NAU Data Access Policy

Data is one of the University vital resources. University Data is the property of NAU and represents official University records. Data is independent of media on which it is stored or presented; it may be on-line, in a file, printed on paper or micro-fiche or on other media.

Employee access to data is privilege granted for the express purpose of providing direct support of the University mission.

Security is required to protect the integrity of the University data.

It is reasonable to attempt to meet the need to protect University data while still allowing employee access to that data.

Ethical Use of Data
Only actions which unquestionably conform to the purpose of providing direct support of the University mission are considered ethical use of University data. Any other access, representation, application or disposition of University data is considered unethical abuse of the privilege of access to data and may be cause for discipline, including dismissal of employees and expulsion of students, as well as criminal prosecution.

Users are responsible for safeguarding their identification codes and passwords, and for using them only as authorized. Examples of misuse include: unauthorized use of a account; obtaining a password that you are not authorized to use; giving out your password to an unauthorized person; or using the campus network to gain unauthorized access to any computer system, and using a "sniffer" or other methods in an attempt to "crack" passwords. (ITS Policy -105)

Responsibilities of an Employee in the Use of University Data
Users who accept access to University data also accept responsibility for understanding:

  • The meaning and purpose of the data
  • Controlling access to and release of data covered by law such as the Family Education Rights and Privacy act of 1974 (FERPA) governing confidentiality of students’ educational records.
  • Maintenance, storage and disposal of data in a secure, responsible and accountable manner.
  • Verification that alternate representations of the data, such as ad hoc reports are indeed true and fair representation of the original data and are labeled “unofficial”.
  • Notifying the appropriate data steward before disseminating data to external agencies or entities (Note: the data steward may issue standing authorization to certain departments or individuals for release of information to external agencies.)
  • Requesting assistance from the appropriate department for data requested or required by other internal entities.
  • Reporting cases of abuse whenever and wherever they are encountered.


Home Page | Quick Links | Change Management Committee | Forms | Reports | SIGA | Training | Contacts | Functional Team | Technical Team


© 2005 Northern Arizona University