Data Warehouse Leadership Team

Get Help

Online: Request Help
Phone: (707) 826-4357 • Hours
Email: help@humboldt.edu
Walk-In: Library 101 • Hours
Reset HSU Password
System Status

Data Warehouse Leadership Team :: Meeting Notes and Handouts :: Data Warehouse Access Principles

Printer-friendly version

 Data Warehouse Access Principles

  • We *do* have an obligation, due to federal and state laws as well as CSU and HSU policies, to appropriately manage and protect data the university collects about individuals.
  • That said, the laws and policies *do* allow for access to this data by people who need it to perform their job for the university.
  • In order to appropriately protect data AND to provide needed access requires that we deploy several integrated strategies, not just technological controls:
    • policy - the CSU Information Security Policy obligates us to protect personal information - we need to make sure people who have access to data understand these obligations (e.g., FERPA, HIPPA, Level One and Level Two data)
    • training - we need to provide training to people who have access to data that helps them understand how to apply these obligations to their practical, daily work as they access data
    • peripheral tools - we need to make sure that people who have access to data also have appropriate (secure) methods of transporting and storing data
    • defining what data is needed - we need to build a simple model for defining which job functions have a need to access what data
    • levels of access - since not all jobs require access to all the data elements we store, we need to create practical levels of access that correspond to practical levels of need
    • labeling – a caution and reminder, in text, on all reports that contain confidential information
    • good technology controls - we need to ensure a "wrapper" of good technology controls around the data warehouse, e.g., access request and approval procedures, limited remote access, password aging
    • exception process - we need an exception process for considering and handling those few circumstances that do not fit within the simple, practical models we build