Connecting Learning, Life and Aloha
‘O ka ‘imi na‘auao, ke ola a me ke aloha kā kākou e huliāmahi ai

Search and Help

Data Governance Information

On this page:

UH Data Governance Goals

Protect the privacy and security of “Protected Data” (all non-public data; includes Institutional Data and research data)

  • Produce higher quality data for informed decision making
  • Promote efficient use of resources
  • Increase transparency and accountability

Visit Data Governance training to see presentations and slides describing the standards and requirements. Also see the UH Cyber Hygiene Best Practices.

Frequently Asked Questions

What Information can I Collect Using Google Forms?

Google@UH makes it easy to conduct surveys and gather self-reported information through Google Forms. Per the UH Data Governance Intranet, the following guidelines apply.

If you are only collecting non-sensitive data (e.g., name, email address, campus affiliation, and answers to general questions), then it is acceptable to use Google Forms.

UH Information Security advises that it is not secure to store sensitive or regulated data (e.g., DOB, GPA, ethnicity, SSN, etc.) in Google Drive. The reasons are that with Google Drive, data can be easily mis-shared (resulting in a data exposure), and there is no mechanism for UH ITS to audit/trace the information.

It is okay to store public and restricted data in Google Drive. Examples of what is considered public, restricted, sensitive, and regulated data can be found in the table below.

Data Classification Categories (EP 2.2.14)

Category Definition Examples
Public Access is not restricted and is subject to open records requests Student directory information, employee’s business contact info
Restricted1 Used for UH business only; will not be=distributed to external parties; released externally only under the terms of a written MOA or contract Student contact information, UH ID number
Sensitive1 Data subject to privacy considerations Date of birth, job applicant records, salary/payroll information, most student information
Regulated1 Inadvertent disclosure or inappropriate access requires a breach notification by law or is subject to financial fines FN or first initial/LN in combination with SSN, driver license number, or bank information; credit card, HIPAA, or financial aid information

Examples of Data / Information by Category

Public

Student Data

  • Name
  • Major field of study
  • Class (i.e., freshman, sophomore, etc.)

Employee Data

  • Name
  • Job title, description
  • Business address, phone number
  • Education and training background
  • Previous work experience
  • Dates of first and last employment
  • Position number, type of appointment, service computation date, occupational group or class code, bargaining unit code

Restricted

Student Data

  • UH email address/username
  • Address (street name and number)
  • Personal phone number

Student and Employee Data

  • UH ID number
  • Banner PIDM
  • ODS PIDM

Sensitive

Student Data

  • Gender
  • Ethnicity
  • Grades
  • Courses taken
  • GPA

Employee Data

  • Address (street name and number)
  • Personal phone number

Student and Employee Data

  • Date of birth
  • Non-UH email address
  • Job applicant records (names, transcripts, etc.)
  • Salary and payroll information

Regulated

FN and first initial and LN with the following:

  • Social Security Number
  • Driver's license
  • Hawai‘i ID card number
  • Financial account info, credit / debit card numbers, etc.

Business/Financial Data

  • Payment Card Industry Data Security Standard (PCI-DSS) information

Protected Health Information (PHI)

  • Health status
  • Healthcare treatment
  • Healthcare payment

Financial Aid Data

  • FAFSA data
Public Data Protected Data
Public (No Risk) Restricted (Low Risk) Sensitive (Medium Risk) Regulated (High Risk)
Student Data Examples
  • Name
  • Major field of study
  • Class (i.e., freshman, sophomore, etc.)
  • Past/present participation in officially recognized activities/sports (including positions held and official statistics)
  • Weight/height of athletic team members
  • Dates of attendance
  • Previous institution(s) attended
  • Full or part-time status
  • Degree(s) conferred (including dates)
  • Honors and awards (including dean’s list)
Employee Data Examples
  • Name
  • Compensation (for executive/managerial and faculty only; salary ranges for all other groups)
  • Job title
  • Business address
  • Business phone number
  • UH email address
  • Job description
  • Education/training background
  • Type of appointment
  • Service computation date
  • Job code/occupational group/class code
  • Collective bargaining unit code
  • Department code/description
  • Island of employment
  • Photographs
Non-UH Individual* Data Examples
  • Name
  • Business address
  • Business phone number
 Student Data Examples
  • UH email address / UH username
  • Address (street name and number)
  • Personal phone number
  • Emergency contact phone number
  • Non- UH email address
  • UH ID number (may be referred to as Student or Employee ID number)
  • Other identifiers for internal use such as Banner PIDM, ODS PIDM, etc.
  • Photographs
  • Security camera videos
Employee Data Examples
  • UH ID number (may be referred to as Student or Employee ID number)
  • Non- UH email address
  • Other identifiers for internal use such as Banner PIDM, ODS PIDM, etc.
  • Security camera videos
Non-UH Individual Data Examples
  • Email address
  • Security camera videos
Other
  • Administrative/business data used for operational purposes, unless public disclosure is allowed under Chapter 92F-12
  • Research photos
 Student Data Examples
  • Demographic data (date of birth, gender, ethnicity, etc.)
  • Other education record data that is not considered directory or restricted information, such as grades, course taken, GPA, etc.
Employee Data Examples
  • Date of birth
  • Personal Address
  • Personal phone number
  • Job applicant records (names, transcripts, background checks, etc.)
  • Salary and payroll information
  • Access codes, passwords, and PINs for online information systems
  • Answers to “security questions” (e.g., what is the name of your favorite pet?)
  • Confidential information subject to attorney-client privilege
  • Information made confidential by a collective bargaining agreement
Non-UH Individual Data Examples
  • Home address
  • Personal phone number
  • Demographic data (date of birth, gender, ethnicity, etc.)
Other
  • UH research data involving personal identifiable information
 Student and Employee Data Examples
  • An individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
    • Social Security Number
    • Driver license number or
    • Hawaiʻi identification card number
    • and Account number, credit or debit card number, access code, or password that would permit access to an individual’s financial account)
  • Credit cards and other financial information subject to Payment Card Industry Data Security Standard (PCIDSS) information and the Gramm-Leach-Bliley Act (GLBA)
  • Individually Identifiable Health Information (IIHI) and Health Insurance Portability and Accountability Act (HIPAA) data
  • Financial aid information included on the Free Application for Federal Student Aid (FAFSA) application (e.g., income, asset, and other financial data, marital and dependency status, household size, etc.) and subject to the Gramm-Leach-Bliley Act (GLBA)
Other
  • Regulatory requirements as defined in contracts such as:
    • NIST SP 800-171 Controlled Unclassified Information (CUI)
    • Cybersecurity Maturity Model Certification (CMMC)
    • Export controlled information

  1. Protected Data ↩︎ ↩︎ ↩︎