Office of the Chief Information Officer
320 Baker Systems Engineering
1971 Neil Avenue
Columbus, OH 43210
Phone: (614) 292-6553
Fax: (614) 688-4226

Policy Development Process | Deployment and Use of Wireless Data Networks | Interim Policy on Disclosure or Exposure of Personal Information | Policy on Institutional Data | Payment for Employee Home and Off-Campus Internet Access | Responsible Use of University Computing and Network Resources | Retention of Electronic Records | Web Policy and Guidelines

Information Technology Policy and Services

Policy on Institutional Data

October 18, 2007

I. Glossary

Applications - electronic database, system or software (either off the shelf or custom developed), spreadsheet, document, etc.

Business Partner - individual, entity, company, vendor or affiliate that interacts with the University in the course of completing University business and with whom University information may need to be shared

Data Steward - university officials who have direct operational-level responsibility for information management

Family Educational Rights and Protection Act (FERPA) - federal law designed to protect the privacy rights and accuracy of student education records. FERPA applies to all institutions that receive federal aid. Education records are broadly defined as any information that is maintained about a student that contains personally identifiable information. Violations of FERPA can occur if student information is revealed without the person’s permission or if the person is denied access to the information.

Media - objects on which data can be stored. These include hard disks, floppy disks, CD-ROMs, tapes, thumb drives, paper, electronic mail, etc.

Non-University Owned or Operated Equipment - equipment, including portable storage devices, which have been purchased without using any source of monies from The Ohio State University, including but not limited to general funds, sponsored project funds, earnings funds, endowment funds, etc.

Portable Storage Devices - equipment or objects on which data can be stored. These include laptop computers, PDA, CD-ROMs, tapes, cassettes, case logs, note cards, thumb drives, etc.

Primary Identifier - the main source by which a person or thing can be uniquely identified such as name, identification number, etc.

Primary Key - in database management, a key is a field that can be used to sort data. Most database management systems allow for more than one key so records can be sorted in different ways. One of the keys is designated a primary key and must hold a unique value for each record.

Processes - particular methods of doing something, generally involving a number of steps or operations

Protection Methodology - a method by which information is guarded from visibility and limits access to those individuals who have a specific need to know that information. Protection methodologies may be technical or non-technical. Technical methodologies may include firewalls, data encryption, password protection, etc. Non-technical methodologies include controlling the physical environment such as locked offices and file cabinets. In some instances, the information may require more than one protection methodology.

Public Records Request - the act of submitting a request for access to public records under the Public Record Act

Public Records Act - refers to section 149.43 of the Ohio Revised Code, which requires release of public records kept by a public office, including, public universities. Public records are defined in section 149.43 of the Ohio Revised Code as A "record" is any item that: 1) contains information stored on a fixed medium (such as paper, computer, film, etc.); 2) is created, received, or sent under the jurisdiction of a public office; and 3) documents the organization, functions, policies, decisions, procedures, operations or other activities of the office.

Redaction - to edit, hide or remove information

Systems - a collection of applications, processes and/or procedures

University Community Members - any individual or entity that interacts, represents or is a member of the University. Examples include faculty, staff, students, consultants, contractors, guests, affiliates, alumni, donors, retirees, vendors, etc. This includes users (individuals or agencies) who have been given written permission to access data, regardless of the method of access (e.g., online, query, report, file, etc.).

II. Related Policies and Resources

A. Links to Related University Policies:

Interim Policy on Disclosure or Exposure of Personal Information
Policy on Responsible Use of University Computing and Network Resources
Whistleblower policy 1.40 - www.ohr.ohio-state.edu/policy/index.aspx
Health Insurance Privacy policy 2.15 - www.ohr.ohio-state.edu/policy/index.aspx

B. Links to Other Related Information:

1. Family Education Rights and Privacy Act (FERPA):

2. Health Insurance Portability and Accountability Act of 1996 (HIPAA)

3. Ohio Public Records:

The Ohio Public Records Statute is codified in Ohio Revised Code 149.43, and can be found on line through Anderson's Ohio Online Documents at: onlinedocs.andersonpublishing.com/oh/lpExt.dll?f=templates&fn=main-h.htm&cp=PORC
The Office of the Ohio Attorney General publishes a handbook entitled "Ohio Sunshine Laws Update," which can be found on the Attorney General's website at: www.ag.state.oh.us/legal/pubs/2005_sunshine_law_book.pdf
The Ohio State Universities Office of Legal Affairs maintains a web page on Public Records Requests which can be found at: legal.osu.edu/publicrecords.php
Ohio Public Records Law Workshops hosted by Organization and Human Resource Consulting:

"Public Universities, Private Lives", Supervisor Training to Enhance Performance (STEP)
"Understanding Public Records", Academic Leader Development and Seminars

4. Ohio Personal Information Disclosure

House Bill 104 Final Analysis

return to top