Data handling procedures overview

Introduction

This collection of data handling procedures articles for the College community was created to assist Mount Holyoke employees to securely and effectively manage information in their daily administrative, teaching, and research activities. It applies to Mount Holyoke College employees (faculty, staff, student employees) and other individuals (e.g., affiliates, vendors, independent contractors, etc.) in their handling of College data assets. This covers information and records in any form (paper, digital text, image, audio, video, microfilm, etc.) during the course of conducting College work.

Determining how to protect and handle College records and other information assets depends on the classification of those data. Classification is necessary to understand which practices are needed to protect different types of information. The more protected the information needs to be, the more restrictive the handling procedures are and the more important is adherence to the procedures guidance.

Data classifications

Mount Holyoke’s data classification policy defines the four classifications the College uses to categorize the administrative information and data assets of the College:

•  Restricted data  - Information assets protected by state or federal law, contractual agreements and proprietary information whose loss, corruption, or unauthorized disclosure can cause severe personal, financial or reputational harm to the College, College employees, or the people we serve.

•  Confidential data  - Information assets protected by state or federal law, contractual agreements and proprietary information whose loss, corruption, or unauthorized disclosure can cause serious personal, financial or reputational harm to the College, College employees, or the people we serve.

•  Internal data  - Information assets whose loss, corruption, or unauthorized disclosure would not seriously impair business functions but are otherwise private within the College. 

•  Public data   - Information assets intended for general use and whose loss, corruption, or unauthorized disclosure (general or to individuals beyond the College) would not impair College business functions.

Review the procedures

• Data handling procedures: Collecting data (MHC login required)
• Data handling procedures: Storing and securing data (MHC login required)
• Data handling procedures: Sharing and accessing data (MHC login required)
• Data handling procedures: Disposing and destroying data (MHC login required)

Scope and limitations of these procedures

These data handling procedures outline both essential and recommended data handling procedures based on the classification of the information being handled.  It attempts to cover most situations for administrative information and data assets of the College.  However, it is not all-inclusive and is not intended to represent all protections that may be necessary for each situation.  This document also is not meant to cover the academic assets of the college whether teaching, learning or research-related.

The overall structure of the data handling procedures focuses on the act of collecting, storing, sharing, and destroying college data assets.  Within each of these actions, general principles and guidance are followed by additional technology- and tool-specific guidance and recommendations..   

Need guidance?

When in doubt about what is allowable or best practice, if you do not find an answer in the data handling procedures documents, ask the Technology Help Desk for technical questions or the appropriate Data Steward (see below) for content, business process, or policy questions. In the event of a potential or suspected breach or compromise of, or unauthorized/unexplained access to Restricted or Confidential data, contact the Security Incident Response Team at sirt@mtholyoke.edu.

Here’s a list of the most frequently-needed Data Stewards for commonly-shared administrative data assets.  These folks may be able to answer your questions or refer it as appropriate to the Data Steward of the system of record for the information you are inquiring about.