Data Handling Requirements Help Protect Purdue Data - 08/16/11

Purdue University manages all of its data under the University’s Data Classification and Governance policy. This policy formalizes Purdue’s “public,” “sensitive” and “restricted” data classifications. It also sets forth the formal structure for how Purdue manages the use of its data.

The University’s data stewards are responsible for making sure data is classified appropriately and that procedures are established to properly use classified data.

The data stewards’ organization has members from across campus. As part of their responsibilities, the data stewards have developed handling requirements for the various types of University data. There are handling requirements for printed information, electronically stored information, and electronically transmitted information. The data stewards review these handling requirements on a regular basis.

It is the responsibility of people using Purdue data to make sure they use it correctly. When a person is using Purdue’s data (whether in electronic or printed form), that person is considered a “data custodian.” Data custodians are individuals who need and use Purdue data on a daily basis as part of their assigned employment duties or functions. Data custodians must follow the data handling requirements created by the data stewards.

“Understanding and following the handling requirements is important,” said Daniela Rivera, data steward for Administrative Computing, Housing and Food Services. “This is because there are so many different tools that data custodians use each day. It would be impossible for the data stewards to create different handling requirements for each different type of tool. Instead, data custodians need to follow already-established requirements for the types of data that they are using.”

For example, SharePoint tool use is exploding on campus because the tool is such an effective way for members of the Purdue community to collaborate.

“While SharePoint is a unique tool, there are not separate or special rules for handling data stored in SharePoint,” Rivera said.

Instead, SharePoint users need to follow the already-established data handling requirements for electronically stored information. Currently, use of the SharePoint tool falls under the classification: “Storage on fixed media, with access controls, accessible via the Web.” The handling requirements for that classification can be found on the Electronically Stored (Computer-based) Information page of the SecurePurdue website.  

How a person uses data at Purdue depends on how that data is classified, not on the type of tool that a person is using. All Purdue University employees are responsible for using Purdue data appropriately. One way to make sure you are using Purdue’s data appropriately, whether it is in SharePoint or in any other way, is to learn more about Purdue’s data handling requirements. The data stewards have created a number of educational resources to help data custodians properly use Purdue data.

Data custodians can test their data handling knowledge by taking the data handling certification quiz. This is a one-time certification that is available on the WebCert website. After logging in with your Purdue career account and password, choose “Enterprise Certifications” and then “Data Handling” to take the quiz.

To learn more about data classification and handling at Purdue, please visit the Data Classification & Handling page of the SecurePurdue website. For additional resources, please visit the Data Classification and Handling Educational Resources page.

This article originally appeared in the June 2011 edition of SecurePurdue News.