Current through all regulations passed and filed through September 16, 2024
(A)
Purpose.
Information in the form of data is a critical asset and essential to the
operation of Owens community college. The purpose of this rule is to ensure
faculty, staff and students appropriately access and protect data from improper
use or release and that Owens community college is in compliance with all
applicable federal, state and other laws, contracts, regulations and
licenses.
(B)
Definitions.
(1)
Data at the college, includes but is not limited to:
student records, personnel data, financial/accounting data, administrative
records, institutional research, confidential legal or medical information,
alumni and donor information. Data may include facts, files, records, reports,
or any information meant only for internal use and/or is restricted, limited or
public information. Such data and information may be in existing or archived
form, or in physical or digital form.
(2)
A data owner or
steward is a college employee who is assigned planning and management-level
responsibility for defined segments of institutional data and for data within
their functional area. A data owner is responsible within their functional area
for assigning and overseeing authorized data users, overseeing the
establishment of data classification and processes, determining legal and
regulatory requirements for data and promoting appropriate data use and data
quality.
(3)
A data user is any authorized college faculty, staff or
student that accesses, modifies or handles data.
(C)
Data
classifications. A data owner should determine the data classification for
institutional data in their area of responsibility.
(1)
Public. Data that
must be released under Ohio public record law or where the college
unconditionally waives an exception to the public record law.
(2)
Limited access.
Data that may be released by the college if it chooses to waive exception to
the Ohio public record law and places a condition or limitation on such
release. A notification of unauthorized access is not required to any such
victim or other outside entity. Examples include but are not limited to:
college identification numbers, research data, intellectual
property.
(3)
Restricted. Data release is prohibited by federal law,
state law, and/or contractual obligation. For data to be defined as restricted,
a notification of unauthorized access is required to any such victim or other
outside entity. Examples include but are not limited to: social security
numbers, personal health information, driver's license numbers.
(D)
Responsibility.
(1)
A data user must use and protect data in a manner
consistent with all relevant standards and procedures of information technology
services and the rules of the college.
(2)
A data user must
be aware of and comply with all applicable federal, state and other applicable
laws, contracts, regulations and licenses. A data user may reference Owens
community college rule
3358:11-6-01 of the
Administrative Code (information technology policy).
(3)
A data user must
understand the classification of the data being accessed and must protect the
data appropriately, as based on the classification.
(4)
A data user must
only access or attempt to access data, as based on the authorization to use and
then only use such in the manner and to the extent authorized.
(5)
A data user must
only provide data to another data user who is authorized to receive such
data.
(6)
A data user must not share or use accounts, passwords
or other authentication mechanisms other than those that are assigned by the
college.
(E)
Non-compliance. Non-compliance with this rule and
corresponding procedures may be subject to the Owens community college rule
3358:11-5-52 of the
Administrative Code (standards of conduct and disciplinary process policy and
corresponding procedures) or the college's student code of
conduct.
(F)
Implementation. The treasurer/chief financial officer
or the chief information officer has the authority to promulgate procedures,
guidelines and forms consistent with this rule.
(G)
All users of
information technology resources may reference definitions and standards for
the college's information technology services at the following webpage
link.https://www.owens.edu/helpdesk/definitions.pdf.
