This policy explains how we share OSU-specific information, and the obligations held by individuals with this information to use and secure it appropriately. It relates to all OSU-specific information, including student, employee, and financial records, received by individuals through the performance of their duties, provision of services, or participating in programs. Every individual who has access to OSU-specific information is expected to adhere to this policy regardless of how the information was received or the format in which it was received. Non-OSU employees must read and sign this policy as a condition of access to and use of University information.

Information about access to data is available at http://is.oregonstate.edu/policies/university-data-management-classification-and-incident-response/data-access

Below is a listing of the most broadly utilized OSU-specific information and the associated data stewards. Not all information or data stewards are listed and individuals are advised to seek information regarding the security and access of OSU-specific information not listed below by contacting Information Services.

Student

data steward

Course Catalog

Registrar

Class Schedule

Registrar

Recruitment

Admissions

Admissions

Admissions

General Student

Registrar

Registration

Registrar

Accounts Receivable

Business Affairs

Academic History

Registrar

Curriculum, Advising & Program Planning

Registrar

 

Finance

 

Accounts Payable

Business Affairs

Accounts Receivable

Business Affairs

Budget

Budget & Fiscal Planning

Payroll

Business Affairs

Fixed Assets

Business Affairs

FOAPAL Elements

Joint Ownership: Business Affairs &

Budget & Fiscal Planning

 

Financial Aid

Financial Aid

 

Employee

 

Payroll

Business Affairs

All Other

Human Resources

 

OSU employees in positions requiring access to the Banner database or data warehouses will find the access request procedure at http://oregonstate.edu/dept/computing/banner/access.html.

Use and Release of Information

  • Individuals may request and utilize information needed to perform the scope of their responsibilities to the University. Individuals may not utilize information for a task that is not within the direct scope of their responsibilities without the prior approval of the appropriate data steward.
  • Release of student data must follow the guidelines as available at http://oregonstate.edu/registrar/guidelines-release-information. Release of employee data must follow the guidelines as available at: http://oregonstate.edu/admin/hr/document/pdf/guidelines-release-employee-records . All requests for records coming from outside the University are to be reviewed by the appropriate data steward prior to release. The data steward will consult with the General Counsel’s office as appropriate for compliance with the public records law.
  • Aggregate (summary data, not person specific) information, extracted from information systems or reports, may be released internally or externally if it has already been publicly released with the approval of the records custodian. Aggregate data that has not been published by the University may be released only with the prior approval of the appropriate data steward.
  • Subpoenas or other requests from law enforcement authorities for student or employee records should be referred to the Office of the Registrar for students or the Office of Human Resources for employees.

Expectations for Responsible Use of Information

  • Respect electronic computing resources and systems and your impact upon them.
  • Information is available for your use in your official role at OSU only. No additional uses of information or sharing of information may be made without appropriate authorization.
  • Removal of the official record copy of documents from the office where they are maintained is permissible only when authorized to do so and in the performance of official duties.
  • Keep all passwords and access codes confidential and out of sight of others
  • Keep all confidential information and records, however maintained or stored, safeguarded against inappropriate use or access by others.
  • Report any infractions in the use or release of information to the appropriate records custodian.

Violations

Users who violate this policy may be subject to disciplinary actions and/or criminal and civil penalties and may be denied access to University computing resources. Such actions will be taken as determined appropriate in consideration of the severity and frequency of the violation(s). Violations will be handled through the University disciplinary procedures applicable to the relevant user and may include referring suspected violations of applicable law to appropriate law enforcement agencies