Text, numbers, graphics, images, sound, or video and in any format, electronic or paper. The University regards data maintained in support of a functional unit's operation as University data if they meet at least one of the following criteria: If
- at least two administrative operations of the University use the data and consider the data essential;
- integration of related information requires the data;
- the University needs to verify the quality of the data to comply with legal and administrative requirements for supporting statistical and historical information externally;
- a broad cross section of University employees refers to or maintains the data; or
- the University needs the data to plan.
Some examples of such University-owned data include student course grades, patient records, employee salary information, research, vendor payments, and the University's annual Common Data Set.
University and Medical Center officials who have responsibility for confirming that requests for access correctly map to what the data users need in the way of access to the specific components of a given application required to perform job duties, and for which they have appropriate training. (The Data Access Approver will be either the Data Steward, the Deputy Data Steward, or the Data Trustee.)
Data loss prevention (DLP) is a set of tools and processes used to ensure that highly sensitive data (HSD) is not lost, misused, transmitted, or accessed by unauthorized users. At UVA, it can refer to scanning to identify where highly sensitive data (e.g., social security numbers (SSNs) and credit card numbers) are stored or emailed and remove them.
The person designated by the VP or Dean to provide oversight of data security for the organization. If no individual is designated, the person responsible for providing oversight of IT for the organization will fulfill this role.
Data Stewards are University (Academic Division, the Medical Center, and the College at Wise) have operational oversight for the life cycle of a specific data domain including the definition, intake, and usage of the data. Data Stewards will oversee the development, maintenance, and enforcement of appropriate policies, standards, and procedures for the use of data in their functional areas, including defining criteria for data access authorization and have final sign-off authority for users seeking to access, retrieve, manipulate, or view data for their respective data domains.
Data Stewards are assigned by, and are accountable to, Data Trustees. Institutional data stewards help define, implement, and enforce data management policies and procedures within their specific data domain. Institutional data stewards have delegated responsibility for all aspects of how data is acquired, used, stored and protected throughout its entire lifecycle from acquisition through disposition. Each Data Domain (or subdomain) has a Data Trustee and a Data Steward. Deputy Data Stewards are appointed as needed by Data Stewards to complete data stewardship activities.
Data Trustees are senior University (Academic Division, the Medical Center, and College at Wise) officials who have planning and policy-level responsibilities for a large subset of the institution’s data resources. They: (1) oversee the implementation of this policy for their data domains; (2) determine the appropriate classification of institutional data (highly sensitive, sensitive, internal use, or public) in consultation with executive management and appropriate others; and (3) appoint Data Stewards for their data domains.
Data trustees provide a broad, university-wide view of data, approve policies, resolve questions of procedure, and ensure that data plans are consistent with and in support of university strategic plans.
Individuals who acknowledge acceptance of their responsibilities, as described in this policy, and its associated standards and procedures, to protect and appropriately use data to which they are given access; and meet all prerequisite requirements, e.g., attend training before being granted access.
Deputy Data Stewards are individuals who authorize or reject access requests based upon approval criteria established by the Data Stewards who appoint them.
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.