only for internal use and /or subject to confidentiality agreements.

(2) Data owner/steward - university officials or their designees assigned planning and policy-level responsibility for data within their functional areas, and management responsibility for defined segments of institutional data. Data owners are responsible within their functional areas for assigning and overseeing authorized data users, overseeing the establishment of data policies, determining legal and regulatory requirements for data, and promoting appropriate data use and data quality.

(3) Data users - any authorized faculty, staff, or student at BGSU that accesses, modifies, or handles data.

(C) Policy

(1) All data users must use and protect data in a manner consistent with all relevant policies of BGSU.

(2) All data users must be aware of and comply with all applicable Federal, State, and other applicable laws, contracts, regulations, and licenses.

(3) BGSU data should be given one of the following classifications by the data owner/steward
(a) Public - data that must be released under Ohio public records laws or where BGSU unconditionally waives an exception to the public records law.

(b) Limited access - data BGSU may release if it chooses to waive exceptions to the public records law and place conditions or limitations on such release. Notification of unauthorized access is not required to the victims or other outside entities. e.g. intellectual property, research data, BGSU ID numbers

(c) Restricted - Data release prohibited by federal laws, state laws, and/or contractual obligations. For data to be defined as restricted, notification of unauthorized access is required to the victims or other outside entities. e.g. social security numbers, personal health information, driver's license numbers

(4) All data users must understand the classification of the data they are accessing and protect the data appropriately based on the classification. (See data resource summary for assistance with this step)

(5) All data users must only access or attempt to access data that they are authorized to use and then use only in a manner and to the extent authorized.

(6) Data users may only provide data to other data users authorized to receive such data

(7) Related policies
(a) Information technology

Date: August 6, 2013

Disclaimer: These regulations may not be the most recent version. Ohio may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.