/
PaF - Data Store Policy

PaF - Data Store Policy

Owned by Dave J Ballard
Apr 17, 2019

Table of Contents

Executive Summary

This policy oversees the storage of data with Saunders systems and who is authorized to grant/revoke access to said data.

Scope

All data stores on any Saunders-controlled medium, including (but not limited to) shared network drives, shared online storage (e.g. Google Docs, Dropbox), USB drives, and hard drives in Saunders-owned equipment

Definitions

Data Store

data/file storage point on a shared medium

e.g. a folder on the H: drive

Data Store Ownerthe individual(s) who has been tasked with responsibility of granting/revoking access to said data

Policy/Procedure

  1. A Saunders employee may request the creation of a new data store.  This request will then be placed into a ticket within the Saunders Technical Support ticketing system for tracking purposes.
  2. A data store owner must be designated.  In most cases, this will be the original requester.
  3. The data store owner will provide a of individuals who have access to the data in the data store, and the level of that access (e.g. read/write/modify, read only)
  4. The data store owner need to approve any changes/additions/deletions in access or access levels for the data store
  5. Saunders Technical Support staff will limit their access to only the amount necessary to accomplish the task at hand
  6. Only full time Saunders Technical Support employees may have access access to administer a data store unless other wise approved by the data store owner
    1. This basically means that student employees will not have access to services such as the H: and P: drives.  Requests will need to go through full time employees.

Non-compliance and Exceptions

  • In the event of the sudden and/or prolonged absence of the data store owner, Dean and/or Senior Associate Dean can name a new data store owner.
  • Only full time Saunders Technical Support employees have access, by nature of their jobs, to the data store.  Content within the data store will not read/altered/deleted without written permission of the data store owner, or by legal compulsion such as a warrant or subpoena.
  • Users who need to store personal data for a limited time in their data store may do so. Each user should create a Personal folder on their individual P: drive, and store data under that folder. Data stored in a Personal folder will not be looked at except by legal compulsion such as a warrant or subpoena.
  • P: Drives will be deleted 30 days after the user leaves the Saunders College, unless they are officially retiring.  Retirees may retain access provided their RIT Computer Account is in good standing order.
  • The Dean, at his or her discretion, may overturn any of these policies except those that are a matter of University policy

Saunders Technical Support