Background
Stanford data is an institutional asset used by the university to support its fundamental instructional, research, and public service missions. Success is in part dependent on data that correctly represents the information intended and is freely available and timely. The university MaIS and Directory Services represent a consolidated source of information from different campus source systems and, for personal data, as entered by individuals themselves. MaIS and Directory support authorized access to this data to departments, offices, or other business units at Stanford to enable the university to conduct its business and serve its academic mission.
Data in the MaIS databases, provided by the MaIS services and the ITS Directory, is governed by a respect for the rights of individuals as well as specific privacy and usage policies from the sources of the data. Anyone authorized to access this information must honor all privacy settings and take appropriate steps to ensure the security and appropriate use of this data. This agreement is intended to ensure that the data assets of the university will be used for the purposes intended and are not misused or abused.
Applicability
This agreement specifically covers the use of data acquired from MaIS or Directory and applies both to overall programmatic use as well as to all individuals who have access to this data. It does not override or alter any policies on data use that are set by originating sources systems or offices that are trustees of specific data. It does not negate any applicable state or federal laws. General policies on the use and protection of university data are covered in Administrative Guide Memo 63 — Information Security.
Publishable data
This is data governed by visibility settings determined by individuals or by source systems — "white pages" data as found in StanfordWho and whois. Such data may be provided to a local community, e.g., school or department lookups, but any access you provide to this data in this manner must honor all user visibility settings, including Stanford-only restrictions, whether in electronic, printed, or verbal form.
Redistributing data
No data may be re-hosted for a general audience or re-provisioned to other systems through an interface such as Web pages, shared files, or similar means when it would provide data to anyone not granted access by this agreement or for the purposes covered by this agreement.
Though data redistribution is not permitted by this agreement, it does not preclude independent permissions directly from the data owners for subsequent data sharing. However, such additional uses must be recorded in your service agreement and be made available for review by data providers.
Data security and integrity
Initial access to Registry data is secured by strong authentication, authorization, and encryption. You must take equivalent precautions in protecting the integrity of the data once in your care, for original data and any subsequent copies or transformations. You must:
- avoid clear-text transmission of any sensitive data;
- secure access to password, certificate, or other access-enabling credentials;
- protect electronic copies, such as databases, documents, or spreadsheets both on servers and on individual personal machines;
- take appropriate care with physical copies, e.g., not posting data in public places or letting it be exposed at publicly accessible printers;
- take appropriate care in disposing of data, e.g., shredding printed reports or erasing/reformatting disks;
- securing any backup copies of data.
Because university data is constantly changing, you must make appropriate efforts to keep any copies of downloaded Registry or Directory data timely, for instance if there are dependencies in information like current status and affiliation.
Audits
Consumers must be prepared to respond to any audit requests concerning the management of data, and be prepared to give evidence of proper protections and procedures. This may be required as a prerequisite for initially acquiring the data.
Summary
It is your responsibility to manage the data allowed into your care, and you agree to adhere to all applicable usage agreements, policies, and state and federal laws regarding the use of university data.
Failure to comply with this agreement or any actions deemed inappropriate conduct may result in denial of access.
Your usage of MaIS data indicates your agreement with all of the following statements:
- I understand the regulations above regarding the use of the data;
- I accept responsibility for protecting and maintaining accurate data in compliance with applicable laws and university policy;
- I accept responsibility for complying with state and federal law and university policies concerning the privacy rights of Stanford faculty, staff, students, and affiliates; and
- I understand that a breach of this agreement by an individual can be cause for disciplinary action, up to and including dismissal or termination of employment.
