University Policy AD71 interpretation – what does this mean to me?
The information below was designed to help employees interpret what Policy AD71 really means to them. For additional information on AD71, link to the full policy.
Purpose – The University has a wealth of information about people (students, employees, research subjects, etc.) and processes in any capacity. It is expected and in some cases, dictated by law, that we as an institution and individual will properly protect information about people and processes.
Data Categories – There are three categories that have been defined at the University, including public, internal/controlled and restricted. To determine how to categorize types of data that you are using, refer to the “Data Types” on http://datacat.psu.edu . University Guideline ADG07, Data Categorization Examples also provides a list of data that can be matched up to the appropriate category.
Responsibilities – We are all responsible to protect data. Information Technology (IT) staff can help protect some aspects of electronic data, but there are safeguards that individuals must apply as well. Review and become familiar with the safeguards that you as an individual can apply to keep our data/information safe. Visit http://datacat.psu.edu/data-profile-search and search for the data type you wish to learn more about or select the “Data Safeguards” link across the top menu bar of the main data categorization website http://datacat.psu.edu .
Deans, Administrative Officers, Budget Executives and IT staff have additional responsibilities as outlined in the policy.
Sanctions – Disciplinary action may apply to staff that willfully or negligently releases information without proper authorization. To mitigate the potential for this to occur, categorize the data you are working with and know where to properly store, how to secure and when to destroy the data.
Categorization Appeal Process – If you do not understand this policy or need to know more about your responsibility, contact the unit liaison team assigned in your unit. Other contacts who may be able to answer inquiries include firstname.lastname@example.org , email@example.com , firstname.lastname@example.org , the respective Dean, Administrative Officer or Budget Executive or the data steward of the data in question. Note a list of data stewards can be found in University Policy ADG07, Data Categorization Examples.