Information Resources and Technology Policy

Section Policy Name Policy Number
Data Access Define Data Custodian 4.03

Policy Purpose

The purpose of this policy is to define individuals and/or positions held with responsibility for managing access to University data.

Policy Description

Generally, the individual considered the data custodian will be the person holding the highest position within the department or college responsible for the data. For example, the person in the position of Registrar is considered the data custodian of student and any other protected or proprietary data maintained by the Registrar’s Office. 

Other persons within a particular department or college may be given data custodian authority by written notification to IRT from the de facto data custodian. 

The data custodian is responsible for identifying which persons may have access, and at what level, to protected and/or proprietary data.

The data custodian will be responsible for retention, archival, and removal of system data records according to departmental, University, and/or regulating authority guidelines. 

Policy Scope

This policy pertains to all University servers, shared storage, etc., containing protected or proprietary data.

Policy Definitions

Date Approved Revision 1 Date Revision 2 Date Revision 3 Date Revision 4 Date Revision 5 Date