Terms

Definition

Bring Your Own Device (BYOD)

Information deemed private or confidential by applicable law and other highly sensitive data intended for limited, specific use by university personnel with a legitimate need to know. Explicit authorization by the Data Steward is required to access Confidential Data. Unauthorized disclosure could have a profound adverse impact on the business or research functions of the University or affiliates, the personal privacy of individuals, or compliance with federal or state laws and regulations or University contracts. Confidential Data have a very high level of sensitivity. Examples include:

1. Social Security Number.
2. Credit card number.
3. Personal identity information (PII), including, but not limited to: an individual's name; date of birth; address; telephone number; driver's license number or card or nondriver's identification number or card; social security number or card; place of employment; employee identification numbers or other personal identification numbers or cards; mother's maiden name; birth, death or marriage certificates; electronic identification numbers; electronic signatures; and any financial number, or password that can be used to access a person's financial resources, including, but not limited to, checking or savings accounts, credit or debit card information, demand deposit or medical information.
4. Passport number.
5. Personnel records.
6. Medical records.
7. Authentication tokens (e.g., personal digital certificates, passwords, biometric data).

Any data related to university functions that are:

1. Stored on University information technology systems.
2. Maintained by university faculty, staff or students.
3. Related to institutional processes on or off campus. This applies to any format or media (in other words, it is not limited to electronic data).

Deans, associate vice presidents, and heads of academic, administrative, or affiliated units or their designees with responsibility for overseeing a collection (set) of University Data. They are, in effect, the owners of the data and, therefore, ultimately responsible for its proper handling and protection. Data Stewards are responsible for ensuring the appropriate classification of data and data collections under their control, granting data access permissions, appointing Data Managers for each University Data collection, making sure people in data-related roles are adequately trained, and ensuring compliance with all relevant policies and security requirements for all data for which they have responsibility.

Individuals authorized by the Data Steward or designee and enabled by the Data Manager to enter, modify, or delete University Data. Data Processors are accountable for the completeness, accuracy, and timeliness of data assigned to them.

Anyone in the university community with the capacity to access university data but is not authorized to enter, modify or delete it.

Electronic Communications

Refers to the use of Information Systems for transmitting, receiving, storing, or posting information via email, message boards, forums, chat platforms, websites, institutional social media accounts, or other electronic tools over the Internet or other networks.

This includes desktops, laptops, tablets, mobile devices, printers, or any device (excluding servers) capable of connecting to the university network or accessing university data.

Any university-owned, controlled, leased, protected or authorized information or data.

Information Technology Resources

Technology and/or computer resources provided or sanctioned by the university, including workstations, servers, mobile devices (laptops, tablets, smartphones, etc.), printing equipment, all associated peripherals and software, and other information technology platforms and systems. These resources are used for administration, research, teaching, or other purposes, and access to university information, systems, data, or networks must occur exclusively on University-owned or approved devices.

Information Systems

Encompasses endpoints, networks, servers, licensed platforms, services, cloud environments, and similar devices or software administered, owned, controlled or operated by the university or for which the university is responsible.

Multi-Factor Authentication

An authentication method that requires users to provide two or more verification methods to gain access to University Information Technology Resources.

Networks

Encompasses wired and wireless video, voice and data infrastructure, including security devices.

Operational Data

Information is not shared publicly but is not subject to specific protection requirements. It is intended for designated university workgroups or departments. Examples include PII, budget information, and internal emails.

Personal Information, Personal Data, or Personally Identifiable Information (PII)

Any information that can be used to identify a specific individual. Two components are direct identifiers (name, student ID, driver’s license number, SSN, passport number, etc.) and indirect identifiers (DOB, place of birth, race, gender, medical/health information, financial information, educational records, etc.). Indirect identifiers cannot identify an individual directly by themselves, but when combined with direct identifiers or other indirect identifiers, can cross thresholds where they become PII. The complete list includes but is not limited to the following:

• Name
• eID
• Date of birth
• Street address
• Phone number
• IP addresses
• Social Security, driver’s license, passport, or other government-issued identification number
• Race, gender, ethnicity, political, and religious identifiers
• Financial account information and payment account numbers
• IT systems access credentials
• Educational records
• Medical/health information

Privileged Accounts

A local administrator, domain administrator, data access administrator, or application administrator account is present or used in a university system. These roles commonly have elevated privileges, such as the ability to modify security controls, create user accounts or modify user access.

Public Data

Information intentionally made available to the public by valid authority without potential harm to the university or its affiliates.

Regulations, Laws, and Standards

Governing federal, state, and local statutes, regulations, rules, policies and standards such as CUI, HIPAA, PCI, FERPA, GLBA, and export control regulations affecting data protection.

Removable Media

Devices or media readable and/or writable by end users that can be moved between computers without modification.

User

Refers to a person, whether authorized or not, who makes use of university information technology resources from any location.

University or K-State

Refers to Kansas State University, including all its campuses, colleges, controlled affiliates and enterprises, divisions, offices, departments, and other units.

University Data

Data created, received, collected, transferred, and/or maintained for university use for administrative, academic, and research purposes.

University Use

Refers to the authorized use of university resources—including administrative, academic, research, and operational resources—by individuals such as employees, volunteers, contractors, or affiliates for activities necessary, optional, or convenient to their roles and responsibilities in support of the University's mission.

University Devices

Any device purchased with university or philanthropic funds is capable of connecting directly to university networks or through a gateway. Examples include desktops, laptops, tablets, printers, IoT devices, servers, appliances and sensors.