||Approved Date 11-13-2018
Effective Date 11-13-2018
Revision No. 1.0
This policy establishes guidelines for the use and management of college data.
2.0 Revision History
3.0 Persons Affected
3.1 All users who create, manage, or use college data.
The policy of Casper College is to ensure the following.
4.1 The college responsibly manages its data and the data in which it is entrusted.
4.2 The college uses data, a vital asset, for strategic decision-making, to promote student success, and to improve and maintain operational efficiency.
4.3 The college uses data to support its mission.
4.4 The college abides by all federal, state, and local laws regarding the use and management of data.
5.1 College Data. Data in any form or location that meets one or more of the following criteria. College data are assets of the college.
- Data that the college has a legal obligation to responsibly manage
- Data that is relevant to the operations, planning, management, control, reporting, auditing, and administration of the college
- Data that is created, received, maintained, or transmitted as a result of the function of the college
- Data that is included in an official college report
- Data that is used to derive any data element that meets the above criteria
College data are not:
- Data created or used in the conduct of research
- Scholarly work of faculty or students
- Intellectual property that does not contain personally identifiable information or other data protected by law or college policy
- Data created through acceptable limited personal use of college systems that is not directly related to college business
5.2 Data Governance. The formal orchestration of people, processes, and technology to enable Casper College to securely leverage data as an organizational asset and strategic resource.
5.3 Data Governance Committee. A committee of representatives from institutional research, informational technology, financial aid, registration and records, human resources, finance, faculty, public relations, and other college departments as needed. Additional committee members include the vice president of academic affairs, vice president of student services, and the associate vice president of academic affairs, who chairs the committee. The committee is responsible for establishing and monitoring policies and procedures to ensure data availability, consistency, integrity, usability, and security and effective data management throughout the college including the identification of data stewards.
5.4 Data Steward. Employees who have primary administrative and management responsibilities for data within their areas of responsibility.
5.5 Data Custodian. Employees or organizations in physical or logical possession of college data who are responsible for the security, transport, and storage of the data and implementation of business rules.
5.6 Data Managers. Employees with direct operational level responsibility for information management including the capture, maintenance, dissemination, and use of data and administrative duties delegated by the appropriate data steward.
5.7 Data User. A college employee, student, individual, affiliate, or third party who is authorized to access college data to perform assigned duties, roles, or functions. This access is granted solely for the conduct of college business. Data users are responsible for, but not limited to, the following.
- Following appropriate policies, standards, procedures, and guidelines governing the use, security, and privacy of college data
- Report suspected or actual vulnerabilities pertaining to the confidentiality, integrity, or availability of college data
- Report suspected or actual breaches in the confidentiality, integrity, or availability of college data to the Data Governance Committee
6.1 The Office of Institutional Research is responsible for maintaining compliance with this policy.
6.2 Data stewards are responsible for ensuring compliance to laws and policies regarding data and for addressing violations.
6.3 Data custodians and users are responsible for protecting data and using the data only as intended.
6.4 Data managers are responsible for accessing only the data that they are authorized to access and using that data only in the manner and extent intended with their authorization.