The Institutional Data Access and Authorization Standard requires that access to protected data, defined as data not authorized for public release, follow a minimum set of authorization steps and that the process is tracked and documented.
Data Stewards grant or deny access to data in their domain. You may be authorized to access protected institutional data if:
- The data is needed to perform duties assigned to your job or role at the university.
- For sensitive or restricted data:
-
- You attest to complete certain obligations to protect the data, such as required training on rules and regulations.
- Your access is approved by a supervisor and/or a divisional approver.
The Data Access and Authorization flowchart visualizes the process outlined above.
Badger Data Access, an example of the standard in practice, provides authorized access to institutional data. Within Badger Data Access, staff request the institutional data they need, the approval (or denial) is tracked, and an auditable history is maintained.