Penn Computing

Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

  Query the warehouse
What you need
Access request forms
Password change
Query tool software
Training options
Tips
  
  Related information
About the warehouse
Data Administration
Security
Support services
Warehouse updates
  
  Data collections
advancement
assets
brim
brs
express mail
facilities
faculty
general ledger
infrastructure
learning management
position inventory
research
salary management
student
tuition distribution
cross-collection

BRS Collection Data Security

Data Warehouse Access Prerequisites
The BRS data collection is part of the University of Pennsylvania's Data Warehouse. Access to the Data Warehouse requires three things. You need all three:

  • permission
  • a query tool
  • training

  • Click here for more information.

BRS Collection Access Prerequisites
Individuals who already have access to the Student data collection in the Data Warehouse will be granted access automatically to the BRS collection, to facilitate joining the BRS and student biographical and/or enrollment data. For information about Student collection access prerequisites, click here.

Those individuals who do not already have access to the Student data collection, and/or who only want to be able to use the BRS detail data, must complete BRS Data Access Request Form and obtain supervisor, school access administrator and Student Financial Services (SFS) signatures. This more restricted level of access will not include elements from the Student data collection.

Access to the BRS data in the warehouse will be given to users on a global basis, and will not be restricted by school or department. If a user has access to the tables they can see all transactions for all students in all schools.

Regulations and Policies on Student Data
Federal regulations regarding access to student data are spelled out in the Family Educational Right to Privacy Act (Buckley Amendment), commonly known as FERPA. For more information, see http://www.upenn.edu/computing/da/dw/student/ferpa.html.

The University's policy on the Confidentiality of Student Records is available at http://www.upenn.edu/osl/confiden.html.

Releasing Data Outside the University
The only office that may release BRS data is Student Financial Services (SFS). Requests for BRS data should be directed to SFS.

Keep a Log
You might want to keep a log of the reports you create, even if you are giving it to someone within the University. The log might include:

  • Who requested the data.
  • When they made the request.
  • What data they requested.
  • Why they requested the data/how they planned to use it.
  • What query and/or report you used.

Releasing Data Within the University
Within the University, BRS data may be disclosed only if it is needed to do the business of the University, and only to those who need to know the information in order to do their jobs. If you are not sure whether to fulfill a request for BRS data, contact Student Financial Services.

Questions you shoud ask to help decide whether to fulfill a request for BRS data:

  • Who wants the information?
  • Why do they want the information?
  • For what purpose will the information be used?
  • If they pass the information on to someone else, for what purpose will that person use it? Note: Usually, the data should be for the requestor's use only. No data should be posted in a public place including the World Wide Web.
  • How will they secure the information once they have it?
  • How will they dispose of the information when they are done with it? For example, hard copy reports should be shredded.

Desktop Security
 Query Results. Business Objects writes reports to the desktop client under the subdirectory specified when the reports are saved. The default directory is C:\Program Files\BusinessObjects\UserDocs. You must see to it that any sensitive data stored on your peronal computer is safeguarded through physical security, access control software, or encryption.

  • Examples of physical security are locked offices and locked keyboards.
  • Examples of access control software are a screen saver with password protection (which your computer has been set up to initiate at startup) or specialized desktop security software.
  • If you encrypt your query results, you will need to decrypt them before accessing them with Business Objects.

Warehouse Access
When a computer is left signed to an account, it is easy for someone to gain unauthorized access. Either sign off from your account before you leave your computer or restrict access by some other means (physical security or access control software).

For more information on security, contact Dave Millar, the University Information Security Officer, at 898-2172 or millar@isc.
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania