Shared Guidance Common Definitions

The following serves to define common terms that are used throughout the Washington University in St. Louis System Access Control Guidelines policies.

Data Types

UNIVERSITY DATA refers to a data element or record that satisfies one or more of the following criteria:

  • It is relevant to planning, managing, operating, controlling or auditing administrative functions of an administrative or academic unit of the university;
  • It is created, received, maintained or transmitted as a result of operation, administrative, educational, clinical, research or patient care activities;
  • It is generally referenced or required for use by more than one organizational unit;
  • It is included in an official university administrative report;
  • It is used to derive an element that meets the criteria above;
  • It is generated by a university workforce member or agent using any of the above data.

CONFIDENTIAL/PROTECTED DATA refers to securable university data whose unauthorized disclosure may have serious adverse effect on the university’s reputation, resources, services or individuals. Data protected under federal or state regulations or due to proprietary, ethical or privacy considerations will typically be classified as confidential.

PRIVATE/SENSITIVE DATA refers to securable university data whose unauthorized disclosure may have moderate adverse effect on the university’s reputation, resources, services or individuals. This is the default classification category and should be assumed when there is no information indicating that data should be classified as public or confidential.

SECURABLE UNIVERSITY DATA refers to university data that falls under either the private or the confidential classifications.

PUBLIC DATA refers to university data whose disclosure to the general public poses little or no risk to the university’s reputation, resources, services or individuals.

POTENTIALLY RELEVANT INFORMATION (PRI) is any record that is either required or would be normally maintained in the regular course of business and has any chance of being relevant to the litigation.

ePHI (Electronic Protected Health Information) is any personally identifiable health information that is created, stored, transmitted, or received electronically. It relates to any information about past or present physical or mental health conditions, as well as prescribed treatments.

Employee Responsibilities

  • DATA CENTER DIRECTOR refers to the individual(s) responsible for the operational management of a university data center. This does not refer to individuals responsible for managing infrastructure housed in the data center. The data center director would be the individual responsible for authorizing access to the physical data center space.
  • DATA STEWARDS/OWNERS are the university officers having policy-level responsibility for managing a segment of the university’s information resources.
  • WORKFORCE MEMBER refers to any faculty, staff, student, volunteer, trainee or other person whose conduct is under the university’s direct control, whether or not the university pays them for their services.

IT SECURITY INCIDENT is any activity that harms or represents a serious threat to the whole or part of Washington University’s computer, telephone and network-based resources such that there is an absence of service, inhibition of functioning systems, including unauthorized changes to hardware, firmware, software or data, unauthorized exposure, change or deletion of critical records, or a crime or natural disaster that destroys access to or control of, these resources.

SANITIZATION is the act of permanently removing data from media before disposal or reuse. In the case of print materials, this process could include the destruction of the media itself as in the case of shredding.

UNIVERSITY DATA CENTER refers to facilities dedicated to housing systems and components that store and manage university data.

Updated April 1, 2013