Statement of Policy
The purpose of this policy is to ensure that Business Intelligence Information is readily accessible to members of the University community while protecting confidential or sensitive information from accidental or unauthorized access.
Definitions
- Author - An employee who is given access to the data to write their own reports, analysis, and dashboard.
- Publisher - One employee from each department who holds Author authority. Additionally, the publisher, with the permission of the appropriate department head (data owner), can publish dashboards, analysis, and reports for public access.
- Confidential Information (CI) - Information protected by federal or state law may not be shared with unauthorized persons. These laws include the Federal Privacy Act which protects social security numbers, the Family Educational Rights and Privacy Act (FERPA) which protects personally identifiable student records, the Gramm-Leach-Bliley Act (GLBA) which protects consumer financial information, and the Health Insurance Portability and Accountability Act (HIPAA) which protects personal health information.
- Sensitive Information (SI) - Information protected due to proprietary, ethical, legal or privacy considerations. This information is intended for limited use within the University. Access to SI may be restricted by the author or publisher of data for Business Intelligence.
Policy
The University has invested significant resources in creating a Business Intelligence information and data system. The Business Intelligence system will only be useful if University personnel have access to the robust information needed to inform institutional planning and decision making. However, it must be recognized that authors and publishers have corresponding obligations to protect Confidential and Sensitive Information from illegal or unauthorized disclosure or use. Authors, publishers, and users should be cognizant that some data may be useful in the aggregate and at the same time be unlawful or unethical to use on an individualized basis (e.g. race, age, religion, disability). Thus, authors and publishers should restrict access to confidential or sensitive data or information. Questions, concerns or disagreements regarding classification of information or data as Confidential or Sensitive should be directed to the University’s Security Information Officer.
All Authors and Publishers of Business Intelligence must read and understand the University's Confidential Information Policy (MUPIM 3.22/OAC 3339-3-22) and Policy for Responsible Use of University Computing Resources at Miami University (MUPIM 19.2) of the Miami University Policy Library. Failure to adhere to these policies is grounds for revocation of authorship/publisher status and may lead to disciplinary action including termination. Authors and Publishers are responsible for creating dashboards and reports for the areas for which they are responsible. Authors and Publishers should not use other Authors' and Publishers' data without approval. Data may not be accessed or used for personal purposes and access to Business Intelligence may not be provided to unauthorized persons. All Authors and Publishers are required to execute the Acknowledgement of Privileged Access.
Policy Administration
Approval(s) and Date(s)
- Version 1.0 Approval: Institutional Analytics Advisory Committee
- Version 1.0 Approval: April 7, 2014
Recent Revision History
- February 23, 2022 - Name change from "Institutional Analytics" to "Business Intelligence"