UNIVERSITY OF PITTSBURGH POLICY 10-02-04
CATEGORY: SUPPORT SERVICES
SECTION: Computing, Information, and Data
SUBJECT: Computer Data Administration
EFFECTIVE DATE: February 1, 2007 Revised
This policy establishes the responsibilities for collecting, maintaining, regulating, and
requesting on-line access to University computer data. It applies to all departments
and responsibility centers requiring the use of
University computer data.
Integrity and Availability of University Computer Data
University computer data is defined as any information stored on a University owned
and maintained computer system. This includes data stored on computer hard disks,
computer tapes, memory devices, optical disks, and any other type of computer data
Responsibility for collecting and/or processing accurate and complete University
computer data rests with University departments and responsibility centers that have
ownership of data stored on University
Designation and Responsibilities of a Data Owner
Ultimate data ownership legally rests with the University. Departments and
responsibility centers must designate a “Data Owner” that will be a steward of
University data and responsible for:
- Maintaining documented records describing the storage location, the use, and
the protection of University computer data. This includes, but is not limited to,
creating and maintaining an inventory of data used by the department or
responsibility center, documenting users who have access to this data, and
documenting controls used to
protect this data.
- Addressing the accuracy and completeness of University computer data.
- Ensuring the availability of University computer data through the use of data
- In coordination with department administrators, resolving all discrepancies
regarding University computer data concerning an individual (student, faculty,
- Reviewing and, if appropriate, approving requests for access to University computer
data in accordance with Policy 10-02-06, University Administrative Computer Data
(UACD) Security and Privacy.
- Establishing and maintaining standards regarding the collection access,
maintenance, use, dissemination, and protection of University computer data.
These standards must align with
University policies involving computer data.
- Ensuring that submitted requests for access to University computer data include
the specific computer data required and the purposes
for which it will be used.
A Data Owner may rely on the expertise of an Information Technology professional to
meet these requirements; however, the Data Owner is to be held responsible for
ensuring that these requirements are fully addressed.
A Data Owner may be responsible for all data used by a department or responsibility
center, or for specific data sets. Multiple Data Owners may be designated by a
department or responsibility center to address multiple data sets within their areas of
Authorized Access to University Computer Data
University computer data are considered proprietary information and will be made
available on a "need to know" basis to individuals requiring knowledge of such data to
perform their job responsibilities. Data Owners are responsible for verifying the
access requirements of their staff, and for ensuring that all University computer data
users within their areas of accountability are aware of University policies applicable to
the integrity, availability and confidentiality of University computer
It is the responsibility of the requestor to affirm that the accessed University computer
data be used only as required in the performance of
Requests which are denied by the Data Owner may be appealed to the appropriate
senior officer for consideration.
Reporting Violations of Computer Use Policy
Violations of this policy should be reported immediately to the department with
responsibilities for the compliance with this policy, including Human Resources, the
Office of General Counsel, and CSSD. Violations can also be reported by sending
e-mail to firstname.lastname@example.org. The University will strive to maintain confidentiality to the
extent possible consistent with
Violations of this policy will result in appropriate disciplinary action, which may include
loss of computing privileges, suspension, termination, or expulsion from the University,
and legal action.
Violations of any federal, state, or local law concerning the unauthorized access or
use of University computers and computing services will result in the appropriate
disciplinary action up to, and including termination
from the University.
Policy 10-02-05, Computer Access and Use
Policy 10-02-06, University Administrative Computer Data (UACD) Security and