InfoAccess - Appropriate Use

This document describes the Appropriate Use policy for the InfoAccess service.

General terms of use

The InfoAccess Service is a UW-Madison resource that provides individual users access to data and student records  in order to conduct their administrative responsibilities at UW-Madison. These data/records are covered by state and federal laws and UW-Madison policies, namely 1) Family Educational Rights & Privacy Act of 1974, 2) Health Insurance Portability and Accountability Act of 1996, and 3) University Policies regarding the use of IT resources. Therefore, each user needs to be vigilant regarding the handling and use of data obtained through the InfoAccess Data Warehouse.

Each individual will be held responsible for any security breach traceable to their assigned logon.  Users will also be held liable for any willful misuse or deliberate system damage traceable to their logon. Violation of State & Federal Laws, or University policies governing responsible use of data warehouse resources, may result in loss of access privileges, University disciplinary action, and/or criminal prosecution.

Specific requirements for appropriate use

InfoAccess data warehouse users are required to adhere to the following appropriate use requirements:

  1. Data warehouse users are responsible for understanding the data and using it responsibly within the recommendations set forth by the data custodians.
  2. Data warehouse users must restrict the use of data warehouse information to the purposes directly related to fulfillment of their responsibilities.  This means there should be no sharing of the information with others who are not authorized.  It also means there should not be any casual browsing or access of information that does not pertain to their job duties.
  3. Data warehouse users shall password-protect access to data warehouse information at all times and shall not share the password.  Users will be required to employ passwords meeting or exceeding standards set forth by campus password policy.
  4. Data warehouse users should not store data warehouse information on any type of portable device or on any home computing equipment.
  5. Data warehouse users are responsible for any unauthorized access to or from their computer account and improper disclosure of data warehouse information.
  6. Data warehouse users should immediately report any suspected or actual compromise of data warehouse information to the CIO security office.  Immediate steps shall be undertaken by the University to contain the compromise, determine the extent of the compromise, and maintain the environment in an unaltered state for purposes of further investigation.
  7. Any violation of these rules may subject data warehouse users to disciplinary proceedings.

Appropriate use in special circumstances

InfoAccess User Privacy Statement

UW-Madison respects the legitimate privacy interests of InfoAccess data usage within appropriate limits for educational, ethical and legal reasons, subject to the following:

  1. InfoAccess Administrators routinely monitor the volume of InfoAccess traffic for system management purposes.
  2. Usage may also be subject to security testing and monitoring
  3. If the University receives a credible report that there has been a violation of the “Terms of Use”, or in the course of managing the service, discovers evidence of a violation, then the matter will be referred for investigation, University disciplinary action, and/or criminal prosecution.