Search and Help

Data Governance Information

On this page:

UH Data Governance Goals

Protect the privacy and security of “Protected Data” (all non-public data; includes Institutional Data and research data)

  • Produce higher quality data for informed decision making
  • Promote efficient use of resources
  • Increase transparency and accountability

Visit Data Governance training to see presentations and slides describing the standards and requirements. Also see the UH Cyber Hygiene Best Practices.

Frequently Asked Questions

What Information can I Collect Using Google Forms?

Google@UH makes it easy to conduct surveys and gather self-reported information through Google Forms. Per the UH Data Governance Intranet, the following guidelines apply.

If you are only collecting non-sensitive data (e.g., name, email address, campus affiliation, and answers to general questions), then it is acceptable to use Google Forms.

UH Information Security advises that it is not secure to store sensitive or regulated data (e.g., DOB, GPA, ethnicity, SSN, etc.) in Google Drive.

It is okay to store public and restricted data in Google Drive. Examples of what is considered public, restricted, sensitive, and regulated data can be found in the table below.

Data Classification Categories (EP 2.2.14)

Category Definition Examples
Public Access is not restricted and is subject to open records requests Student directory information, employee’s business contact info
Restricted¹ Used for UH business only; will not be=distributed to external parties; released externally only under the terms of a written MOA or contract Student contact information, UH ID number
Sensitive¹ Data subject to privacy considerations Date of birth, job applicant records, salary/payroll information, most student information
Regulated¹ Inadvertent disclosure or inappropriate access requires a breach notification by law or is subject to financial fines FN or first initial/LN in combination with SSN, driver license number, or bank information; credit card, HIPAA, or financial aid information

¹: Protected Data.

View more information on the UH Data Governance Intranet.

Public Data (No Risk)

Student Data Examples

  • Name
  • Major field of study
  • Class (i.e., freshman, sophomore, etc.)
  • Past/present participation in officially recognized activities/sports (including positions held and official statistics)
  • Weight/height of athletic team members
  • Dates of attendance
  • Previous institution(s) attended
  • Full or part-time status
  • Degree(s) conferred (including dates)
  • Honors and awards (including dean’s list)

Employee Data Examples

  • Name
  • Compensation (for executive/managerial and faculty only; salary ranges for all other groups)
  • Job title
  • Business address
  • Business phone number
  • UH email address
  • Job description
  • Education/training background
  • Type of appointment
  • Service computation date
  • Job code/occupational group/class code
  • Collective bargaining unit code
  • Department code/description
  • Island of employment
  • Photographs

Non-UH Individual* Data Examples

  • Name
  • Business address
  • Business phone number

Restricted (Low Risk; Protected Data)

Student Data Examples

  • UH email address / UH username
  • Address (street name and number)
  • Personal phone number
  • Emergency contact phone number
  • Non- UH email address
  • UH ID number (may be referred to as Student or Employee ID number)
  • Other identifiers for internal use such as Banner PIDM, ODSPIDM, etc.
  • Photographs
  • Security camera videos

Employee Data Examples

  • UH ID number (may be referred to as Student or Employee ID number)
  • Non- UH email address
  • Other identifiers for internal use such as Banner PIDM, ODSPIDM, etc.
  • Security camera videos

Non-UH Individual Data Examples

  • Email address
  • Security camera videos

Other

  • Administrative/business data used for operational purposes, unless public disclosure is allowed under Chapter 92F-12
  • Research photos

Sensitive (Medium Risk; Protected Data)

Student Data Examples

  • Demographic data (date of birth, gender, ethnicity, etc.)
  • Other education record data that is not considered directory or restricted information, such as grades, course taken, GPA, etc.

Employee Data Examples

  • Date of birth
  • Personal Address
  • Personal phone number
  • Job applicant records (names, transcripts, background checks, etc.)
  • Salary and payroll information
  • Access codes, passwords, and PINs for online information systems
  • Answers to “security questions” (e.g., what is the name of your favorite pet?)
  • Confidential information subject to attorney-client privilege
  • Information made confidential by a collective bargaining agreement

Non-UH Individual Data Examples

  • Home address
  • Personal phone number
  • Demographic data (date of birth, gender, ethnicity, etc.)

Other

  • UH research data involving personal identifiable information

Regulated (High Risk; Protected Data)

Student and Employee Data Examples

  • An individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
    • Social Security Number
    • Driver license number or
    • Hawaiʻi identification card number
    • and Account number, credit or debit card number, access code, or password that would permit access to an individual’s financial account)
  • Credit cards and other financial information subject to Payment Card Industry Data Security Standard (PCIDSS) information and the Gramm-Leach-Bliley Act (GLBA)
  • Individually Identifiable Health Information (IIHI) and Health Insurance Portability and Accountability Act (HIPAA) data
  • Financial aid information included on the Free Application for Federal Student Aid (FAFSA) application (e.g., income, asset, and other financial data, marital and dependency status, household size, etc.) and subject to the Gramm-Leach-Bliley Act (GLBA)

Other

  • Regulatory requirements as defined in contracts such as:
    • NIST SP 800-171 Controlled Unclassified Information (CUI)
    • Cybersecurity Maturity Model Certification (CMMC)
    • Export controlled information