4.01.01 Procedures for Protected Data
I. Purpose
The purpose of this procedure is to track new uses or sharing (with non-regulatory third parties) of Protected data. This is done to know the types of Bradley's data, where it exists, how it is used, and to minimize the risks around handling and transfer of the data, including loss and integrity of the data.
II. Description
The Data Governance Committee MUST be informed of all new uses or sharing of Protected Data that are not already cataloged in Data Categories and Roles. Information MUST be submitted to the chair of the Committee at least one week before a Data Governance Committee meeting in order for it to be on the agenda.
Academic projects that have the potential to access or affect Protected data or third party data that the third party would consider Protected data MUST also inform the Data Governance Committee prior to starting the project.
The Data Governance Committee MUST be informed of any changes to Data Categories and Roles. Information MUST be submitted to the chair of the Committee at least one week before a Data Governance Committee meeting in order for it to be on the agenda.
The Data Governance Committee will catalog the categories of data, who is responsible for (roles of) the data, and will review all new use or sharing of Protected data. The Data Governance Committee will approve or ask for further clarification from the submitter.
III. Scope
This policy pertains to all Protected Bradley data and Protected data entrusted to Bradley by third parties.
IV. Definitions