Appropriate Use of Data
3.20 (printable version)
Policy/Operational Procedure Name:
Appropriate Use of Data
Dr. Melanie Riester
Research, Evaluation, Assessment, and Planning (REAP); Information Technology Services (ITS)
December 13, 2011; September 27, 2019 Revision)
Next Review Date:
Durham Technical Community College employees are expected to access and disseminate College data with a focus on providing accurate and timely information that is consistent with relevant state and federal laws. Employees are expected to access, use, and release data in an intentional and controlled manner that permits an appropriate level of disclosure, ensures the timely receipt of accurate data by interested parties, enables accurate and meaningful interpretation and use of the data, and protects the confidentiality of students and individual faculty and staff members. Employees are responsible for using data and information appropriately and using the most accurate and current data and information available.
Durham Technical Community College (Durham Tech) makes it a priority to use data and information to inform and direct policies and address needs, measure outcomes and performance, and communicate information about the College internally and externally. Access to and dissemination of data focuses on the need to provide consistent, accurate, and timely information which is consistent with relevant state and federal laws such as the Family Educational Rights and Privacy Act (FERPA) (see also the College’s FERPA policy) and the Health Insurance Portability and Accountability Act (HIPAA). Durham Tech employees are expected to access, use, and release data in an intentional and controlled manner that adheres to the following guidelines:
Permits an appropriate level of disclosure;
Ensures the timely receipt of accurate data by interested parties;
Enables accurate and meaningful interpretation and use of the data; and
Protects the confidentiality of students and employees. Durham Tech prohibits the sending of sensitive information, such as student and employee identification numbers and/or Social Security numbers, via email internally or externally
Research, Evaluation, Assessment and Planning (REAP) staff and Information Technology Services (ITS) staff collaborate to compile, analyze, and report College data. Employees may use available data or request additional data as noted in this procedure. Employees are responsible for seeking to obtain and use the most accurate and current data/information available.
Employee Access to Data
ITS reviews and approves requests for use of software to determine the appropriate level of access to be granted. Entrinsik Informer, which permits direct query access to institutional data, is an example of software for which employees may request access.
Employees who wish to have direct access to institutional data via Informer should complete the Informer Access request form and forward it to ITS. Access to Informer can be for one of two user types: Power User (report creator) or Report Viewer. Those seeking to perform their own queries should apply for Power User access, while those who want to access and run queries developed by others should apply for Report Viewer access. ITS will determine if any access limitations are appropriate upon receiving a request. ITS will determine the appropriate level of access, if any, and make arrangements to provide that access. ITS will provide Informer training, as needed.
In lieu of direct access to data, employees may submit a data assistance request via the College’s work order system to have REAP compile and supply the data.
External Access to Data
Except in the case of a legal mandate or other emergency situation, direct access to institutional data by external entities is prohibited. Responses to requests for institutional data from non-media external sources will be evaluated on an individual basis. Data will be provided in response to those requests that support efforts to provide significant direct benefit to students, employees, and/or the College as a whole.
External requestors of College data should first be directed to the publicly available data published on the College’s website. All external requests, except those initiated by individuals with a College affiliation (i.e., advisory committee members, the Board of Trustees) or those involving data reported as part of the North Carolina Community College System (NCCCS)’s Annual Reporting Plan should be referred to REAP for consideration and response.
REAP will review and approve all proposed responses to data-based inquiries from external sources prior to the information being distributed or communicated to the external source. Even if the data to be communicated have been generated by REAP and are available on the website, REAP should be consulted about the context in which the data are to be disseminated if a specific inquiry is made from an external source.
All requests for directory information should be directed to the Vice President, Student Engagement, Development, and Support/Chief Student Services Officer.
Data Use and Dissemination
Employees are encouraged to utilize institutional data to inform their decision making and performance assessment. All employees have access to a variety of data generated by REAP, including the College Profile, via the College’s website or shared folders. These data have been verified and are available for use in planning, evaluating programs, and making other policy decisions. Questions about appropriate use and interpretation of data should be directed to REAP.
Employees who generate their own data should be trained in the software used for extraction and knowledgeable about the data source and data definitions. Employees may only use Durham Tech issued online resources (e.g., Microsoft OneDrive) to collect and/or store College data. Employees are prohibited from using personal accounts (e.g., Google, Dropbox, SurveyMonkey, etc.) to collect and/or store College data. Questions about appropriate use and interpretation of data should be directed to REAP and/or ITS.
For data security, employees who share student or employee information internally must utilize the appropriate College resources (e.g., College-issued email, network shared folders, Microsoft OneDrive, KACE work order system). Employees are prohibited from using email to share confidential information and/or personally identifiable information (PII). PII may include direct identifiers (e.g., Social Security numbers), a combination of indirect identifiers (e.g., birth date and address), or a combination of direct identifiers and indirect identifiers (e.g., student ID and birthdate). This prohibition extends to attaching documents containing confidential and/or PII; encrypted or password protected documents, including Microsoft Word and Excel files, are not secure.
There are specific, situations in which a College-issued ID number may be sent via email as part of an official College process (e.g., welcome emails to new students and employees, technical support, Campus Police and Public Safety communications, legal counsel review). In all other cases, if an employee must send a College-issued ID via email, the employee should not include other information that would personally identify students or employees (e.g., name and student ID).
This policy and its procedures is not intended to prohibit the use of third-party instructional tools such as publisher-provided platforms (e.g., Cengage Mindtap, Pearson MyLabs) and free online tools (e.g., FlipGrid, Quizlet, Socrative). Instructors who wish to use Google tools in instruction should request a ConnectMail account from ITS to use for this purpose.
Annual State and Federal Data Reporting
REAP oversees state and federal data reporting to ensure timely report submission. At least one College employee is identified as being responsible for the submission of each report. The responsible employee should become familiar with the process and guidelines for submitting the required data. Once the employee is familiar with the reporting process and requirements, they should submit the report directly to the requesting agency. REAP monitors the College’s reporting and ensures its compliance with all reporting due dates.
College Data – All electronic documents, electronic data-processing records, and any other information the College collects and manages in connection with the transaction of public business. Student records, employee information, facilities information, and student recruitment data are all examples of College data.
Confidential Information – Information that is disclosed to an individual employee or known to that employee as a consequence of the employee’s employment at Durham Tech, and not generally known outside the College, or that is protected by law. Examples of confidential information include but are not limited to grades, financial aid information, social security numbers, payroll and personnel records, health information, self-restricted personal data, credit card information, passwords, and College financial and account information. Individual offices, departments, or programs may have additional information that is considered confidential information and covered by College policy. Confidential information includes information in any form, such as written documents or records, or electronic data.
Directory Information – Information the College has determined may be shared about an individual student including the student’s name, email address, current program of study, terms enrolled, honors and awards, credentials earned, and participation in official student clubs or organizations.
Direct Identifiers – Information that relates specifically to an individual such as the individual’s name, address/place of residence, Social Security Number or other identifying number or code, telephone number, or biometric record.
Indirect Identifiers – Information that can be combined with other information to identify specific individuals, including, for example, a combination of gender, birth date, geographic indicator, and other descriptors. Other examples of indirect identifiers include place of birth, race, religion, weight, activities, employment information, medical information, education information, and financial information.
Personally Identifiable Information (PII) – Information that can be used to distinguish or trace an individual’s identity either directly or indirectly through linkages with other information. PII includes information in any form, such as written documents or records, or electronic data.