Data classification

University data is classified based on its sensitivity and importance . The four levels are:

  1. Restricted. Highly sensitive data that cannot be shared without breaking law, policy, or statute.
  2. High. Confidential student information protected by Family Educational Rights and Privacy Act (FERPA) or Iowa Code 22.7(1).
  3. Moderate. Sensitive data that must be safeguarded due to proprietary, ethical, or privacy considerations. This information is not intended to be shared with the public but there is no federal or state law that prevents it.
  4. Low. Non sensitive data that can be shared with the public.

The majority of research data falls into the moderate or low classifications. The Minimum Security Standards and Guidance policy  outlines what protections and procedures must be followed for each level.

Need help?

We can help you determine the right classification and security for your data.

Research data roles and responsibilities

You have specific rights and responsibilities for university research data that change depending on your role.

Data steward

Person(s) with policy-level and planning responsibilities for the data. Principal investigators (PI) are stewards of research data under their control.

Responsibilities:

  • establishing and following policies, procedures, and guidelines.
  • managing data access and implementing appropriate security
  • appointing and training data custodians
  • selecting data dissemination methods

Data custodian

Person(s) in possession or control of data. Graduate students, faculty and staff are often research data custodians.

Responsibilities: 

  • following and implementing policies, procedures, and guidelines
  • ensuring good practice in data storage, management, transport, and safe-keeping

Data user

A data user can create, enter, edit, and access data. Researchers at all levels are data users. 

Responsibilities:

  • using the data as directed by the data steward (or designated custodian)
  • preventing and reporting disclosure of confidential or sensitive data

Data owner

The university owns research data made at Iowa State so it can fulfil its legal, ethical, and contractual responsibilities.

Multiple organizations or individuals may share ownership if the research data were made or acquired through collaborative research. The Office of the Vice President of Research's site has more details covering different situations.

This page is not intended to replace policy or consultation with the appropriate university offices.