Data Governance Information
On this page:
UH Data Governance Goals
Protect the privacy and security of “Protected Data” (all non-public data; includes Institutional Data and research data)
- Produce higher quality data for informed decision making
- Promote efficient use of resources
- Increase transparency and accountability
Visit Data Governance training to see presentations and slides describing the standards and requirements. Also see the UH Cyber Hygiene Best Practices.
Frequently Asked Questions
What Information can I Collect Using Google Forms?
Google@UH makes it easy to conduct surveys and gather self-reported information through Google Forms. Per the UH Data Governance Intranet, the following guidelines apply.
If you are only collecting non-sensitive data (e.g., name, email address, campus affiliation, and answers to general questions), then it is acceptable to use Google Forms.
UH Information Security advises that it is not secure to store sensitive or regulated data (e.g., DOB, GPA, ethnicity, SSN, etc.) in Google Drive. The reasons are that with Google Drive, data can be easily mis-shared (resulting in a data exposure), and there is no mechanism for UH ITS to audit/trace the information.
It is okay to store public and restricted data in Google Drive. Examples of what is considered public, restricted, sensitive, and regulated data can be found in the table below.
Data Classification Categories (EP 2.2.14)
Category | Definition | Examples |
---|---|---|
Public | Access is not restricted and is subject to open records requests | Student directory information, employee’s business contact info |
Restricted1 | Used for UH business only; will not be=distributed to external parties; released externally only under the terms of a written MOA or contract | Student contact information, UH ID number |
Sensitive1 | Data subject to privacy considerations | Date of birth, job applicant records, salary/payroll information, most student information |
Regulated1 | Inadvertent disclosure or inappropriate access requires a breach notification by law or is subject to financial fines | FN or first initial/LN in combination with SSN, driver license number, or bank information; credit card, HIPAA, or financial aid information |
Examples of Data / Information by Category
Public
Student Data
- Name
- Major field of study
- Class (i.e., freshman, sophomore, etc.)
Employee Data
- Name
- Job title, description
- Business address, phone number
- Education and training background
- Previous work experience
- Dates of first and last employment
- Position number, type of appointment, service computation date, occupational group or class code, bargaining unit code
Restricted
Student Data
- UH email address/username
- Address (street name and number)
- Personal phone number
Student and Employee Data
- UH ID number
- Banner PIDM
- ODS PIDM
Sensitive
Student Data
- Gender
- Ethnicity
- Grades
- Courses taken
- GPA
Employee Data
- Address (street name and number)
- Personal phone number
Student and Employee Data
- Date of birth
- Non-UH email address
- Job applicant records (names, transcripts, etc.)
- Salary and payroll information
Regulated
FN and first initial and LN with the following:
- Social Security Number
- Driver's license
- Hawai‘i ID card number
- Financial account info, credit / debit card numbers, etc.
Business/Financial Data
- Payment Card Industry Data Security Standard (PCI-DSS) information
Protected Health Information (PHI)
- Health status
- Healthcare treatment
- Healthcare payment
Financial Aid Data
- FAFSA data
Public Data | Protected Data | ||
---|---|---|---|
Public (No Risk) | Restricted (Low Risk) | Sensitive (Medium Risk) | Regulated (High Risk) |
Student Data Examples
|
Student Data Examples
|
Student Data Examples
|
Student and Employee Data Examples
|