Duke University collects or generates data in support of our mission and academic or business purposes, and individuals entrust us with their personal and confidential information. We balance the free exchange of information within the Duke community to enable informed decision-making and elevate the value of data with the need to protect sensitive information, consistent with laws, regulations, and policy.
Purpose
The purpose of this document is to define Duke’s expectations pertaining to decisions about how personal or confidential institutional data may be accessed and used and serve as a central starting point for users wishing to utilize institutional data. This supplements Duke’s Statement on Data Governance and Protection which establishes institutional expectations over data protection practices.
Scope
Duke’s institutional data governance principles and data management standards apply to all users of Duke University information and information technology resources, including faculty, students, and staff, and irrespective of whether these resources are accessed from on-campus or off-campus locations. These principles apply to all institutional data and are to be followed by all those who capture data and manage administrative information systems using university assets.
Institutional data is data that the university collects or generates in support of our mission and academic or business purposes, and information collected or generated to meet regulatory, contractual or legal obligations, excluding data of Duke University Health System (DUHS) and other related Duke entities. Duke considers institutional data a shared university resource that is managed for the benefit of the whole university within privacy and compliance parameters.
Duke generated intellectual property, certain research data, such as that overseen by the Institutional Research Board (IRB), and data governed by privacy laws and regulations and/or by contractual terms and conditions may be governed by additional or alternative access, use and/or sharing restrictions that supersede the terms of this guidance and should be followed where applicable. Consult with the Data Steward to determine permissions for this type of data.
Federal and state statutes and regulations that guarantee either protection or accessibility of certain data records take precedence over these principles, including but not limited to the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA) and the NC Identity Theft Protection Act.
Data Governance Principles
Data is a strategic asset whose value grows with appropriate quality management, accessibility and utilization but diminishes through weak quality control, unavailability and misuse.
To inform better decisions and improve institutional insight, the University promotes appropriate sharing of institutional data within our community where possible, consistent with the sensitivity, privacy landscape, and data classification of such data. This requires the existence of oversight to adjudicate requests and apply aggregation, appropriate de-identification and other transformations to shared data as appropriate.