Body
Overview
The University of Oregon shall approve direct access to institutional data stored in Ellucian’s Operational Data Store (ODS) to ensure that access to sensitive data is authorized, that sensitive data with a need for protection are used appropriately and that authorized access complies with the UO policies and relevant state and federal laws.
Direct access to the ODS database for advanced analytics is provided on a limited basis to a small number of key personnel in academic and administrative units as well as analysts within the Office of Institutional Research. This access, when provided, will be based on a verified need to perform advanced ad hoc data analysis which can’t be met by predefined data models and tools available through the Integrated Data and Reporting (IDR) Cognos application. Users who are eligible for this access typically include those whose primary job is performing data research and analysis for a dean or vice president’s office.
Objective / Purpose
This procedure outlines the requirements for granting and revoking direct access to the ODS.
Authorized User Must Have Approved Access to Cognos
Access will be granted to only those users who have approved access to Cognos. To request access, download the attached PDF, Direct Access Data Use Agreement, and follow the instructions for approval.
Data Stewards Approve Direct Access to Institutional Data
Access to institutional data stored in the ODS is approved by UO’s designated data stewards. Data stewards shall grant access in compliance with the UO’s data access policies and procedures and all relevant regulations (e.g. FERPA, HIPAA and GLBA). Data stewards shall grant access only to those employees that need the access to perform their job duties or fulfill the university’s mission.
Vice Presidents or Deans Approve Access to Institutional Data
Access to institutional data stored in the ODS shall not be granted to an employee unless approval has been granted by a university vice president or dean.
Only Authorized Users Shall Access Institutional Data
All access by individuals to institutional data stored in the ODS shall be controlled by reasonable measures to prevent access by unauthorized users.
Data Users Shall Use Institutional Data Responsibly
Data Users must responsibly use data for which they have access including only using the data for its intended purpose and respecting the privacy of members of the university community. Data users must maintain the confidentiality of data in accordance with the all applicable laws and UO policies. Authorized access to the ODS does not imply authorization for copying, further dissemination of data, or any use other than the use for which the employee was authorized. Access to the data is for research and reporting only and that data will not be loaded to any transactional or operation-based systems. Data stewards retain the right to approve and grant direct access to the ODS tables.
External Third-Party Access to Institutional Data Is Prohibited
Access to institutional data through the ODS tables by third parties is prohibited.
Compliance and Enforcement
The IDR Direct Access Committee shall hold regular meetings of the direct access users. The committee is co-chaired by the Director of Institutional Research and the Director Research and Assessment for Enrollment Management and Student Services. The committee will monitor the individuals who have direct access to the ODS and provide guidance on the appropriate use the data. Specifically, the committee will:
- Ensure that access is granted only to those with a legitimate business need for the data. Direct access users may not transfer their data access rights to others, release administrative data to others, or use data for purposes other than those for which access was granted.
- Confirm that users have signed the direct access agreement and that they are following security guidelines before being given access to institutional data. The committee will review and reauthorize access on an annual basis.
- Notify Information Services if a member of the committee leaves the university or moves into a new position where access is no longer appropriate.
- Provide guidelines for the use of the institutional data.
- Establish an annual process where current direct access users must reaffirm that they still require and use this access.