Fillable Guidelines for Protecting Data Sensitivity (GPDS) (San Diego Miramar College)

Fill Online, Printable, Fillable, Blank Guidelines for Protecting Data Sensitivity (GPDS) (San Diego Miramar College) Form

Use Fill to complete blank online SAN DIEGO MIRAMAR COLLEGE pdf forms for free. Once completed you can sign your fillable form or send for signing. All forms are printable and downloadable.

Guidelines for Protecting Data Sensitivity (GPDS) (San Diego Miramar College)

On average this form takes 1 minutes to complete

The Guidelines for Protecting Data Sensitivity (GPDS) (San Diego Miramar College) form is 1 page long and contains:

  • 0 signatures
  • 0 check-boxes
  • 5 other fields

Country of origin: US
File type: PDF

U.S.A. forms for San Diego Miramar College

BROWSE SAN DIEGO MIRAMAR COLLEGE FORMS

Related forms
Fill has a huge library of thousands of forms all set up to be filled in easily and signed.
Fill in your chosen form
Sign the form using our drawing tool
Send to someone else to fill in and sign.
find another form
 
Guidelines for Protecting Data Sensitivity (GPDS)
Original Approved: 11/2/10. Updated on 5/9/16 Pg. 1
Introduction
San Diego Miramar College encourages research on education issues and believes that information should be transparent
and available to students, faculty, staff, and the general public. At the same time, the College upholds these guidelines on
the access, security, use, and dissemination of sensitive data in order to assure the integrity of research and protect the
rights and privacy of personnel and students. The Guidelines for Protecting Data Sensitivity (GPDS) reinforces the exercise
of sound judgment and the professionalism of data stewards.
Four principles of data sensitivity were identified including: Data Access, Data Security, Use of Data, and Dissemination of
Data. Each principle is discussed relative to three levels of data sensitivity: Level I, Level II, and Level III.
Terms and Definitions
The following terms and definitions are provided in order to establish a shared understanding of the underlying concepts
concerning data sensitivity.
Data Sensitivity: The extent to which data should be protected, based on the nature and content of the data
Level I: Public information which is highly aggregated, or broadly categorized, such as enrollment
figures, transfer rates, or any other institution-wide data available at www.sdccd.edu.
Level II: General request for research reports, survey data, and data that are disaggregated, or
broken out by categories, to some extent, such as success rates or student progress at the
program level.
Level III: Special request for research reports and sensitive information that is highly disaggregated,
such as student contact information, data at the Course Reference Number (CRN) level, student
records, and all personally identifiable information.
Data Specificity: A continuum along which data may be generalized to broad groups or specified to smaller units.
Aggregated Data: Data expressed as total summaries that encompass multiple groups or units within broad categories,
i.e., Level I data
Disaggregated Data: Data that are broken out by categories or units (i.e. Level II data or Level III data). If
the unit of division is individual students, staff, or faculty members such that the information is
personally identifiable.
Data Steward: Any individual who uses, handles, or manages data and is thus responsible for ensuring the
security and integrity of the data.
Family Educational Rights Privacy Act (FERPA
): A Federal law that prohibits the release of student records (verbally, in
writing, or by any other means) without the written consent of the student or a court order or a lawfully
issued subpoena, unless there is a specific statutory authorization or a legitimate educational interest or
need to know, a need to know as part of fulfilling their job duties, or an emergency
(
http://www.ed.gov/legislation/FedRegister/finrule/2008- 4/120908a.pdf).
Internet: A world-wide network of computer networks.
Intranet: An internal, private network that can only be accessed within the confines of an enterprise, e.g., the
Miramar College “G” drive.
Need-to-know: Necessary for reasonable operation, strategic planning, and the accomplishment of one’s
expected and stated job duties, while serving a legitimate educational interest.
RRF: Miramar College Research Request Form.
Guidelines for Protecting Data Sensitivity
Statement of Responsibility
I, , have read the Guidelines for Protecting Data Sensitivity (GPDS), pages 1 and 2
of this document, in its entirety. I accept the responsibility of protecting the security of data to which I am granted access. I hereby
agree to comply with all of the principles, instructions, and regulations related to data access, confidentiality and security, use, and
dissemination that are set forth in this document.
[Signature] [Date]
[Signature] [Date]
Guidelines for Protecting Data Sensitivity (GPDS)
Original Approved: 11/2/10. Updated on 5/9/16 Pg. 2
Data Access
Data Security
Use of Data
Data Dissemination
LEVEL I: In order to provide access to all, these data are posted
on the San Diego Community College District (SDCCD) web site
(research.sdccd.edu). Select data will also be available on the
San Diego Miramar College Institutional Research website
(http://www.sdmiramar.edu/institution/research). If a requestor of
research would like access to Level I data that are not already
available, the requestor should complete a Research Request
Form (RRF) and follow the RRF protocol delineated in the section
below under Level II data.
LEVEL II: Individuals must complete an Research Request Form
(RRF) available at the Miramar College Institutional Research
website. RRFs will be processed upon the signed approval by
the requestor’s supervisors or Department Chairs and School
Deans. Supervisors or Department Chairs and School Deans are
responsible for ensuring that data are being requested on a
legitimate need-to-know basis. Requestors who are new to the
process may meet with the Miramar College Research and
Planning Analyst. Although the requestor may specify a project
timeline, RRFs are prioritized based on the Miramar College
College-Wide Research Agenda. External requests, such as
those from the press, community, or outside agencies, are to be
routed through the Miramar College Office of Planning, Research,
& Institutional Effectiveness for appropriate processing.
LEVEL III: Access will be granted on a need-to-know basis.
Individuals who wish to gain access are required to read, print,
and sign the GPDS Statement of Responsibility. Individuals who
are granted access to Level III data shall be ethically bound to the
GPDS. In the event that the data requested are not deemed
“need-to-know”, the data request shall be fulfilled at a more
aggregated and appropriate level of data sensitivity.
LEVEL I, II: Data reports will be available in PDF format only
in order to protect data integrity.
LEVEL II: All data will be stored on a secure server.
Proprietary data will be stored on the Miramar College “G”
drive.
LEVEL III: Access shall be password protected. Passwords
will be given to individuals on a need-to-know basis. Data
Stewards shall take all precautions necessary to prevent
disclosure of highly sensitive data to individuals who have not
been granted access. Individuals who have not been granted
access shall under no circumstances seek to procure, view,
or share sensitive data. Failure to comply with these
precautions and restrictions shall meet with serious
consequences, as per
FERPA.
Data Stewards should take care to:
1) Protect the confidentiality of usernames and passwords.
2) Log off or sign out after visiting a password protected
Intranet or Internet site.
3) Avoid creating databases or applications that use Social
Security Numbers as identifiers.
4) Never send un-encrypted sensitive data via email.
5) Protect printed sensitive data by storing in locked desk,
drawer, or cabinet and never leave unattended on desk,
copier, FAX, or printer.
6) Dispose of sensitive data by shredding or returning to the
Research and Planning Analyst.
7) Physically protect devices that can be easily moved, such
as PDAs, laptops, and portable storage devices (e.g.,
memory sticks).
LEVELS I, II, and III: Data will
be:
1) Fairly and lawfully processed.
2) Processed for purposes
specified in RFF.
3) Accurate and relevant.
4) Handled with utmost concern
for data security. All aspects of
research, including formulation
of the research question,
sample selection, choice of
variables, and methodology,
should be carefully thought out
and planned by Data Stewards
(users) with the assistance of
the Research and Planning
Analyst.
LEVEL III: Highly sensitive data
should always be used on a
need-to-know basis. These data
should never be used for
commercial, private, personal,
or political purposes.
LEVELS I and II: The
Research and Planning
Analyst shall disseminate data
as deemed appropriate to
requestors who follow the
protocol for submitting an
RRF. Proprietary data shall be
disseminated only with
permission. Individuals are
obligated to respect all
copyright laws and give
appropriate credit.
Reproductions of data reports
should have all original titles,
footnotes, and supplemental
information intact and
unaltered.
LEVEL III: Highly sensitive
data will be disseminated by
the Research and Planning
Analyst on a need-to-know
basis only to requestors who
print and sign the GPDS
Statement of Responsibility.
All Level III data that are
disseminated by the Research
and Planning Analyst will be
considered confidential and
issues related to confidentiality
will be discussed with
requestors. Reproductions and
unauthorized dissemination of
Level III data are prohibited.
Original Approved: 11/2/10; Updated: 5/9/16 Pg.1
Guidelines for Protecting Data Sensitivity (GPDS)
Frequently Asked Questions (FAQs)
Q1. What is the purpose of the GPDS?
San Diego Miramar College encourages research on education issues and believes that information
should be transparent and available to students, faculty, staff, and the general public. At the same
time, the College upholds these guidelines on the access, security, use, and dissemination of sensitive
data in order to assure the integrity of research and protect the rights and privacy of personnel and
students. The GPDS reinforces the exercise of sound judgment and the professionalism of data
stewards.
Q2. What determines the “need-to-know”?
The research question determines the “need-to-know.”
A research question generally is a problem to be solved, decision to be made, or knowledge to be
gained through the gathering, analysis, and consideration of information.
A good research question guides the process of seeking information to contribute to knowledge
and/or practice.
If a requestor has a research question that can only
be answered with Level III data and
the requested data are necessary for
- reasonable operation,
- strategic planning,
- the accomplishment of the requestor’s expected and stated job duties, and/or
- serving a legitimate educational interest, then there is a need-to-know. Examples include, but
are not limited to, schedule development, Program Review, and data-driven decision-making by
School Deans or Department Chairs.
Q3. Where do I consult when I am not sure about the level of confidentiality or sensitivity
associated with a research request?
You may contact the San Diego Miramar College Research and Planning Analyst, Xi Zhang, at
(619) 388-7333 or email at
xzhang@sdccd.edu.
Q4. What are the requirements to obtain research data?
There is a “need-to-know”.
The Research and Planning Analyst requires a minimum of two to six weeks for general research
questions.
Complete and sign a Research Request Form (RRF). Contact Miramar College’s Research and
Planning Analyst, as needed.
Check the San Diego Miramar College Institutional Research website for existing research
reports at http://www.sdmiramar.edu/institution/research to avoid duplication of requests.
Obtain your manager’s signature.
Q5. What is the meaning of aggregated/disaggregated data?
Data specificity is on a continuum with extremes of aggregated data on one end and disaggregated
data on the other. The following example illustrates this principle of data specificity:
Aggregate data in the extreme would be data such as an institution-wide success rate (Level I).
This institution-wide success rate can be disaggregated, or broken out, at the school and program
level to yield success rates by school and program (Level II).
If we disaggregate further and break it out by CRN, we would be able to see the success rate for
a single professor’s class (Level III).
Original Approved: 11/2/10; Updated: 5/9/16 Pg.2
We may disaggregate even further and determine the success rates for individual students (Level
III).
While aggregate data in the extreme would include data such as institution-wide figures,
disaggregated data in its extreme would comprise any data that are personally identifiable to
individual personnel or students. Rarely do research questions necessitate personally identifiable
information; most research questions can be answered with Level I or Level II data.
Q6. Can I access Level I data generated for others?
YES. The Miramar College Office of Institutional Research and Planning keeps copies of all reports
it produces. Your access is dependent upon your need-to-know.
Q7. Where can I access existing research and information stored online?
Visit Miramar College Institutional Research website (http://www.sdmiramar.edu/institution/research)
Visit the District’s Institutional Research and Planning website (http://research.sdccd.edu/)
Q8. If my school, department, program, unit, or discipline generates and maintains Level III data,
does GDPS apply to all these data?
YES. Good research practices dictate ethical and professional behavior. All sources of Level III data
demand adherence to existing GPDS policy. Although all data (including data used for SLO
assessment) are not generated or maintained by Miramar College’s Office of Planning, Research, &
Institutional Effectiveness, GPDS guides the access, security, use, and dissemination of all levels of
data including sensitive data throughout the college.
Q9. What are the consequences for unauthorized dissemination of Level III data?
Failure to comply with these precautions and restrictions shall meet with serious consequences, as
per Family Educational Rights and Privacy Act (FERPA). Individuals receiving Level III data from the
Miramar College Office of Planning, Research, & Institutional Effectiveness must comply with the
GPDS policy. Standards of good judgment and professionalism are required when working with
highly disaggregated information. Existing District disciplinary procedures will be enforced when
inappropriate dissemination of Level III data occurs.
Q10. May Level III data be shared with my colleagues?
NO. Unauthorized reproductions and dissemination of Level III data are prohibited. Please see
GPDS for additional dissemination guidelines.
Q11. How does GPDS differ from the District Institutional Review Board (IRB)?
Requests for data from the Miramar College Office of Planning, Research, & Institutional
Effectiveness are under the auspices of the GPDS. External research requests involving Miramar
students or personnel as human subjects must be reviewed and approved by the SDCCD
Institutional Review Board (IRB).
Q12. What is the process for requesting research?
A Research Request Form (RRF) should be completed and forwarded to Miramar College’s
Research and Planning Analyst, Xi Zhang, at (619) 388-7333 or email at
xzhang@sdccd.edu.
Download
Save PDF to desktop
Email
Email completed PDF
Send for Signing
Email for others to sign
Print
Print document
Choose a Field
Click on a field and
select the person that should complete it
Want to add a signature?
You can add a signature field
and assign it to someone else
to sign
Choose a Field
Click on a field and
select the person that should complete it

Guidelines for Protecting Data Sensitivity (GPDS) (San Diego Miramar College)

This document is locked as it has been sent for signing.

You have successfully completed this document.

Other parties need to complete fields in the document. You will recieve an email notification when the document has been completed by all parties.

This document has been signed by all parties.

Completed 2 February 2021

Message

View Audit Log
Print With Audit Log
Duplicate Document