Information Technology Services

Data Security Definitions

Computing Equipment

"Computing Equipment" is any electronic storage device, laptop, or system.

Data Custodian

Individuals responsible for providing a secure infrastructure in support of University Data, including, but not limited to, providing physical security, backup and recovery processes, granting access privileges to system users as authorized by Data Managers or their designees, and implementing and administering controls over the information. In many cases at Clark, the role of Data Custodian is a shared responsibility with ITS being responsible for physical security support (secure facility, backup and recovery), and the applicable Data Manager having responsibility for access and control over the University Data.

Data Ownership

Clark University is considered the data owner of all institutional data; individual units or departments may have stewardship responsibilities for portions of the data.

Data Managers

University officials who have planning and policy-level responsibilities for data in their functional areas are considered Data Managers. The Data Managers, as a group, are responsible for recommending policies, establishing procedures and guidelines for university-wide data administration activities, and training of Data Users on the proper handling of data. Data Managers, as individuals, have operational-level responsibility for information management activities related to the capture, maintenance, and dissemination of data. Data Managers are responsible for developing and applying standards for the management of University Data, for reviewing access privileges on an annual basis, and for ensuring that Data Users are appropriately informed of security obligations associated with their data access. For historical reasons — because data and the responsibility for data have traditionally been organized along functional or subject-area boundaries — the Data Managers are established according to this same subject-area organizing principle.

Data Users

Individuals who need and use University Data as part of their assigned duties or in fulfillment of their role in the University community.

Information Security Officer

University official who has oversight responsibility for the University's data security program as well as compliance with relevant regulations, security policies, standards and guidelines.

Protected Health Information

"Protected Health Information" or PHI is all individually identifiable information that relates to the health or health care of an individual and is protected under federal or state law.

Qualified Machine

A "Qualified Machine" is a computing device located in a secure facility and with access control protections that meet Clark ITS standards.

Student Records

"Student Records" are those University Data types that are required to be maintained as non-public by the Family Educational Rights and Privacy Act (FERPA).  Student Records include Clark-held student transcripts (official and unofficial), and Clark-held records related to: (i) academic advising, (ii) health/disability, (iii) academic probation and/or suspension, (iv) conduct (including disciplinary actions), and (v) directory information maintained by the Registrar’s Office and requested to be kept confidential by the student. Applications for student admission are not considered to be Student Records unless and until the student attends Clark.

University Data

University Data (electronic and paper) consists of information stored in any college database or on paper that contains information on past, current, or future students, employees, donors or friends.  All University Data, whether maintained in a central database or copied into other data systems, remain the property of the University and are governed by this policy statement.

Created on: February 25, 2009
Last Reviewed: May 28, 2015

Authored by: VP for Information Technology and CIO
Reviewed by: Information Security Task Force
Approved by: Technology Steering Committee