Secure data management starts with you!

Protecting the security and privacy of institutional data is everyone’s responsibility.

Many UW-Madison employees access and use data in their roles. Secure data management practices are important because much of this data is protected for privacy or legal reasons. Here are just a few examples of data that are protected by our institution:

Information about individual identity, including legal sex, race, veteran status, and disability status.
Social security numbers.
Annual benefits elections, such as medical insurance plans and dependent information.
Direct deposit and other financial information.
Academic records, such as grades, learner activity, and coursework.
Health and medical records of students, employees, and UW-Health patients.
Research data collected from participants.

Five ways to use protected institutional data responsibly

One. Only access the information you need to perform university-assigned responsibilities.

Two. Sensitive and/or restricted data is best protected on UW-owned and managed devices (even if you work remotely).

Three. Do not share protected institutional data with others unless they have authorized access.

Four. Learn about and comply with applicable laws, regulations, policies, standards, and procedures, including privacy and cybersecurity protections and retention requirements. Examples:

Student records regulated by FERPA.
Protected Health Information regulated by HIPAA.
Internet and Cybersecurity.
Wisconsin Public Records.
And more!

Five. Report any actions that violate data responsibilities to the Office of Cybersecurity.

Screen-sharing is data sharing—even in Workday!

All employees have access to Workday, UW-Madison’s new data system for Human Resources and Finance data. Some UW-Madison workers have access to sensitive institutional data in Workday based on their security role.

When using data systems as a manager or in your job, remember that sensitive employee information may be easily visible on screen. It is your responsibility to ensure that the content you present or share with others is appropriate for the security roles assigned to those in your audience, regardless of the platform or venue (e.g., a meeting recording).

When in doubt, avoid displaying protected institutional data in presentations or virtual team meetings, as screen-sharing is a form of data sharing.

Recorded meeting sharing sensitive data. — Sharing a meeting recording could unintentionally expose sensitive data to unauthorized audiences!

Explore further

If you have questions about data domains or classifications of institutional data, contact the relevant data steward or the Data Governance program in DAPIR. This information is an excerpt from the online data literacy training by DAPIR and OHR. All employees can learn more about UW-Madison staff responsibilities when working with institutional data. Register for Data@UW (netID required).

This article is a part of a larger event, UW–Madison’s Love Data Week 2026, which runs from Monday, February 9, to Friday, February 13, and provides an opportunity to explore, share, and celebrate all things data. The Office of Data, Academic Planning & Institutional Research (DAPIR) and the University Libraries at UW-Madison proudly sponsor UW–Madison’s Love Data Week, which includes a partnership with Big Ten Academic Alliance (BTAA).