Search This Site


Main menu


A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

View All


Text, numbers, graphics, images, sound, or video and in any format, electronic or paper.  The University regards data maintained in support of a functional unit's operation as University data if they meet at least one of the following criteria: If

  1. at least two administrative operations of the University use the data and consider the data essential;
  2. integration of related information requires the data;
  3. the University needs to verify the quality of the data to comply with legal and administrative requirements for supporting statistical and historical information externally;
  4. a broad cross section of University employees refers to or maintains the data; or
  5. the University needs the data to plan.

Some examples of such University-owned data include student course grades, patient records, employee salary information, research, vendor payments, and the University's annual Common Data Set.

Data Access Approvers

University and Medical Center officials who have responsibility for confirming that requests for access correctly map to what the data users need in the way of access to the specific components of a given application required to perform job duties, and for which they have appropriate training. (The Data Access Approver will be either the Data Steward, the Deputy Data Steward, or the Executive Data Steward.)

Data Loss Prevention (DLP)

Data loss prevention (DLP) is a set of tools and processes used to ensure that highly sensitive data (HSD) is not lost, misused, transmitted, or accessed by unauthorized users.  At UVA, it can refer to scanning to identify where highly sensitive data (e.g., social security numbers (SSNs) and credit card numbers) are stored or emailed and remove them.

Data Security Lead

The person designated by the VP or Dean to provide oversight of data security for the organization.  If no individual is designated, the person responsible for providing oversight of IT for the organization will fulfill this role.

Data Steward

University and Medical Center officials who have responsibility for determining the purpose and function of data within their assigned data domains.  They (1) work to protect the accuracy, integrity, and (as appropriate) confidentiality of data; (2) have final sign-off authority for users seeking to access, retrieve, manipulate, or view data for their respective data domains. May delegate final sign-off authority to Deputy Data Stewards they appoint, but retain accountability for decisions; and (3) work to make certain users have an understanding of the data to which they have access.

Data Users

Individuals who acknowledge acceptance of their responsibilities, as described in this policy, and its associated standards and procedures, to protect and appropriately use data to which they are given access; and meet all prerequisite requirements, e.g., attend training before being granted access.

Deputy Data Stewards

Individuals who authorize or reject access requests based upon approval criteria established by the Data Stewards who appoint them.

Domain (of data)

The entire collection of data for which a University employee assigned the role and responsibilities of an Executive Data Steward, Data Steward, or Deputy Data Steward is responsible. The data domain also includes rules and processes related to the data.

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form