4.03 Define Data Custodian

I. Purpose

The purpose of this policy is to define individuals and/or positions held with responsibility for managing access to University data.

II. Description

Generally, the individual considered the data custodian will be the person holding the highest position within the department or college responsible for the data. For example, the person in the position of Registrar is considered the data custodian of student and any other protected or proprietary data maintained by the Registrar’s Office.

Other persons within a particular department or college may be given data custodian authority by written notification to IT from the de facto data custodian.

The data custodian is responsible for identifying which persons may have access, and at what level, to protected and/or proprietary data.

The data custodian will be responsible for retention, archival, and removal of system data records according to departmental, University, and/or regulating authority guidelines.

III. Scope

This policy pertains to all University servers, shared storage, etc., containing protected or proprietary data.

Date Approved