DMUP

Policy Issued: April 12, 2006 Supersedes: Provisional Approval June 23, 2004	University of California, Berkeley

Data Management, Use, and Protection

Responsible Executives:	Nathan Brostrom, Vice Chancellor Administration Shelton Waggener, Associate Vice Chancellor IST and Chief Information Officer
Responsible Office:	Business & Technology Solutions http://datasteward.berkeley.edu/
Contact:	For questions about this policy, contact data@berkeley.edu
Table of Contents:

Policy Summary
Who is Affected by This Policy
Who Administers this Policy
Why We Have This Policy
Roles & Responsibilities

Procedures
Glossary
Appendix A: Examples of Restricted Campus Data
Appendix B: Best Practices

Policy Summary

University-owned information (hereafter campus data ) must be managed, used and protected in accordance with federal and state law and University of California and campus policies so as to ensure its integrity, availability, privacy, and confidentiality.* Each employee, agent, or affiliate of UC Berkeley, who handles campus data for the purpose of performing his or her job duties, or other functions directly related to his or her contractual affiliation with UC Berkeley, is a steward of campus data responsible for the proper handling of campus data resources under his or her control. Some examples of types of campus data are payroll, personnel, faculty, student, alumni, development, financial, facilities-related, and sponsored research data. Some data are unique and may have additional protocols for their management and use. These data types include sponsored research, survey, marketing, and outsourced data.

Campus data stewardship roles are formally defined as:Administrative Official, Data Proprietor, Data Custodian, Data Integrator, Data User, Office of Record and System of Record. Each role has associated responsibilities. Campus members' or affiliates' roles are determined by their relationship to the data within their custody. An individual might have multiple roles, for example, a Dean may be the Administrative Official of the school's data resources, a Data User of student records, and a Data Proprietor of her or his own sponsored project research database.

Compliance with the Data Management, Use and Protection policy (DMUP) is achieved when all obligations for applicable roles have been met. To do so departments/units (and in some cases individuals) must assess if the data in their custody are campus data and whether any are restricted or essential data; assign applicable stewardship roles in accordance with DMUP role definitions; require that assignees review the responsibilities of their role(s), adhere to those responsibilities; and use best practices when fulfilling their roles and responsibilities.

This policy must be implemented and observed in all campus environments. Disputes related to data management, use and protection are handled by a campus data administration governance system and arbitration process. Violations of this policy may be subject to legal actions and/or punishable by disciplinary action.

* Existing legal requirements and University of California and campus policies already establish obligations of campus Administrative Officials, and their assignees, for the reliability and security of campus data resources. DMUP is the Berkeley campus interpretation of these laws and polices. For those who wish to consult the related source laws and policies, they are listed with links in the Related Documents section. However, it should be noted that DMUP itself is the authoritative policy source for mandating campus data stewardship roles and responsibilities.

Who is Affected by This Policy

Faculty, staff, students, and other members of the campus community who have access to or control over University-owned data.

Who Administers This Policy

Deans, Directors, and Department Heads
Unit Administrators, Administrative Officials
Faculty and Instructors
Principal Investigators
System Administrators
Employees working with campus data in any capacity
Students who access campus data, whether or not employed by the University
Contracted Agents and Affiliates of UC Berkeley

Why We Have This Policy

Data in their many forms, are one of the University's most important assets. In every area, and at every level of the campus, members of the campus community are managing or using campus data. As with other assets, (i.e., financial, physical) managing data requires each of us to take responsibility for its reliability and security. The integrity of data must be protected against threats such as unauthorized intrusions, malicious misuse, or inadvertent compromise. UC campuses (including Berkeley) have experienced significant security breaches, involving hacked networked computers, unauthorized access, misuse of data, stolen laptops and lost personal digital assistants (PDA's) containing campus data. While we cannot perfectly protect data, we can implement responsible management practices that improve both the confidentiality and accuracy of our data while reducing overall risk and liability to individuals, department and the campus.

This policy describes the proper management, use, and protection of campus data. It is intended to foster clear accountability, increase the effectiveness of data administration, reduce risk from potential threats , and minimize legal exposure and liability associated with the improper use of campus data. It articulates data stewardship roles and responsibilities and establishes procedures for carrying out those responsibilities. It establishes a data administration governance system and a process for arbitrating data related disputes.

The policy applies only to data whose ownership resides with the University (i.e. campus data); however, the practices articulated in the policy are suggested irrespective of ownership. Data generally falls into the following categories (see Glossary): restricted or unrestricted; essential, required or deferrable; data of record or unofficial data. It is highly recommended that users of this policy familiarize themselves with these data types before proceeding. DMUP applies to all campus data but is particularly concerned with restricted and essential data. In an enterprise as extensive and diverse as Berkeley, it is impossible to comprehensively catalog all campus data. Some examples of data types include payroll and personnel, faculty, student, financial, research, development and facilities-related data. These may include operational data, such as data that are processed for business transactions, or data that are used for purposes of research, analysis, asessment, decision support, planning, reporting, or archiving. For more specific examples of campus data, see Appendix A.

Since the University is a large and diverse entity, systems covered by this policy may range from a portable memory device to a mainframe, and system environments may range from a large administrative unit to an individual principal investigator's research database. While DMUP roles and responsibilities are scaleable to these various conditions, DMUP does not contain mandated procedural requirements for handling data; these must be determined by campus departments/units, and in some cases individuals, dependent on the type of data within their custody, and their role/relationship to the data. DMUP does offer best practices that support the fulfillment of responsibilities associated with the various data stewardship roles, and which should be followed or exceeded in local implementations.

The policy does not apply to data that is not owned by the University of California, including but not limited to scholarly/aesthetic works created by designated academic and instructional appointees, course materials (other than course approval documents), personal works prepared outside the scope of employment and student works as defined in the University of California Policy on Copyright Ownership. It does not cover requests for data under public access through the California Public Records Act and the Family Education and Privacy Act (FERPA).

DMUP is intended to be consistent with all applicable federal and state laws, as well as University of California and campus policies (see Related Documents section). It interprets and further implements aspects of the University of California Business and Finance Bulletins, specifically the Records and Management Program Series (RMP), Information Security (IS-3), and other appropriate Univeristy policy. In the event this policy conflicts with existing federal or state law or University policy, the federal or state law or University policy will take precedence.

The guiding principles for this policy are those set forth by the University of California , Chancellor, e- Berkeley Steering Committee, and Data Stewardship Council. These principles are:

The University of California and its campuses may issue policies, guidelines and implementing procedures for the management, use and protection of data resources owned by the University.
Campus data are an essential and valuable asset whose proper management and use is instrumental to organizational effectiveness and efficiently managed resources. The proper exchange of data facilitates increased and improved planning, decision-making, and accountability; which in turn benefits the entire campus.
The campus operates under the general assumption of the free flow of information, giving all campus members, students, faculty, staff, and external partners access to information to which they have a legitimate right, except in cases where it is specifically restricted by law, UC policy, or as the result of a risk determination by a Data Proprietor.
UC Berkeley is committed to the development of an integrated and collaborative data environment using Web-enabled technologies to maximize access to data and to improve the exchange of needed information across campus.
The privacy and security of restricted data is of paramount importance.
The privacy and security of an individual should be given great weight, even when data has been de-individualized but the possibility of inference exists.
All data are not the same, and must be treated differently based on levels of sensitivity and criticality.
Different levels of data access and security must be established for various campus constituencies, including but not limited to students, faculty, staff, external partners, and the general public.
In general, the Data Proprietor and/or the Office of Record determines which users may have access to data and determines the publishing limitations for data deemed restricted, following the principles and guidelines of the University of California and Berkeley campus policies.
Data accuracy, consistency, and congruency across campus systems are desirable whenever possible.

Roles and Responsibilities

Existing University policy establishes the obligation of all campus members to protect the security and integrity of all campus data under their control. By articulating data stewardship roles and responsibilities, this policy assists campus members to identify their role(s) in relationship to the data in their custody, and determine what actions are required in order to fulfill their duties for managing and protecting the data. An individual may perform any or all of the following roles depending on their relationship to a specific data resource. For example, a dean may be the administrative official of the school's data resources, a data user of student records, and a data proprietor of her own sponsored project research database.

Administrative Officials ( e.g., control unit heads, deans, department chairs, principal investigators, directors, managers, or other high-level employees who are stewards of campus data)*:

Take ultimate responsibility for implementing campus requirements and procedures.
Establish local procedures for the protection of data under their administrative control .
Promote best practices for the management, use, and protection of campus data based upon pertinent regulations and policies.
Investigate and comply with the requirements, business rules, standards, guidelines, and procedures of Data Proprietors as well as any technical guidelines and procedures of Data Custodians.
Communicate these requirements and procedures to users of the data.
Protect restricted data from inadvertent and unauthorized access during transmission or downloading.
Ensure that management and staff are adequately and consistently trained in proper data management, use and protection, in accordance with the training guidelines in the Procedures section of this policy.
Oversee the accuracy, integrity, and integration capability of data generated under their direction. Administrative Officials should never report unofficial data as data of record when producing reports for other parties. When using unofficial data, Administrative Officials should note their use of unofficial data and be prepared to reconcile their data to the corresponding data of record.
Perform departmental/unit risk assessments to ensure that access and security requirements and disaster recovery plans, as set forth by campus security policy and specific requirements of the Data Proprietor, are properly implemented.
Ensure that comprehensive, written security plans to protect restricted data in areas within their administrative scope are created, implemented and enforced (see Provisional Requirements for Restricted Data Security Plans)
Maintain an inventory of their data resources and a catalog of restricted data elements in use within their area of control.
Establish and implement local procedures to ensure the ability to respond expeditiously to known information security breaches, disruptions caused by the failure of a security mechanism, and suspected or known security threats.

* For elaboration, see UC Berkeley's Guide to Administrative Responsibilities, which lays out the concepts of accountability and delegation of authority on the Berkeley campus.

Data Proprietors ( the individuals or departments with primary responsibility for determining the purpose and function of a data resource, for example, the Registrar's Office is the Data Proprietor for UC Berkeley's central student registration system as well as student records data, e.g., grades):

Grant and revoke access to the data resource, subject to appropriate management review.*
Perform a risk analysis to determine the levels of sensitivity and criticality of the data resource, subject to appropriate management review.
Document the specific criteria (law or policy) that apply to the designation of certain data as restricted.
Determine the level of security required for access controls, based on the sensitivity of the data, subject to appropriate management review.
Determine publishing limitations for data with a sensitivity level of restricted.
Determine business continuity requirements, based on the criticality level of the data resource, subject to appropriate management review.
Determine the appropriate method for providing business continuity for data resources with a criticality level of essential
Oversee the accuracy, integrity, and integration capability of data generated under their direction.
Ensure the publication and maintenance of a data dictionary that defines the data and sets requirements for the data's use. **
Prepare a comprehensive written security plan, in collaboration with the Data Custodian, for all restricted data and ensure its implementation.
Protect restricted data from inadvertent and unauthorized access during transmission or downloading.
Specify adequate data retention in accordance with UC Berkeley records retention policies.
Ensure the destruction of restricted data by third party users upon the completion of data-sharing arrangements with vendors, both internal and external to the campus.
Communicate requirements (e.g., use, security, business continuity, disclosure, disposition, etc.) to users of their data.

*The Data Proprietor may delegate to the Data Custodian the authority to grant access to a data resource as required for management functions.

**Plans call for the development of further guidelines and tools to assist the campus in implementation, including aids for developing data dictionaries and security plans.

Data Custodians ( individuals or departments that function as the technical partner of a Data Proprietor and are responsible for the implementation of data systems and the technical management of data resources):

Ensure the integrity of data resources under their supervision.
Establish and implement standards and procedures to ensure that all data resources are managed consistent with the needs and requirements set forth by the Data Proprietor, recommending technical solutions to the Data Proprietor as needed. These procedures may include, but are not limited to, implementing business rules, following a security plan, managing the flow of data, implementing changes to data, executing appropriate back-up procedures, and meeting data retention requirements. (See, for example, Information Systems & Technology (IST) Administrative Applications and Data Security Policy [AADSP]).
Publish and maintain a data dictionary as directed by the Data Proprietor.
Establish security standards and procedures for systems, applications, and data, following the level of access security identified by the Data Proprietor's security plan and in accordance with the security policies of the University of California and UC Berkeley. Disseminate these standards and procedures accordingly.(For example, see Minimum Security Standards for Networked Devices.)
Implement security measures following the level of access security identified by the Data Proprietor, including procedures that achieve audit through maintaining access and activity logs.
Protect restricted data from inadvertent and unauthorized access during transmission or downloading.
Implement, at the direction of the Data Proprietor, a disaster recovery plan for data resources deemed essential and for the preparation and general oversight of the performance of disaster recovery in the event of a disaster.
Ensure the destruction of restricted data by third party users upon the completion of data-sharing arrangements with vendors, both internal and external to the campus.

Data Integrators ( managers of a data resource that integrate the data of two or more Data Proprietors, one of which may be the Data Integrator themselves)*:

Have the same responsibility for their integrated data system as that of Data Proprietors (see Data Proprietor section) plus the following:
Comply with all UC Berkeley policies, procedures, standards, and guidelines related to information privacy and security.
Uphold the requirements, business rules, procedures, standards, and guidelines of the Data Proprietors from whose data resources the integrated data is derived, as well as those of the associated Data Custodians, including, but not limited to, enforcing access and security requirements; ensuring the accuracy, integrity, and integration capability of the data; and protecting restricted data from unauthorized use or publication.
Perform a risk assessment to determine the sensitivity of and associated security requirements for the newly integrated data. An evaluation of the individual data elements, aggregated data, and data system security management should be included in the assessment.
As a result of the risk assessment, institute additional access and security requirements for the integrated data as needed, meeting the minimum security requirements of the original Data Proprietors at all times.
Keep a catalog of restricted data elements in use, whether restricted originally by the Proprietors or as a result of a risk assessment. Catalogs are themselves restricted data and must be protected accordingly.
Protect restricted data from inadvertent and unauthorized access during transmission or downloading.
Must obtain approval from the Data Proprietor before using their data.
Upon initial request, fully disclose to the Data Proprietor the intended use, distribution, and medium of distribution of any data deemed restricted by the Proprietor, and receive documented approval from the Proprietor for the intended use.
Obtain additional approval from the Data Proprietor if, at a later time, the Data Integrator wants to go beyond the specified scope for which the data was originally released.

* The integration of data may be accomplished by various methods including but not limited to the sharing of data elements or through authorized access to the Proprietors' data resources.

Data Users (Berkeley employees, students, or other individuals affiliated with UC Berkeley granted authorization to access or create campus data and who invoke or access data for the purpose of performing their job duties or other functions directly related to their affiliation with UC Berkeley):

Learn, understand, and comply with all UC Berkeley policies, procedures, guidelines, and standards governing the use of the data they are handling. (See IT Security-related Policies and Guidelines.)
Investigate and comply with the requirements, business rules, procedures, standards, and guidelines of the Data Proprietor as well as any technical procedures and guidelines of the Data Custodian.
Access data only in the performance of assigned duties.
Use data for authorized purposes only.
Accurately prepare, use, and retain data.
Understand the sensitivity levels of the data they are using.
Respect the confidentiality and privacy of individuals whose records they access.
Protect data from unauthorized changes.
Ensure that appropriate security protocols are in place when viewing and storing restricted data.
Protect restricted data from inadvertent and unauthorized access during transmission or downloading.
Redistribute data only with permission from the Data Proprietor.
Communicate the Proprietor's use requirements to any subsequent users.
Report violations of campus policy and/or Data Proprietor requirements.

Office of Record (the office designated by the campus as having responsibility for responding to formal data requests, meeting reporting requirements, responding to audits, etc., for specific types of data)*:

Represents the campus to outside agencies for specific data types.
Interprets the definitions of data established by the University of California and other external bodies to meet specific reporting requirements.
Sets rules for the collection or use of its data and communicates these rules to the appropriate entities when required.
Manages the flow of data under its purview and authorizes changes to data as appropriate when required.
Maintains data for the required retention period, for the appropriate dictionaries, and for transfer to archives after “active status” has expired.
* The Berkeley campus distinguishes between the roles of “Office of Record” and “Data Proprietor”. The Office of Record has similar responsibilities to those of the Data Proprietor, but has the additional unique responsibility of representing the campus to outside agencies for specific data types. The Office of Record may not necessarily be the Data Proprietor or the originator of data for which the office is responsible. The University of California has phased-out the term Office of Record, preferring the use of Proprietor only (see Business and Finance Bulletin RMP-1).

System of Record (an application or system formally designated and used to provide official campus information for reporting and other purposes):

Contains data of record (official data) for specific data types and/or data elements.
Serves as the official point for updating data of record; data of record should be modified only in the System of Record in which it officially resides.

Campus Electronic Information Resource Security Officer* (designated by the Chancellor to have responsibility for campus compliance with Business and Finance Bulletin IS-3, the University's policy on electronic information security):

Facilitates compliance and provides education on IS-3 guidelines through collaborative relationships with academic and administrative officials, consistent with the campus governance structure and policy compliance strategies.
Confirms that the roles of Data Proprietor, Data Custodian, and Data User are assigned for every essential electronic information resource.
Oversees the review and approval of the means used to provide the requisite security of restricted or essential electronic information resources.

* The Chief Information Officer is the Campus Electronic Information Resource Security Officer for the Berkeley campus.

e-Berkeley Steering Committee (the governing body for the Chancellor's e-Berkeley initiative to implement Web-based applications and support activities that strengthen communication and collaboration among members of the campus community):

Provides overall guidance, prioritization, and policy related to the e-Berkeley initiative.
Institutes the data management, use, and protection policy recommendations of the Data Stewardship Council.
Serves as final arbiter of issues that may arise from the implementation of this policy.

Data Stewardship Council (A subcommittee of the e-Berkeley Steering Committee that develops a campus framework for an integrated data environment and culture and serves as a resource to the campus community in the area of data management):

Recommends to the e-Berkeley Steering Committee data management, use, and protection policy.
Reviews and interprets for the campus complex policies related to data management, use, and protection.
Educates the campus on the principles, responsibilities, and procedures set forth in this policy.
Advocates mechanisms for building an integrated data environment across campus.
- Recommends campus standards for data management terminology such as definition of roles, responsibilities, and systems of record.
- Recommends campus naming standards for enterprise data elements.
- Collects and publishes data related to campus information management infrastructure, and provides a central resource for campus information systems.
- Cooperates with other campus planning, architecture, and security entities to support the development of an enterprise strategy for a fully-integrated campus computing environment.
- Provides a forum for the discussion of data integration issues.
Reviews, advises, and makes recommendations to the e-Berkeley Steering Committee or other appropriate campus bodies on matters of data management, use, and protection concern.
Develops, maintains, and publishes procedures and standards under the auspices of the e-Berkeley Steering Committee.

Procedures

Compliance with DMUP is achieved when all obligations for applicable roles have been met. To do so departments/units (and in some cases individuals) must assess if the data in their custody are campus data and whether any are restricted or essential data.; assign applicable stewardship roles in accordance with DMUP role definitions; require that assignees review the responsibilities of their role(s) and adhere to those responsibilities; and use best practices when fulfilling their roles and responsibilities.

Best Practices

Appendix B contains best practices meant to assist campus members in executing their data stewardship responsibilities through physical, logical and managerial measures. Departments/units and individuals, are encouraged to follow these recommended practices. Departments/units may choose to instead follow their own established practices for managing and using data as long as the practices are 1) equal to or exceeding the requirements of these practices and 2) are written and communicated to all affected persons.

Training

It is a campus goal to provide adequate training for the proper management, use, and protection of campus data, however, it is ultimately the responsibility of department/unit Adminstrative Officials to ensure that each person within their administrative purview who has access to campus data is adequately trained in the proper handling and protection of data in their custody.. Administrative Officials must learn of campus resources for training related to data management, use, and protection and avail themselves and their staff of these resources as they become available. Information about campus IT security training can be found at: http://security.berkeley.edu/sec.trng.html. The campus provides a basic tutorial on computer security, and a HIPAA security tutorial online at eTrain. For a data security technical tutorial, see Computer and Data Security on Campus: A Tutorial for Users, prepared by the Academic Senate Committee on Computing and Communications (COMP).

Data Proprietors may establish specific training requirements as a condition of access to restricted data within their purview. In such cases, training shall be provided by the Data Proprietor. Administrative Officials must ensure that data users within the Administrative Official's area of supervision participate in Proprietor-sponsored training when applicable (such as FERPA training for access to and use of student data.)

Administrative Officials should routinely ensure that appropriate security awareness training is conducted for departmental management and staff. Training should include review of University and campus security policy, guidelines, and standards, and departmental procedures and best practices established to safeguard restricted data, and if applicable, regulations governing specific restricted data (i.e. FERPA, HIPAA, Gramm-Leach Bliley Act, USA Patriot Act.) Training materials should include topics such as password management and use, best practices for handling restricted data, incident reporting, and security reminders regarding current threats.

This policy is itself a training document, and shall be made readily available to all affected staff. Availability may be either in paper or electronic form.

Special Cases

While this policy applies to all campus data, certain typesof data are unique and may have additional protocols. These data types include sponsored research, survey, marketing, and outsourced data.

Sponsored Research Data

When managing campus data resources, principal investigators operate as both administrative officials and data proprietors, and as such are responsible for implementing local policies and procedures within their research environment. That is, they need to comply with this policy, as well as any applicable federal, state, University , or research sponsor requirements.

Data generated from specific types of research activities are subject to relevant polices and regulations, such as, the Protection of Human Subjects, Animal Care and Use, Conflict of Interest, etc. Guidance on these policies and regulations can be accessed through the Sponsored Projects Office, the Animal Care & Use Committee, and the Office for the Protection of Human Subjects.

Research data generally fall into two categories: 1) original research data collected and maintained by campus principal investigators, or 2) campus administrative data used in support of academic research. Principal investigators are considered the Data Proprietors of their original research data, and assume the rights and responsibilities of that role in the management, use, and protection of their data. However, when using campus administrative data as the source for research information, investigators must follow the rules and requirements of the campus Data Proprietors of the source data. These rules and requirements may include, but are not limited to, data use, security, business continuity, disclosure, disposition, and training.

Special care should be taken when utilizing other campus departments or external third parties to collect data (see Outsourced Data section.)

Federal and state regulations as well as University and campus requirements are rapidly changing with respect to information management, use, and protection. In such a dynamic environment, it is prudent for the campus, with respect to research data, to ensure that there are opportunities to resolve data-related issues. Thus when issues related to the management, use, and protection of research data arise, they should be vetted, discussed, and resolved through the appropriate body that sanctions the research activity associated with the data in issue (e.g. Human Subjects). For issues related to the use of campus administrative data for research purposes, when the data is not subject to a specific sanctioning body, the arbitration process described in the above Arbitration of Disputes section shall apply.

Faculty members may also seek resolution of research data related issues through the standard channels of academic administration (i.e., Department Chair, Dean, Executive Vice Chancellor and Provost, and Chancellor levels.)

After other avenues of resolution have been explored, an issue may be referred to the appropriate committee of the Berkeley Division of the Academic Senate. Senate Bylaws determine that faculty grievances be heard by the Committee on Privilege and Tenure, and the Academic Personnel Policy specifies the standards and procedures for addressing cases of misconduct.

Survey Data

When conducting campus-based surveys, surveyors should investigate whether the data they are collecting is already under the purview of a campus Data Proprietor. If so, surveyors are obligated to follow the rules and requirements of the Proprietor. These rules and requirements may include, but are not limited to, data use, security, business continuity, disclosure, disposition, and training.

A survey may result in data elements being collected that have not been previously collected and administered by a campus Data Proprietor. In such a case, the surveyor becomes the Proprietor of those new data elements only, and is accountable for performing the responsibilities associated with that role (see Responsibilities section for Data Proprietor.)

Surveyors must be extremely cautious and well-informed on privacy issues; various regulations and policies may apply (see Related Documents section.)

Marketing Data

One of the primary data collection activities associated with marketing efforts is the collection of contact and personal information about individuals, or directory information. As a general rule, directory information may be used only for the purpose for which it was collected and should never be shared, traded, or sold to other campus or off-campus entities, unless expressly authorized by the individuals whose personal information is being exchanged.

Campus members handling marketing data must be extremely cautious and well-informed on privacy issues. Questions specific to the proper management, use, and protection of marketing data should be directed to University Relations.

Outsourced Data

Agents and affiliates, both internal and external to the campus, must follow the same rules as the Data Custodian and Data Integrator when managing and using campus data (see Responsibilities sections for Data Custodian and Data Integrator.) Agents and affiliates are responsible for ensuring the security of data during transmission and while in their custody, and the removal of data at the completion of contractual arrangement.

Only Data Proprietors or Data Custodians, with the documented permission of the Data Proprietor, are authorized to pass data to a third party agent or affiliate of UC Berkeley. All passing of data to a third party agent or affiliate must be accompanied by a written contractual agreement (including terms and conditions) that provides, at minimum , for a) disallowance of disclosure by the agent or affiliate to other third parties including subcontractors, b) the requirement that all agents and affiliates must observe the laws and policies required of UC Berkeley for privacy and security, including federal, state, University of California, and campuswide policies, c) a specific plan by the agent or affiliate for the implementation of logical, physical, and managerial security strategies, and d) and for restricted data, a specific plan for the destruction of the data upon completion of the agent's or affiliate's work for UC Berkeley.

Consult with the Business Contracts Office, Sponsored Projects Office or other appropriate office with signature authority for contracts when writing an agreement for the sharing of data with agents or affiliates. The Business Contracts Office is delegated responsibility for the review, negotiation, and execution of business contracts between campus units and external entities, and its review must be included for any contracts negotiating data sharing agreements with external entities.

Violation of Policy and Misuse of Data

Violations of this policy include, but are not limited to: accessing data to which the individual has no legitimate right; enabling unauthorized individuals to access data; disclosing data in a way that violates applicable policy, procedure, or other relevant regulations or laws ; inappropriately altering, damaging, or destroying data ; inadequately protecting restricted data; or ignoring the explicit requirements of Data Proprietors for the proper management, use, and protection of data resources. Violations may result in network removal, access revocation, corrective action, and/or civil or criminal prosecution. Violators may be subject to disciplinary action up to and including dismissal or expulsion, pursuant to campus policies, collective bargaining agreements, codes of conduct, or other instruments governing the individual's relationship with the University. Recourse shall be available under the appropriate section of the employee's personnel policy or contract, or by pursuing applicable legal procedure.

Arbitration of Disputes

Disputes may arise in the course of managing, sharing, and using campus data, including issues of proprietorship, denial of access, misuse, etc. To address disputes, the Data Stewardship Council provides a medium for arbitration. The Data Stewardship Council arbitration process is a means for resolving administrative intra-campus disputes only. It does not apply to personal privacy disputes or disputes involving academic research data, except in the case where the source of the research data is campus administrative data and the data is of a type such that it does not fall under the purview of an existing compliance body (e.g. Human Subjects).

Disputing parties are encouraged to make every effort to work cooperatively to reach agreement. This should include referring the dispute to the appropriate Administrative Official and/or Data Proprietor. If an agreement cannot be reached, a disputant may appeal to the Data Stewardship Council for a resolution. A review will be undertaken by the Council's Conflict and Violations subcommittee. Upon completion of its review, the subcommittee will make its recommendation to the full Data Stewardship Council, which, in turn, will issue a ruling to the disputants and a report to the e-Berkeley Steering Committee. Disputants may appeal a ruling of the Data Stewardship Council to the e-Berkeley Steering Committee, which has final authority on the arbitration of any issues that may arise from the implementation of this policy. Final rulings will be referred to the Vice Chancellors of the disputing parties for implementation.

Glossary

Administrative Official: Any UC Berkeley employee to whom financial, administrative, or management responsibilities have been delegated, e.g., vice chancellors, provosts, deans, department chairs, principal investigators, directors, or managers. Administrative Officials have ultimate responsibility for the stewardship of campus data, of which they may or may not be the Data Proprietor.

UC Berkeley Business: The administrative, operational, teaching, research, and public service functions of the campus.

Best Practice:The optimal solution to a business problem.

Campus Data: All data owned by the University that are prepared, supplied, used, or retained by University employees, within the scope of their employment, or by agents or affiliates of the University, under a contractual agreement, except for data specifically excluded from University ownership by law, policy, or through special overriding ownership provisions. Some examples of types of campus data are payroll, personnel, faculty, student, alumni, development, financial, facilities-related, and sponsored research data. Campus data can be contained in any form, including but not limited to documents, spreadsheets, databases, email, and Web sites; represented in any form, including but not limited to letters, numbers, words, pictures, sounds, symbols, or any combination thereof; communicated in any form, including but not limited to handwriting, typewriting, printing, photocopying, photographing, and Web publishing; and recorded upon any form, including but not limited to papers, maps, films, prints, discs, drives, memory sticks, and other devices. The term "data" as used in this policy is similar in definition and use to the term "records" in the policy of the University of California , Business and Finance Bulletin, Records Management Program (RMP-1).

Campus Members: Students, faculty, staff, agents, and affiliates of UC Berkeley, and the general public.

Campuswide Procedure: The action(s) necessary to carry out a campuswide policy.

Catalog: A control file that lists restricted data elements within a data system. Catalogs should include the reason for restriction and an explanation of how the security requirements of the restricted data are being met. Catalogs themselves are restricted data and must be protected accordingly.

Data: Factual material or information. (See, also, definition of Campus Data.)

Data Criticality: A measure of the importance of a data resource to the continuing operations of UC Berkeley. The criticality of a data resource determines whether or not it must be included in the campus Disaster Recovery Plan. Data resources are classified into three levels of criticality as follows:

· Essential designates a data resource whose failure to function correctly and on schedule could result in a major failure to perform mission-critical business functions, a significant loss of funds, or a significant liability or legal exposure.

· Required designates a data resource that performs an important function, but the operation of the campus could continue for some designated period of time without it.

· Deferrable designates a data resource that the campus could operate without; it need not be performed correctly or on schedule and would not affect mission-critical business functions.

(For a full discussion of data criticality and data summary chart, see UCOP IS-3, Section IV, B&C)

Data Custodian: An individual or department responsible for the implementation of data systems and the technical management of data resources. For example, IS&T is the Data Custodian of human resource data, and the IT administrator of Haas School of Business is the data custodian of all Haas data systems.

Data Dictionary: A tool that provides metadata or information about data. A data dictionary describes the definitions, attributes, and context (e.g. proprietorship, business rules) of data elements within a data set. Users of data often utilize a data dictionary to understand the meaning of data elements and to find instructions for the data elements' proper use. Data dictionaries are essential for understanding information stored in data warehouses and have become increasingly important in XML-based Web applications. Data dictionaries range in sophistication and complexity. Most proprietors of databases have some system for communicating the meaning of individual data elements and instructions for their appropriate use and protection. Data dictionaries formalize that communication into a useful tool for all users of the data. For example, in a research and survey context it might be extremely important for a principal investigator to convey what the real meaning of a data element is and how it was derived so that it is properly used by others, such as co-researchers from other campuses or universities.

Data Integrator: An individual who manages a data resource that integrates the data of two or more Data Proprietors, one of which may be the Data Integrator. The Office of Planning and Analysis is an example of a data integrator who integrates faculty, student, human resource, and facilities data into the Cal Profiles system.

Data Proprietor: An individual or department with primary responsibility for determining the purpose and function of a data resource . For example, the Office of Human Resources is the Data Proprietor for employee records data, University Relations is the Data Proprietor of gift information, and a principal investigator is the Data Proprietor of their sponsored research data. Data Proprietors are sometimes incorrectly referred to as “data owners.”

Data of Record: Data recognized by the campus as containing official information about a certain data type to which data users must reconcile when producing official or external to the department reports. Data of record normally reside within a System of Record, which may or may not be the place in which the data originated. Data of Record should be modified only with the consent of the Data Proprietor and only within the System of Record where the data officially resides. Data of record is required to be maintained, accurate, and timely. Campus systems should use data of record whenever possible and refresh data from the System of Record on a regular basis.

Data Resource: A resource that involves the processing, transmitting, or storage of data, as well as the data itself. Data resources include but are not limited to databases, application systems, operating systems, communications systems, tools, data – in raw, summary, and interpreted form – and associated computer mainframe , server, desktop, communications, and other hardware used to conduct activities in support of the University's mission.

Data Sensitivity: A risk characteristic used to assess the level of access and security controls required to protect data. Data fall into two levels of sensitivity: Restricted or Unrestricted .

· Restricted data is data to which use is restricted by law, University of California , or UC Berkeley policy; or data that a Data Proprietor has designated as protected from general access or modification, even if such access may not be prohibited by law, University of California , or UC Berkeley policy. Types of restricted data include, but are not limited to, data that identifies or describes an individual and data to which unauthorized access, modification, or loss could seriously or adversely affect UC Berkeley, its partners, or the public.

· Unrestricted data is data to which access or modification is not restricted by law, University of California , or UC Berkeley policy and is permitted by the Data Proprietor.

(In IS-3 Restricted data is further divided into Personal and Limited categories. For a full discussion of data sensitivity, see UCOP IS-3)

Data User: A campus employee, student, or other affiliated individual granted authorization to access or create campus data and who accesses data for the purpose of performing his or her job duties or other functions directly related to his or her affiliation with UC Berkeley. (Unauthorized use of campus data resources may result in corrective action, and/or civil or criminal prosecution under applicable law, see section on Violations of Policy and Misuse of Data.)An example of a data user includes someone who handles business transactions and performs data entry into a business application, or someone who gathers information from an application or data source for the purposes of analysis and management reporting.

Deferrable Data Resource: A data resource that the campus could operate without; it need not be performed correctly or on schedule and would not affect mission-critical business functions. (See IS-3, Section IV, B)

Disaster Recovery Plan: A written plan for the resumption of campus business after a disaster.

Essential Data Resource: A data resource whose failure to function correctly and on schedule could result in either a major failure to perform critical business functions, a significant loss of funds, or a significant liability or legal exposure. (See IS-3, Section IV, B)

Guideline: A brief, general explanation of how to follow policies and/or procedures, usually presented in a pamphlet, brochure, or Web site.

Integrated Data: Data that has been integrated from the data of two or more Data Proprietors. Integration may be accomplished by various methods including but not limited to the sharing of data elements or through authorized access to the Proprietors' data resources.

Inventory: A control file that lists data systems in use within a particular department/unit. Departments are strongly encouraged to keep an inventory of their data systems.

Locally Administered Data Systems (LADS): Computing systems of any size, application, or platform designed, developed, and/or administered in UC Berkeley departments or units, other than central campus administrative computing systems.

Metadata: Information about data. Metadata is essential for understanding information stored in data warehouses and has become increasingly important in XML-based Web applications.

Office of Record: The office designated by the campus as having responsibility for responding to formal data requests, meeting reporting requirements, responding to audits, etc., for specific types of data (e.g., facilities or student data). The Office of Record may not necessarily be the Data Proprietor or the originator of data for which the office is responsible.

Personal Information (also referred to as Personally Identifiable Information): Any information that identifies or describes an individual, including, but not limited to, his or her name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history. It includes statements made by, or attributed to, the individual. Not all personal information is restricted data. To clarify whether specific information is restricted, contact the Data Proprietor of the information. (For detailed definitions of both personal and public information and how they apply, see the California Information Practices Act of 1977, and the Berkeley Campus Policy Governing Disclosure of Information from Student Records.)

Policy: A set of principles and procedures intended to govern actions.

Procedures: The actions necessary to carry out a policy.

Research Data: Any information regarding University research done at or by the University, at any location, by faculty, staff, or students in the course of teaching or research and not otherwise available to, or accessible by, third parties. These data include: notebooks, protocols, progress reports, final reports, drafts, funding requests, proposed budgets, contracts (public or private), computer-generated and/or computer-readable material, codes, source codes, or software. (See UCOP Research Policies and Guidelines.)

Required Data Resource: A data resource that performs an important function, but the operation of the campus could continue for some designated period of time without it. (See IS-3, Section IV. B)

Restricted Data: Data to which use is restricted by federal or state law or University or campus policy; or data that a Data Proprietor has designated as protected from general access or modification, even if such access may not be prohibited by federal or state law or University or campus policy. Types of restricted data include, but are not limited to, data that identifies or describes an individual and data to which unauthorized access, modification, or loss could seriously or adversely affect UC Berkeley, its partners, or the public. Examples of restricted data include social security number, employee home address, date of birth, financial information such as credit card number or bank account number, student grades and financial aid records, and responses to a Request for Proposal (RFP) before a decision has been reached. (See IS-3, Section IV, B)

Security: Measures taken to reduce the risk of 1) unauthorized access to data resources via logical, physical, or managerial means; and 2) damage to or loss of data resources through any type of disaster (such as employee error or other accidents, long-term system failures, natural disasters, and criminal or malicious action). Security also encompasses measures taken to reduce the impact of any violation of security or of any disaster that occurs despite preventive measures.

Standard: Something established by authority, custom, or general consent as a model or example.

System of Record: A system formally designated and used to provide official campus information for reporting and other purposes.

Unofficial or Reference Data: All campus data that are not data of record, including, but not limited to, data that are extracted, modified, extended, revised, or changed from data of record; data that duplicate data of record; and data created independently of data of record but not sanctioned by the campus as data of record. Unofficial data typically resides in data warehouses, locally administered data systems, or workgroup level applications that have been created to administer additional data not found in Systems of Record or data of record. Whenever possible, systems should use data of record rather than unofficial data. If using unofficial data for analytical and reporting purposes, analysts should note their use of unofficial data and be prepared to reconcile their findings back to the data of record. If any variances exist, they should be documented and explained by the analyst. Unofficial data should never be distributed as data of record.

Unrestricted Data: Data to which access or modification is not restricted by federal or state law or University or campus policy and to which access is permitted by the Data Proprietor . Examples of data that are unrestricted include data contained in annual campus financial reports, class catalogs, and campus general information handbooks. (See IS-3, Section IV, B)

Appendix A

Examples of Restricted Campus Data

DMUP applies to all campus data, that is, data (or information) owned by the Univerisity of California. It is particularly concerned with restricted data, which is data whose use is restricted by law, University of California or UC Berkeley policy, or by a campus Data Proprietor as the result of a formal risk assessment. Types of restricted data include, but are not limited to, data that identifies or describes an individual and data to which unauthorized access, modification, or loss could seriously or adversely affect UC Berkeley, its partners, or the public. In an enterprise as extensive and diverse as Berkeley, it is impossible to comprehensively catalog all campus data. The following are a few examples of campus data that are restricted.

Type of Data (Information)	Data Element/Information Item
Identity (for any individual associated with the University including employees, students, donors, research subjects)	Social Security Number, driver's license number, passport number, account access/passwords, date of birth, home address and telephone number, demographic information, e.g., ethnicity, age, gender
Student	Any information that is not in the list of campus-designated directory information* including but not limited to student ID number, test scores, grades, GPA, class level, class schedule, gender, ethnicity, residency status, financial aid records, and letters of recommendation
Financial	Credit card number, debit card number, loan collection records, proprietary vendor information (e.g. Tax ID, quotes)
Human Resources	Application information, letters of recommendation, performance evaluations, faculty review records, W2Forms, employee benefits elections, Worker's Compensation claims and settlements
Research	Identity information for human subjects, responses to a proposal before a decision has been reached
Facilities	Architectural floor plans, exact room location of building-systems equipment, exact location of utility valves
Intellectual Property	Trade secrets, software programs

For a more comprehensive list of campus restricted data see the Data Stewardship Council Campus Restricted Data List.

*Campus-designated directory information includes student's name, address (local, permanent, billing, e-mail), telephone number, date and place of birth, major field of study, dates of attendance, class level (e.g., freshman, sophomore), enrollment status (e.g., undergraduate or graduate, full time or part time), number of course units in which enrolled, degrees and honors received, most recent previous educational institution attended, particpation in officially recognized activities, including intercollegiate athletics, name, weight, and height of participants on intercollegiate athletic teams. All other student-related data is restricted data.

Appendix B

Best Practices

These practices are meant to assist campus members in executing their data stewardship responsibilities through physical, logical and managerial measures. Departments/units and individuals, are encouraged to follow these recommended practices. Departments/units may choose to instead follow their own established practices for managing and using data as long as the practices are 1) equal to or exceeding the requirements of these practices and 2) are written and communicated to all affected persons.

Data Management

1. Conduct risk assessments to identify data resources that are “restricted” or “essential” and require protection, and to understand and document risks from security failures that may cause loss of confidentiality, integrity, or availability; risk assessments should take into account the potential adverse impact on the University's reputation, operations, and assets. The campus will attempt to provide risk assessment guidance and tools but everyone who is responsible for managing data is ultimately responsible. Campus data proprietors are required to conduct risk assessments and communicate security requirements for departments and individuals to follow. Departments, and in some cases, individuals need to identify and assess risk in their local environments. Risk assessments should be conducted by teams composed of appropriate administrators, managers, faculty, and information technology and other personnel associated with activities subject to assessment.

2. Keep a log of access rights assignments in each department/unit. Review and update the log annually.

3. Keep a catalog of restricted data elements in use within each department/unit. Review and update the catalog annually

4. Keep an inventory of data systems within each department/unit. Review and update the inventory annually.

5. Collect and retain only that data essential to the performance of assigned tasks.

6. When handling restricted data of any kind, check with the appropriate Data Proprietor to determine training requirements for the access and use of that data.

7. To increase data accuracy, integrity, and integration capacity in currently operating data systems:

Update the data in each system with data of record.
Continue to update data periodically by reconciling it with data of record. For example, when entering faculty names into a departmental faculty database, get a data feed from Payroll and periodically update data by reconciling it with Payroll data.

8. Publish and maintain an up-to-date data dictionary. A data dictionary will ensure that users interpret information in the manner intended. Otherwise, users may have to guess at the meaning or allowed values of a particular data element.

9. Backup essential or restricted software and data stored on shared servers as well as software and data stored on personal computers. Backup copies must be sufficient to satisfy Disaster Recovery requirements, application or other data processing requirments, and any functional requirements of the Data Proprietor of the data. Backup copies of essential data for Disaster Recovery must be stored at a secure, commercial site that provides standard protection or at a non-commercial campus site providing equivalent protection. (See IS-3, Section V)

10. Restricted data requires developing, documenting, and implementing a back up schedule. However, all data should be backed up on a scheduled basis as appropriate to the data.

11. When hiring or reassigning individuals, refer to the campus policy on Conducting Criminal Background Checks if the individual will be in sensitive positions accessing restricted data.

12. Periodically review the system administration work performed by employees with access to privileged system administration accounts on shared servers. (See IS-3, Section VIII)

Restricted Data

As a practical matter, there is no single or common presecription for protection of all restricted data. Technical challenges are more difficult than might appear and security regulations and tools are constantly changing. The campus is continually developing training tools and services to assist campus members in the areas of data, computer and network security. For campus security resources, see the campus System and Network Security(SNS) website. The campus provides an online tutorial on computer security, which can be access from eTrain. For a data security technical tutorial, see Computer and Data Security on Campus: A Tutorial for Users, prepared by the Academic Senate Committee on Computing and Communications (COMP). The following are basic practices that campus members must adhere to when handling restricted data.

13. Systems should not include restricted information unless absolutely necessary. These data elements are often protected by law, or sometimes by University policy. Examples of restricted data elements include social security numbers, employee home addresses , date of birth, ethnicity, financial information such as credit card number or bank account number, and responses to a Request for Proposal (RFP) before a decision has been reached.

14. Whenever possible, avoid transferring or storing restricted data. Proliferation of data greatly increases risks of unauthorized access, particularly when the data is stored in ad hoc analysis tools such as spreadsheets and desktop databases. When data is copied for analysis or research, restricted data should be deleted whenever possible. When use and storage of restricted data must occur, provide appropriate security, following campus security protocols and the security requirements established by the Data Proprietor of the restricted data. (See IS&T Campus Information Technology Security Policy)

15.Do not store restricted data on workstations, laptops or portable computing and storage devices unless absolutely necessary. If restricted data must be retained on such devices, do so only on a temporary basis and employ protective measures, such as encryption, to safeguard the confidentiality or integrity of the data in the event of theft or loss of the equipment. Permanent copies of restricted data should never be stored for archival purposes on workstations or portable equipment.

16. Do not email restricted data, either in the body of an email or as an attachment, unless encrypted . Email is not a secure form of communication. Additionally, the email recipient may have a less than secure computer or may elect to forward the information to another person who should not receive the restricted data.

17. Never leave restricted data exposed on unattended computer screens or leave computer screens unattended without appropriate screen access controls.

18. Remove documents with restricted data from printers immediately. Store documents with restricted data in a locked filing system. Shred documents with restricted data when they are no longer in use.

19. Delete information that personally identifies an individual (e.g., ethnicity, gender, home address, etc.) when there is no longer a business need for its retention on computing systems.

20. Provide staff access to restricted data only as needed to perform assigned duties. Limit access to restricted or essential information resources and data retained within or accessible through these information resources to Authorized Users . Control access with a secure means of authentication and authorization .

21.When designing databases, use naming conventions with documentation that easily identify restricted data (e.g. “SSN” as opposed to “Employee Code” for Social Security number), so that technical managers and downstream users can readily determine the presence of restricted data in the data they are managing or using.

22. Redact personal information not critical to the task when distributing full data sets to downstream users.

23. When personal information is included in the distribution of data to any downstream users, include notification of that fact, including reference to applicable policies and regulations.

24. Whenever possible, configure electronic applications that check authorizing or authentication databases to return confirming responses rather than personal information.

25. Be prepared in advance to notify individuals immediately if data about them has been compromised.

Data of Record and Unofficial Data

26. When designing new information systems, use data of record to populate the system. Use the same definition, field name, and values as the data of record. If not possible, note the differences in the data dictionary of the new system.

27. If referencing or planning to reference data of record, inform the Data Proprietor of the data of record. Once data of record is extracted for use by another information system where any modification is possible, it can no longer be considered data of record and becomes unofficial data in the secondary system.

28. Refresh data in referenced information systems from data of record on a regular basis.

29. If using unofficial data to populate a system, do not name data fields the same as the data of record, so as not to confuse it with the official campus data of record.

30. When using unofficial data for analytical and/or reporting purposes, note any use of unofficial data and be prepared to reconcile findings back to the data of record. Document and explain any variances from the data of record.

31. Never report unofficial data as data of record.

32. Don't distribute unofficial data; refer downstream users to the data of record.

33. To improve the accuracy and consistency of data across campus systems, communicate modifications, additions, and deletions of unofficial data related to data of record to the appropriate System(s) of Record. For example, updates to personnel records should only be done through HRMS. The System of Record can then assess the changes to determine whether the data of record should be changed accordingly.

34. Bring errors in data of record to the attention of the appropriate System of Record.

Computer Security

35. Computers, whether desktops, laptops, or servers, that house restricted data, should be administered by a professional system administrator. All computing devices should be secured in accordance with campus IT security policies and standards.

36. Protect computer access by using a solid password or pass phrase. Do not share or publish passwords. For guidance on creating passwords see http://www.net.berkeley.edu/faq/good_pw.shtml.

37. Lock with a screensaver or log off of a computer when not in use.

38. Use shared computer accounts wisely – remember that for shared accounts with multiple users, the data is available to all users. If the data are compromised, the audit trail will be inadequate.

39. Maintain appropriate physical security for computing devices with restricted data. Servers housing secure data should always be kept in a locked server room. They frequently hold backup tapes that can easily be stolen. Take special care with a laptop that includes restricted data; in the event of theft, not only will the laptop be lost, but restricted data will be compromised.

40. Remove all information from your old computer when you replace it.

41. Be aware that many types of erased data can be recovered from your computer, unless you take explicit measures to effectively remove it. (See your system administrator or Property Management)

42. Test software used to provide access controls and access control points for connectivity (e.g. firewalls) (See IS-3, Section VIII)

System Development

43. When designing a system that includes data elements that might be utilized in other systems, consider data integration issues. Define data elements so they are consistent with other data elements on campus. Additionally, consider including elements that will make it possible for the system to integrate with other systems on campus without using restricted elements to connect the systems.

44. Restricted data elements should never be used as the “key” to a system. For example, if maintaining a listing of personnel or students, never select social security number as the key field.

45. Do not maintain actual data in a test or development environment; rather, “mask” the restricted data such as social security number with dummy information. In many environments, applications developers maintain a working copy of their system to test changes. This is often referred to as a test or development environment. Often, the security on the computer or server that houses the test environment is not as stringent as that on the computer that runs the actual system. Access is also more open on the test or development environment. For example, a programmer may be denied access to certain restricted data elements in an actual system, but may have complete access to the development system.

Vendor Relationships

46. When passing data to a third party agent of the University, be sure to do so with a written contractual agreement (including terms and conditions) that provides, at minimum , for a) disallowance of disclosure by the agent or affiliate to other third parties including subcontractors, b) the requirement that all agents and affiliates must observe the laws and policies required of UC Berkeley for privacy and security, including federal and state law and University or campuswide policies, c) a specific plan by the agent or affiliate for the implementation of logical, physical, and managerial security strategies, and d) a specific plan for the destruction of restricted data upon completion of the agent's or affiliate's work for UC Berkeley.

47. Consult with the Business Contracts Office, Sponsored Projects Office, or other appropriate office with signature authority for contracts to ensure that any written agreement conforms to University and campus policies.

48. Regularly review and update agreements with external service providers to ensure vendor compliance with UC Berkeley and Data Proprietor requirements.

Questions or comments?

[UC Berkeley ][Vice Chancellor Administration ][Chief Information Officer] [Data Stewardship Council Home Page ]