University Data-Related Policies and Procedures
Compliance with internal and external regulations is necessary to allow Clemson to leverage data & analytics to support business and academic functioning across the University. Acceptable use, privacy, and security regulations are often built into other laws and regulations. Several important regulations with implications for data use have been collected below.
University Policies and Guidance
- Start here! Data Classification Policy: The University data classification categories are based on the sensitivity of the data and determine where data must be securely stored, as well as how it can be shared. This is the first step in understanding how to manage your data. Many University policies and procedures frame requirements according to the data classification category.
- Understand your responsibilities regarding student records. Family Educational Rights and Privacy Act (FERPA): Sets requirements for the protection of student education records and provides rights to access or amendment of records.
- We don’t sell University data. Family Privacy Protection Act (FPPA) Policy: Prohibits persons or private entities from obtaining or using any personal information acquired from the University for commercial solicitation.
- Special requirements for European Union data. General Data Protection Regulation (GDPR): Personal data collected in or transferred from countries in the European Economic Area is subject to the GDPR.
- Familiarize yourself with basic principles for managing personally identifiable information. University Privacy Policy: Establishes guiding principles for the protection and management of personally identifiable information.
- Know which records to keep and how long. Record Management Policy and Records Retention Schedules: Provide guidance and requirements on the identification, management, retention and disposition of official University records.
- What about intellectual property? To better understand the assignment of intellectual property created by University faculty, staff and students, see the Intellectual Property Policy.
- Collecting health information? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects certain health information. ‘Education records’ and ‘treatment records’ as defined under FERPA, are not covered under HIPAA. Have questions about whether HIPAA applies to your data? Contact the University Privacy Program.
- Accepting credit card payments? Payment Card Industry Data Security Standards (PCI DSS): The major credit card companies (VISA, MasterCard, Discover and American Express) came together and published a uniform set of data security standards that all merchants (i.e., Clemson University departments) must comply with in connection with the acceptance of payment cards. These standards have placed additional responsibilities on University departments in connection with the acceptance of payment cards.
- Planning to use an IT solution or vendor? CheckIT (IT Vendor Management): Anyone purchasing, requesting or using free versions of anything technology-related must complete the CheckIT process prior to use of the technology. This process ensures all technology solutions are appropriately evaluated against risks that may be presented to the University, including procurement, security and privacy, accessibility, integration to other Clemson systems as well as data and support needs.
- Is there a (software) license for that? Software Catalog: Clemson University provides students, faculty, and staff with an array of applications to support teaching, learning, and research.
- Still can’t find what you need? Visit the Clemson Computing and Information Technology website for a wide range of student, faculty and staff resources and best practices. You can also get help through the TigerHub system.
Resources for Researchers
- The Office of Research Compliance provides oversight and coordination of research compliance areas involving human subjects, vertebrate animals, recombinant DNA, hazardous agents and research misconduct.
- The Office of Sponsored Programs provides oversight of grant proposal submissions, award acceptance, and negotiation of non-disclosure, material transfer, and other research-related agreements.
- A Data Management Plan (DMP) is a component of a grant proposal for funding agencies like NSF, NIH, USDA, or DOE. For assistance in developing a DMP, go to the Clemson Libraries Data Services web page.
- Researchers have special computing and data storage options. Research Computing and Data (RCD) supports the research ascension of Clemson University by providing innovative and leading high-performance computing and storage solutions to students, faculty and staff.