Building partnerships through collaboration.
Faculty, staff and students are encouraged to comment on policies in the final stages of development during a 30-day review period.
Summary
This policy helps minimize survey/email fatigue and oversampling of University at Buffalo (UB) students, faculty, staff, and/or alumni by managing the quantity and scheduling of survey invitations to these audiences and identifies specific permissions needed by survey authors to conduct surveys with UB constituents.
Policy Statement
The University at Buffalo is committed to ensuring that surveys are methodologically sound and of good quality; promoting inter-departmental awareness and cooperation; minimizing survey fatigue and collection of duplicate data or pre-existing data; ensuring appropriate methods of recruitment, distribution, and use of survey results; and maintaining a thorough and accessible record of survey tools and findings. Survey fatigue, the decreased willingness to participate in surveys, is a constant concern because reduced response rates compromise the usefulness of any data collected.
Summary
This policy provides guidelines for the financial management of non-credit bearing professional development programs to support:
Policy Statement
The University at Buffalo establishes and maintains non-credit bearing professional development program rates in accordance with the State University of New York (SUNY) Fees, Rentals, and Other Charges Policy.
A non-credit bearing professional development program is a UB instructional activity with established methods of assessment and articulated student learning outcomes.
Governance
These general principles govern the development of new rates or changes to existing rates:
Summary
The University at Buffalo classifies data into three risk-based categories to regulate access to, use of, and necessary precautions required to the protect university data. This policy provides a classification framework based on relevant legal and regulatory requirements to which the university is subject and provides a framework for classifying university data based in its level of sensitivity, value, and criticality to determine baseline security controls and protect data.
Policy Statement
The University at Buffalo is committed to protecting the confidentiality, integrity, and availability of university data. All university data must be classified into one of three data classification categories:
Category 1 – Restricted Data
Protection of Category 1 – Restricted Data is required by law or regulation. The loss of confidentiality, integrity, or availability of the data or system could have a significant adverse impact on our mission, safety, finances, or reputation.
Restricted data includes the definition of private information in the New York State (NYS) Security Breach and Notification Act as a foundation: bank account, credit card, debit card numbers; social security numbers; state-issued driver license numbers; and state-issued non-driver identification numbers. To this list, university policy adds protected health information (PHI), computer passwords, other computer access protection data, passport numbers, as well as research data which requires the use of PHI and personally identifiable information (PII).
Individuals who access, process, store, or in any other way handle Category 1 – Restricted Data must implement controls and security measures as required by relevant laws, regulations, university policies, and supporting standards. In instances where laws and/or regulations conflict with university policy, the more restrictive policy, law, or regulation governs.
Category 2 – Private Data
Category 2 – Private Data includes university data which is not identified as Category 1 – Restricted Data, but which is protected by state and federal regulations. This includes Family Educational Rights and Privacy Act (FERPA) – protected student records and electronic records that are specifically exempt from disclosure by the New York State (NYS) Freedom of Information Law (FOIL), as well as Research Foundation (RF) proprietary data, and all University at Buffalo research data.
Category 2 - Private Data must be protected to ensure that they are not disclosed in a FOIL request. Category 2 - Private Data must be protected to ensure that they are only disclosed as required by law. Decisions about disclosure must be made by the Records Management Officer.
Category 3 – Public Data
Category 3 – Public Data includes all other university data which is not included in Category 1 – Restricted Data or Category 2 – Private Data. Category 3 – Public data includes any data that is releasable in accordance with FOIL. This category also includes general access data, such as that available on unauthenticated portions of UB’s website. Public data has no requirements for confidentiality; however, systems housing the data should take reasonable measures to protect its accuracy.
Summary
This policy provides guidance regarding privileges and responsibilities for the acceptable use of University at Buffalo information technology resources.
Policy Statement
The University at Buffalo (UB, university) is committed to providing secure and reliable computing, networking and telecommunications services to the campus community. All individuals who use university information technology (UBIT) resources are required to use these resources in an ethical and legal manner, consistent with the educational, research, and public service goals of UB.
All individuals who use UB’s computing, network, cloud and telecommunications resources are responsible for the following:
When using UBIT resources individuals must not view, copy, alter, destroy, or distribute another’s files without permission from that individual, unless authorized or required to do so by law or regulation. The technical ability to access others’ accounts or information does not imply authorization to do so. IT operational staff may be required to access files if directed to do so by Employee Relations, UB counsel, the information security office, or as required to insure proper technical operation of IT systems.