Data Governance Information


UH Data Governance Goals

Protect the privacy and security of “Protected Data” (all non-public data; includes Institutional Data and research data)

  • Produce higher quality data for informed decision making
  • Promote efficient use of resources
  • Increase transparency and accountability

View slides from the Fall 2019 Data Governance and Information Security Roadshow

Watch a Video of the Fall 2019 Data Governance and Information Security Roadshow

Frequently Asked Questions

What Information can I Collect Using Google Forms?

Google@UH makes it easy to conduct surveys and gather self-reported information through Google Forms. Per the UH Data Governance Intranet, the following guidelines apply.

If you are only collecting non-sensitive data (e.g., name, email address, campus affiliation, and answers to general questions), then it is acceptable to use Google Forms.

UH Information Security advises that it is not secure to store sensitive or regulated data (e.g., DOB, GPA, ethnicity, SSN, etc.) in Google Drive. The reasons are that with Google Drive, data can be easily mis-shared (resulting in a data exposure), and there is no mechanism for UH ITS to audit/trace the information.

It is okay to store public and restricted data in Google Drive. Examples of what is considered public, restricted, sensitive, and regulated data can be found in the table below.

Data Classification Categories (EP 2.2.14)

Category Definition Examples
Public Access is not restricted and is subject to open records requests Student directory information, employee’s business contact info
Restricted1 Used for UH business only; will not be=distributed to external parties; released externally only under the terms of a written MOA or contract Student contact information, UH ID number
Sensitive1 Data subject to privacy considerations Date of birth, job applicant records, salary/payroll information, most student information
Regulated1 Inadvertent disclosure or inappropriate access requires a breach notification by law or is subject to financial fines FN or first initial/LN in combination with SSN, driver license number, or bank information; credit card, HIPAA, or financial aid information

Examples of Data / Information by Category

Public

Student Data

  • Name
  • Major field of study
  • Class (i.e., freshman, sophomore, etc.)

Employee Data

  • Name
  • Job title, description
  • Business address, phone number
  • Education and training background
  • Previous work experience
  • Dates of first and last employment
  • Position number, type of appointment, service computation date, occupational group or class code, bargaining unit code

Restricted

Student Data

  • UH email address/username
  • Address (street name and number)
  • Personal phone number

Student and Employee Data

  • UH ID number
  • Banner PIDM
  • ODS PIDM

Sensitive

Student Data

  • Gender
  • Ethnicity
  • Grades
  • Courses taken
  • GPA

Employee Data

  • Address (street name and number)
  • Personal phone number

Student and Employee Data

  • Date of birth
  • Non-UH email address
  • Job applicant records (names, transcripts, etc.)
  • Salary and payroll information

Regulated

FN and first initial and LN with the following:

  • Social Security Number
  • Driver's license
  • Hawai‘i ID card number
  • Financial account info, credit / debit card numbers, etc.

Business/Financial Data

  • Payment Card Industry Data Security Standard (PCI-DSS) information

Protected Health Information (PHI)

  • Health status
  • Healthcare treatment
  • Healthcare payment

Financial Aid Data

  • FAFSA data

  1. Protected Data ↩︎ ↩︎ ↩︎