Data Management Committee
Policy Guideline Document
Enterprise Data Warehouse
End User Data Access and Usage Agreement
To protect the University of Washington and its constituents from harm related to the unauthorized or
inaccurate distribution of institutional data, the University has implemented access controls to information
in the Enterprise Data Warehouse (EDW). These controls have been developed to provide broad access
consistent with the principle of least privilege. In signing this agreement, between the University’s data
Trustees and end users who are authorized to see some portion of the data in the EDW, the authorized
individual (Grantee) and their requesting sponsor (Sponsor) agree to abide by the data controls, uphold the
use and publication limitations, and comply with all related documents referenced in this agreement.
Data Classification ‐ The data in the EDW has been assigned a data classification according to the University’s
Minimum Data Security Standards. Understanding these Standards and data classification is key to
understanding the nature of the data you may be authorized to view as well as its acceptable use.
Data that is published for public use or has been approved for general access by the appropriate UW authority.
Public Even with access granted through an appropriate privilege level, if data is not listed as Public it should only be
released or published beyond the University by the appropriate Data Trustee, Data Custodian, or their designee
Data that is generally circulated and subject to disclosure laws, yet sensitive enough to warrant careful
management and protection to ensure its integrity, appropriate access, and availability.
Data that is very sensitive in nature and typically subject to federal or state regulations. Unauthorized disclosur
Confidential of this data could seriously and adversely impact the university or the interests of individuals and organizations
associated with the university.
Data Trustee ‐ Trustees are the delegated authority for the institution for defining access and use policies over
a particular subset (subject area) of enterprise information. Refer to the Data Management Committee Policy
document for detailed description.
Data Custodian – Custodians are the delegated representatives for a given trustee responsible for
implementing access and use policies and procedures. Refer to the Data Management Committee Policy
document for detailed description.
Authorized Publisher – A person that creates official reports or analytics and has the right to publish and
distribute enterprise information from the EDW.
Grantee – The individual authorized to view a subset of Enterprise Warehouse Data through the Warehouse
Sponsor – An executive officer or official of the University, or one of its colleges, departments, campuses, or
units, who requests authorization for the Grantee. (i.e. a Dean, Chancellor, Vice Provost, Chair, etc.)
Downstream System – Any system, database, spreadsheet, report or other repository into which data
sourced from the EDW is placed. Also referred to as a Redundant Data Repository in the Data Management
Committee Policy document.
In accepting responsibility for the data that they have access to, the Grantee agrees that:
1. They will not publish or distribute any data element not listed as “public “in the metadata dictionary
– http://blahblahblah without following the publication control process.
2. They will not retain in printed reports, or unsecured downstream systems, information listed as
“Confidential” without the written and signed authorization of the subject area Data Custodian(s).
3. Where possible they will not retain data sourced from the EDW in downstream systems.
4. They will not retain data sourced from the EDW, and provide access to those data, without an access
control mechanism that can be audited at any time. The access control mechanism must comply
with the UW Administrative Policy Statements.
5. Access to data in downstream systems sourced from the EDW will not be granted if that access
exceeds the role/privilege definitions of the EDW Access and Roles matrix.
Publication Control Process
Reports and tools developed by Grantees may be proposed for publication through the Enterprise
Information Portal. The Authorized Publisher and Custodians for information contained in the report or tool
will review and approve, disapprove or suggest modifications according to the Publication Control Process
(http://blahbeepblahboo ) If EDW sourced information is to be provided to entities outside of the Executive
Sponsor’s organization, including information to be sent outside of the University, it must be authorized by
the Data Trustee and Data Custodian.
The undersigned agree to comply with the letter and intent of this agreement.
Sponsor: Printed: Title: Date:
Grantee: Printed: Title: Date