Preview Workflow

Viewing: Sharing & Stewardship of Information

Last approved: Fri, 24 Nov 2023 01:43:02 GMT

Last edit: Fri, 24 Nov 2023 01:43:00 GMT

 

Administrative
Sharing & Stewardship of Information
502
September 26, 2018
September 26, 2018
September 26, 2018
September 2023
President
Vice President Administration & International Development
Operations Council
AVP IT

Policy

Does this policy have procedures?
Yes

Procedures

References and Resources

 
Term Description
College Data Information that is collected, maintained and utilized by the College for the purpose of carrying out institutional business.

College data will fall into one of three classifications:
a. Public data – All data intended for public use and poses no risk to the College. An example would be a listing of courses offered by the College and the rooms in which they are taught.
b. Protected data – All data which, if released, altered or destructed in an uncontrolled fashion, could cause moderate risk to the College or its affiliates. By default, the data that is not classified as public or restricted is considered as protected data.
c. Confidential data – All data which, if released, altered or destructed could cause significant risk to the College or its affiliates. Examples include personal data containing elements such as Social Insurance Numbers, health/disability related records, student grades and personnel records.
College Data Resource The mechanism by which all data owned and/or managed on behalf of the College is accessed.
Data Custodian The College designate responsible for providing secure access to protected and confidential data including, but not limited to: providing physical security; backup and recovery processes; providing access to users as authorized by the Data Stewards; and implementing and administering appropriate levels of control over the information. This can also include individuals in physical possession of data for the College. This role owns the technical accountability of data assets.
Data Standards, Data Integrity and Security Guidelines An institutional set of data standards and security guidelines by which data integrity and security is maintained. This document is reviewed on a regular basis, is accessible by the College community and the oversight group will provide an annual report to Operations Council, or delegate.
Data Steward College official or designate having direct operational-level responsibility for information management. Data Stewards are responsible for data access model and policy implementation. This role owns the business accountability of data assets.
Data User Individuals who need and use College data as part of their assigned duties or in fulfillment of assigned roles or functions within the College community. Individuals who are given access to sensitive data have a position of special trust and as such are responsible for protecting the security and integrity of that data. Any College employee with access to College data can be considered a Data User.
Least Privilege Protocol The extent of access privileges for Data Users is defined and implemented according to the role and job function of the Data User’s position/job description rather than on an individual basis. If a Data User changes positions or job function, e.g. through promotion, transfer, separation, etc., that individual’s privileges will be eliminated or changed according to the new position.
Shared Resource A shared resource is generally something like address information. The information itself is not owned by a specific department of the College as a staff member could also be a student or a donor. As such, those specific data elements are shared between the different functional areas.
VCC Policies Policy Number
Appropriate and Responsible Use of Educational and Information Technology 505
Electronic Mail (Employees) 503
Emergency Management 220
Freedom of Information and Protection of Privacy 501
Records Management 520
Standards of Employee Conduct & Conflict of Interest 202
Provide links to all supporting documents. These may include links to Appendices, Forms, Guidelines, Handbooks, Standards or other departmental or College resources that support the implementation of this policy and/or procedures.
Are there appendices for this policy?

 
Are there associated forms?
Yes
 
Are there supporting internal documents?

 

Rationale and Additional Information

Does this change require an implementation plan?
No

ADMINISTRATIVE INFORMATION

FOR ADMINISTRATIVE PURPOSES ONLY. DO NOT EDIT. These fields are not required for governance approval.

Category 1: College Operations

 
Information Management

Category 2: Employees

 

Category 3: Students

 

Show on Website?

Under review?

 
 
Key: 29