All Administrative Data is owned by New York University and, as such, all members of the University community and affiliates are responsible for appropriately using and safeguarding that data. This policy establishes uniform data management standards for Administrative Data and identifies the shared responsibilities for assuring: a) the integrity of Administrative Data, and b) that Administrative Data efficiently and effectively serves the needs of the University.
This policy applies:
All Administrative Data is owned by New York University. As such, all members of the University community have the obligation to appropriately use and safeguard the asset, in all formats and in all locations.
Roles and responsibilities for safeguarding and classifying the Administrative Data asset are defined below in section C, Data Management Roles and Responsibilities.
Administrative Data is categorized as Low Risk, Moderate Risk, and High Risk following the Data and Computer Security Policy and Electronic Data and System Risk Classification Policy and should be safeguarded appropriately.
Access to University Administrative Data should be based on the business needs of the organization and should enhance the ability of the University to achieve its mission. Employees shall have access to the Administrative Data needed to perform their responsibilities. Individually identifiable data shall be available to the extent necessary to perform administrative tasks. The Chief Administrative Data Management Officer is responsible for ensuring that procedures are developed by functional offices to address those cases where a member of the University community seeks permission to access Administrative Data beyond the normal performance of their duties. The Data Trustees will review and ratify the procedures as developed.
Because no computer system is completely immune from unauthorized access or attempted access (e.g., “hacking”), applying layered security controls (e.g., multiple levels of access permissions) will better safeguard University computers and NYU’s ever-expanding body of Administrative Data, which is often sensitive. In order that the proper controls are applied, it is the responsibility of each person accessing Administrative Data to:
a. Know the classification of the system being used.
b. Know the type of Administrative Data being used.
c. Follow the appropriate security measures.
d. Consult the Related Policies at the end of this policy for further information.
Beyond existing policies, specific policies implementing data access and security and developed by functional areas shall be reviewed and approved by the Data Trustee Committee to ensure consistency with the Guiding Principles set forth in Section A, above.
Before an individual is permitted access to Administrative Data in any form, training in the use and attributes of the data, functional area data policies, and University policies regarding data is strongly encouraged. The Data Domain Trustees shall establish the appropriate levels of training for all such individuals within their units.
Administrative Data must be safeguarded and managed in all formats and media (e.g., print and digital), at all points of access, and across all University systems through coordinated efforts and shared responsibilities. Each Data Trustee, in conjunction with the appropriate Data Domain Trustee, shall be responsible for developing a plan for their functional area to assess the risk of erroneous or inconsistent data and indicate how such Administrative Data, if found, will be corrected. The Chief Administrative Data Management Officer will be responsible for ensuring that each functional area uses that plan to develop and implement processes for identifying and correcting erroneous or inconsistent data.
All campuses and sites will need to access Administrative Data following the same University policies, as well as to comply with any federal, state, or local requirements.
Data management roles with responsibilities are outlined below:
Data Trustees are senior University officials (typically at the level of Vice President or higher) who have planning and policy-making responsibilities for Administrative Data and for the establishment of operational processes to collect and record data in accordance with University business rules. The Data Trustees, as a group, are responsible for overseeing the establishment of Administrative Data management policies and procedures, and for the assignment of data management accountability.
Data Domain Trustees are senior managers in operational areas responsible for maintaining the content of Transactional Systems. The Data Domain Trustees implement policy as established by Data Trustees, assign Data Stewards, and serve as the first escalation point for problem/policy resolution from the Data Stewards.
Data Stewards are typically operational managers in a functional area with day-to-day responsibilities for managing business processes and establishing the business rules for the Transactional Systems. Data Stewards are appointed by the respective Data Domain Trustees. In support of the role of the Data Steward, the Vice President, Information Technology and Chief Information Officer provides technological data protection services.
Data Users are individuals who access Administrative Data to perform their assigned duties. Data Users are responsible for safeguarding their access privileges, for the use of the Administrative Data in conformity with all applicable University policies, and for securing such data.
The Office of Institutional Research and Data Integrity shall be responsible for working with the appropriate Data Stewards to develop definitions of commonly used terms and will define how official University metrics are calculated. Further, in the course of its work, the Office of Institutional Research and Data Integrity will typically discover data discrepancies and inconsistencies and will promptly report such to the appropriate Data Steward for resolution.
The role of Chief Administrative Data Management Officer is assigned to a member of the University's Office of Institutional Research and Data Integrity who is responsible for coordinating all activities related to Administrative Data Management.
The Data Trustee Committee establishes overall policies for management and access to the Administrative Data of the University. This committee shall be composed of the Data Trustees; shall be chaired by the Chief Administrative Data Management Officer; shall approve the policies and procedures developed in each functional area by the Data Stewards and Data Domain Trustees to ensure appropriate compliance with this policy; shall provide oversight of all University processes which capture, maintain, and report on Administrative Data; and shall approve any decisions to archive Administrative Data.
The Data Stewardship Advisory Group is a University-wide committee, primarily composed of Data Stewards. Designated Data Users may be invited to attend, as appropriate. This group reviews the operational effectiveness of Administrative Data management policies and procedures and makes recommendations to the Data Trustee Committee for improvement or change. Data Stewards will share best practices during their meetings, as well as raise concerns which cross functional areas. The group is chaired by the Chief Administrative Data Management Officer. The Data Stewardship Advisory Group must ensure regular and appropriate collaborative communication with Data Users on any operational changes which impact business processes and data.
The Data Custodians are information technology experts assigned to each transactional and reporting system which maintains Administrative Data. Data Custodians oversee the safe transport and storage of data, establish and maintain the underlying infrastructure, and perform activities required to keep the data intact and available to users.
In addition, Data Custodians are responsible for working with Data Stewards and the Chief Administrative Data Management Officer to develop automated processes which identify erroneous, inconsistent, or missing data. Data Custodians work with data support groups, the Chief Administrative Data Management Officer, and Data Stewards to resolve data issues.
Effective Date Supersedes N/A Issuing Authority Executive Vice President Responsible Officer Senior Vice President for Enrollment Management; Vice President, Information Technology and Chief Information Officer
Administrative Data: Data that is gathered, produced, stored, and/or disseminated concerning any aspect of the University’s operations. Such data includes, but is not limited to, general ledger/accounting, human capital management, student, alumni/development, space management, faculty housing, and student housing data, and also includes any data derived from the use of such data. Administrative Data excludes data related to Teaching and Learning, Research, or Community Life, which are not covered by this policy, and specifically excludes “Personal Digital Content” as described in the NYU Policy on University Access to Personal Digital Content. Administrative Data may be stored in University-supported or other data systems.
Data Classification: Details and examples of different data classifications are contained in Data Classification. A summary of those classifications is provided here:
Source Data System: An information storage system that is the authoritative data source for a given data element or piece of information.
Transactional Systems:Information processing systems for business processes involving the collection, modification and retrieval of data, as contrasted with systems used for analytics or reporting.
University: All parts of New York University other than the NYU Langone Medical Center.