NAU Data Access Policy
Data is one of the University vital resources. University Data is the property of NAU and represents
official University records. Data is independent of media on which it is stored or presented; it may
be on-line, in a file, printed on paper or micro-fiche or on other media.
Employee access to data is privilege granted for the express purpose of providing direct support of the
Security is required to protect the integrity of the University data.
It is reasonable to attempt to meet the need to protect University data while still allowing employee
access to that data.
Ethical Use of Data
Only actions which unquestionably conform to the purpose of providing direct support of the University
mission are considered ethical use of University data. Any other access, representation, application
or disposition of University data is considered unethical abuse of the privilege of access to data and
may be cause for discipline, including dismissal of employees and expulsion of students, as well as
Users are responsible for safeguarding their identification codes and passwords,
and for using them only as authorized. Examples of misuse include: unauthorized use of a account;
obtaining a password that you are not authorized to use; giving out your password to an unauthorized
person; or using the campus network to gain unauthorized access to any computer system, and
using a "sniffer" or other methods in an attempt to "crack" passwords.
(ITS Policy -105)
Responsibilities of an Employee in the Use of University Data
Users who accept access to University data also accept responsibility for understanding:
- The meaning and purpose of the data
- Controlling access to and release of data covered by law such as the Family Education Rights and
Privacy act of 1974 (FERPA) governing confidentiality of students’ educational records.
- Maintenance, storage and disposal of data in a secure, responsible and accountable manner.
- Verification that alternate representations of the data, such as ad hoc reports are indeed true
and fair representation of the original data and are labeled “unofficial”.
- Notifying the appropriate data steward before disseminating data to external agencies or entities
(Note: the data steward may issue standing authorization to certain departments or individuals for
release of information to external agencies.)
- Requesting assistance from the appropriate department for data requested or required by other
- Reporting cases of abuse whenever and wherever they are encountered.