Data Stewards are senior University officials or their designees with Planning and Policy- level responsibility for information within their functional areas and management responsibility for defined segments of University information. The Data Steward is the individual or entity identified by law, contract or policy with responsibility for granting access to and ensuring appropriate use of the information. In the case of research information, the principal investigator is ordinarily the Data Steward except when a sponsored project award or gift might specify that the sponsor is the Steward.
The responsibilities of the Data Steward include:
● Assigning, training and overseeing Deputy Data Stewards.
● Overseeing the establishment of data policies in their areas.
● Determining legal and regulatory requirements for information in their areas.
● Ensuring that Deputy Data Stewards implement segregation of duties and rules in applicable areas.
● Promoting appropriate information use and information quality.
● Ensuring that he/she does not put his/her information at risk through his/her own actions.
● Assigning classification standard values to the information for which he/she is responsible.
● Implementing a Records Retention and Disposition Schedule for information.
● Working with the Information Security Office, Deputy Data Stewards and other authorized individuals on the investigation and mitigation of information security incidents/breaches affecting the confidentiality, availability, or integrity of their information.
● Performing information security duties as required by other University standards and practices, policies, executive orders, coded memoranda, etc.
● Establishing written procedures granting and revoking access privileges.
Deputy Data Steward(s)
Deputy Data Stewards are individuals or entities with direct operational responsibility for the management of one or more types of University information.
Deputy Data Steward responsibilities include:
● Developing and maintaining information classification according to this standard.
● Developing, implementing and managing information access policies.
● Ensuring that data quality and data definition standards are developed and implemented.
● Interpreting and assuring compliance with Federal, State and University policies and regulations regarding the release of, responsible use of and access to University information.
● Coordinating and resolving issues and data definitions of data elements that cross multiple functional units.
● Providing communications and education to information users on appropriate use and protection of University information.
● Ensuring that access to and protection of information and the file systems that host them are in compliance with all applicable information security policies and the authorized directives of the information authority.
● Ensuring that any electronic systems have all appropriate security features installed. This includes operating systems and systems software, database management systems, applications systems, computer hardware, firewalls where appropriate and communications hardware and software being administered by the information custodian/Steward.
● Working with the Information Security Office, the Data Steward and other authorized individuals on the investigation and mitigation of information security incidents/breaches affecting the confidentiality or integrity of the information.
● Notifying the Information Security Office in a timely manner of any perceived breach or loss of Highly Sensitive or Sensitive information.
● Reviewing access requests to and use of the information, determining appropriate access and authorizing or denying the request under their authority.
● Ensuring that those with access to the information understand their responsibilities for collecting, using, retaining and disposing of the information only in appropriate ways.
● Monitoring usage of the information.