This document describes the Appropriate Use policy for the InfoAccess service.
The InfoAccess Service is a UW-Madison resource that provides individual users access to data and student records in order to conduct their administrative responsibilities at UW-Madison. These data/records are covered by state and federal laws and UW-Madison policies, namely 1) Family Educational Rights & Privacy Act of 1974, 2) Health Insurance Portability and Accountability Act of 1996, and 3) University Policies regarding the use of IT resources. Therefore, each user needs to be vigilant regarding the handling and use of data obtained through the InfoAccess Data Warehouse.
Each individual will be held responsible for any security breach traceable to their assigned logon. Users will also be held liable for any willful misuse or deliberate system damage traceable to their logon. Violation of State & Federal Laws, or University policies governing responsible use of data warehouse resources, may result in loss of access privileges, University disciplinary action, and/or criminal prosecution.
Specific requirements for appropriate use
InfoAccess data warehouse users are required to adhere to the following appropriate use requirements:
- Data warehouse users are responsible for understanding the data and using it responsibly within the recommendations set forth by the data custodians.
- Data warehouse users must restrict the use of data warehouse information to the purposes directly related to fulfillment of their responsibilities. This means there should be no sharing of the information with others who are not authorized. It also means there should not be any casual browsing or access of information that does not pertain to their job duties.
- Data warehouse users shall password-protect access to data warehouse information at all times and shall not share the password. Users will be required to employ passwords meeting or exceeding standards set forth by campus password policy.
- Data warehouse users should not store data warehouse information on any type of portable device or on any home computing equipment.
- Data warehouse users are responsible for any unauthorized access to or from their computer account and improper disclosure of data warehouse information.
- Data warehouse users should immediately report any suspected or actual compromise of data warehouse information to the CIO security office. Immediate steps shall be undertaken by the University to contain the compromise, determine the extent of the compromise, and maintain the environment in an unaltered state for purposes of further investigation.
- Any violation of these rules may subject data warehouse users to disciplinary proceedings.
Appropriate use in special circumstances
Researchers: Researchers should not use their InfoAccess data warehouse authorization to obtain student information for their own or or anyone else’s research. Release of student records for research purposes generally requires student consent and should only be obtained from the Registrar’s Office in conjunction with an approved Institutional Review Board (IRB) protocol. The Human Research Protection Program site will help offer more information.
Employees with dual roles: Employees who hold an administrative position AND another role (typically research or instruction), need to be particularly careful to use the InfoAccess data warehouse access only for authorized administrative responsibilities. For example, advisors who are also course instructors should not use their data warehouse access (granted for the advising role) to obtain information about students who are enrolled in their courses.
Releasing student records to others: Access to the InfoAccess data warehouse is for conducting individual responsibilities related to UW-Madison administrative activities. Users who are asked to use their InfoAccess authorization to provide individual student records to someone else (including other employees), should refer the requester to the Registrar’s Office.
Use and disclosure of racial/ethnic information: The application for admission to UW-Madison includes the following statement for students “The U.S. Department of Education requires the University to report the number of students in various racial/ethnic categories. Your cooperation in furnishing accurate information will be appreciated. Racial/ethnic heritage information will be treated as confidential and should not appear on academic records, grade reports, class lists or transcripts. Individual student race/ethnic information will be released only with the student’s consent or as otherwise required or permitted by law.” Users of the InfoAccess data warehouse should abide by this statement when they are accessing student racial and ethnic information.
InfoAccess User Privacy Statement
UW-Madison respects the legitimate privacy interests of InfoAccess data usage within appropriate limits for educational, ethical and legal reasons, subject to the following:
- InfoAccess Administrators routinely monitor the volume of InfoAccess traffic for system management purposes.
- Usage may also be subject to security testing and monitoring