UConn Logo banner
 
University Policies e-Library
 
Search for a Policy
 
Browse UConn Policies
Policies By Title
Policies By Effective Date
Policies By Applies To
 
Browse Department Guidelines/Policies
Policies By Title
Policies By Effective Date
Policies By Department
Policies By Applies To
 
Text Only Version
 
ePolicy Administration
University Policy Details Print View
Title: Responsibilities for Maintaining Currency of Legal Obligations with Respect to University Data
Author: University Information Technology Services
Effective Date: 08/31/2008
Applies To: Employees
Last Reviewed Date: 11/18/2008
Description: Responsibilities for Maintaining Currency of Legal Obligations with Respect to UniversityData
For More Information Contact: Director of IT Security, Policy and Quality Assurance
Contact Telephone Number: 860-486-4357

 

Policy on Responsibilities for Maintaining Currency of Legal Obligations with Respect to University Data

 

Background and Reasons for the Policy: The University of Connecticut views University Data, in all its forms and throughout its life cycle, as an asset of the University. There are currently several Federal and State laws and regulations that affect various aspects of University Data such as:  

  • Family Rights and Privacy Act (FERPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Electronic Communications Privacy Act (ECPA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Children's Online Privacy Protection Act (COPPA)
  • Freedom of Information Action (FOIA)
  • Connecticut Personal Data Act

While these laws are quite complex and there have been several changes in the laws in recent years, the University is committed to maintaining currency of our legal obligations with respect to University Data.

Purpose of Policy: The purpose of this policy is to establish the levels of responsibilities by members of the University community with respect to maintaining currency of legal obligations resulting from Federal and State laws and regulations impacting Data.

Expected Institutional Outcome: It is expected that this policy will improve the University community's awareness of regulatory changes impacting University Data and enable timely compliance with Federal and State laws and regulations.

Definitions:

Data Steward: The entity/entities or office/offices that are delegated by the President and/or his designee(s) with the policy-level responsibility for establishing definitions of the data assigned to him/her (i.e. defined portions of University Data) and developing general procedures and guidelines for the management, security and access to those data sets, as appropriate.

University Data: Items of information that are collected, maintained, and utilized by the University for the purpose of carrying out institutional business subject to or limited by any overriding contractual or statutory regulations. University Data may be stored either electronically or on paper and may be of many forms (including but not limited to: text, graphics, images, sound, or video). Research data, scholarly work of faculty or students, and intellectual property that do not contain personally identifiable information or other data protected by law or University policy are not covered by this policy.

Policy Statement: In addition to the responsibilities defined by the Policy on Roles and Responsibilities with Respect to University Data, the University has an expectation that all University employees (collectively and individually) have a role in ensuring that the University maintains currency of its legal obligations with respect to Data. This role is based on a staff member's organizational level, specific job functions and responsibilities, formal assignments to committees and other working groups, and professional standing.

Responsibilities:  Individually, vice presidents/vice provosts, deans, directors and department heads and other senior administrators are expected to stay informed on local, national and world events and to be aware of external mandates that may affect University Data.  This can be accomplished, for example, through their participation in professional organizations, attendance at national/international meetings and conferences, and participation in professional listservs.  Such administrators should also develop internal procedures to insure the vertical flow of information to them from their staff who may also learn of changes impacting University Data through their own professional sources.  Where appropriate, administrators may also assign such monitoring and analysis responsibilities to a member(s) of their staff to the extent required.  As such information is obtained, administrators must insure the horizontal flow of information to other senior administrators through the various channels (e.g., the various executive level leadership meetings) already in place.

All committees involving senior administrators are expected to include on their agendas, and proactively solicit information regarding the sharing of the existence of new laws/regulations affecting University Data, and for discussing any institutional implications such laws may have on the University. Each senior administrator is responsible for alerting the groups in which he/she participates of any applicable regulatory changes.

While discussion of the impact of new legislation on University Data is important, such discussion must not hamper Data Stewards from implementing any necessary policies and procedures required to comply with the new legislation in a timely fashion. Data Stewards are responsible for taking appropriate and reasonable measures to inform and educate employees, on an ongoing basis, about the requirements for complying with the specific legislation and policies applicable to the information to which the employees have access. Data Stewards may delegate to others the actual training function.

Deans, directors, department heads and others serving in supervisory roles are responsible for providing their staff with specific information on compliance with applicable laws, policies and procedures as determined by the Data Stewards.

Employees are responsible for making all reasonable efforts to understand, stay informed, and comply with the applicable laws and policies affecting information to which they have access and to attend any and all required training sessions. Under some situations, and at the discretion of the Data Steward, employees may be required to sign a statement of understanding prior to being given access to specific data.

Enforcement and Review:

The President, and/or his designee(s), has overall responsibility for implementation and enforcement of this policy.

Review of this policy by the President and/or his designee(s) will occur on a bi-annual basis. Delegation of responsibilities will be reviewed on an annual basis.

Any individual who suspects a violation of this policy may report it to the Compliance Office in the Office of Audit, Compliance and Ethics at (860) 486-4526, or anonymously through the Reportline (https://www.compliance-helpline.com/uconncares.jsp). Violations of this policy may result in appropriate disciplinary measures in accordance with University Laws and Bylaws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Conduct Code.

 

Last updated: August, 2008

 

Any questions concerning the University Policies e-Library contact:
UITS Help-Center (860-486-4357) or Email: HelpCenter


       
A-Z INDEX        UCONN HOME        TEXT-ONLY