Public Access to University Information
The University will provide convenient and timely access to all public information in accordance with Minnesota's Public Records Law, the Minnesota Government Data Practices Act (MGDPA), Chapter 13 of the Minnesota Statutes. The MGDPA applies to all government data that is "collected, created, received, disseminated or maintained by the University, regardless of physical form, storage media or conditions of use." This includes all University work-related information produced or held on University-owned devices or on employee owned devices such as tablets or smartphones.
The Coordinator of Records and Information Management (RIM) is the Responsible Authority and Data Practices Compliance Official under the MGDPA and is responsible for managing and fulfilling requests for information in accordance with the MGDPA. Wherever possible, the University will direct requesters to existing sources of public information.
Units that receive requests from either the public or subjects of data must send those requests to the RIM Office for review and response.
Individuals who are the subjects of data collected or maintained about them by the University have the right to:
- know what data is kept and how it is classified;
- notification when private or confidential data is collected from them;
- challenge the accuracy or completeness of data about them; and
- have private data secured.
REASON FOR POLICY
The University adheres to the provisions of state and federal privacy and records laws. In so doing, the University:
- Increases the value of University information resources through widespread and appropriate use.
- Prevents the inappropriate and unauthorized disclosure of information and thereby avoids adverse legal consequences.
Providing efficient and effective access allows the University to minimize expenses related to record keeping and document production and maximize the resources devoted to the primary mission of the University.
- The ability to view information, and, when applicable, update or download it. Access is provided to individuals and groups of individuals based on state and federal law and University policy. Access to private or confidential data, and access which permits data updates or downloads requires specific permissions related to job responsibilities.
- Information collected, stored, transferred or reported for any purpose, whether stored electronically or in paper files.
- Data Custodian
- Representatives of the University who are assigned responsibility to serve as a steward of University data in a particular area. They are responsible for developing procedures for creating, maintaining, and using University data, based on University policy and applicable state and federal laws.
- Data Owner
- Individuals, who in the course of carrying out the University's official business, serve as stewards of data in alignment with their function at the institution. This role is responsible for the accuracy of institutional data that they manage.
- Family Educational Rights & Privacy Act
- Federal law (P.L. 93-568, 2) as amended in 1974 (with updates). Specifies rights and responsibilities of students and colleges regarding access to student data.
- Information/Data Classifications
- A determination that establishes the breadth of access to information See Appendix: Examples of Public, Private and Confidential Information.
- Minnesota Government Data Practices Act (MGDPA)
- Legislation governing access to information that is created, received, and maintained by the Minnesota government entities.
- Security Incident
- An intentional or accidental occurrence affecting information or related technology in which there is a loss of data confidentiality or integrity, or a disruption and/or denial of availability.
- Security Measures
- Processes, software and/or hardware used by system and network administrators to assure confidentiality, integrity and availability of computers, networks and data belonging to the University and users of University computer and network resources. Security measures include the ability to review files for potential or actual policy violations and responsibility for investigation of security related issues.
- Security Violations
- Any action that does not comply with system security concepts, policies, processes, procedures or measures.
- University Information
- Information collected, manipulated, stored, reported or presented in any format, on any medium, by any unit of the University.
- General Counsel
- Provide legal advice to University staff and decision makers to ensure compliance with state and federal law, including the proper classification of University Data.
- Records and Information Management Office
- Serves as the responsible authority and data practices compliance official under the MGDPA
- Fulfills requests for public information that cannot be met through existing reports and other materials.
- Assists General Counsel in advising University staff and other decision-makers regarding access to University information.
- Maintains Appendix: Examples of Public, Private and Confidential Information, specifically, the section on what U information is classified as Public or Not Public.
- Board of Regents Policy: Student Education Records
- Administrative Policy: Acceptable Use of Information Technology Resources
- Administrative Policy: Managing University Records and Information
- Administrative Policy: Reporting and Notifying Individuals of Information Security Breaches
- Administrative Policy: Information Security
- University of Minnesota Duluth - Appropriate Use of Information Technology
- Office of the Registrar Policies on Access to Student Records
- Enterprise Access Requests
- Minnesota Government Data Practices Act - MS. 13.01 et. seq.
- Family Educational Rights and Privacy Act - US Statute
- Computer Fraud and Abuse Act, 1986
- Electronic Communications and Privacy Act
- April 2014 - Comprehensive Review, Minor Revision. 1. A new procedure covered the rights of subjects of government data was added. 2. The reason for policy was clarified and the process for making data requests was enhanced. 3. Outdated definitions were removed.
- January 1999