University Directory Service (UDS) Responsible Use

Layout for printing

Policy Number:

UW-517

Responsible Office:

Division of Information Technology (DoIT)

University Policy

Rationale/​Purpose:

The University Directory Service (UDS) provides applications and services at UW–Madison with demographic, role, and contact data to support identity management, authentication, and authorization.1 The following policy is designed to ensure judicious and compliant use of that information, protecting the security and privacy of that data where necessary.

Scope:

Applies to anyone configuring applications or services to use data from the UDS.

Policy:

1. Policy

   1. UDS data use must be authorized by the appropriate data custodians for student, employee, or other data using the UDS authorization request form. This form specifies what data elements are needed for what purpose. UDS consumers² will be notified annually to reapply for authorization. The data obtained must be used only for the specific purpose identified on the request form and not for any other purpose, and must not be supplied to other applications.
   2. UDS data use must comply with the applicable State of Wisconsin and federal laws and regulations concerning privacy and security as well as complying with university policy. UDS data use is specifically bound by the university FERPA (Family Educational Rights and Privacy Act of 1974, as amended) policy and UW System acceptable use policy.
   3. UDS data may be used for purposes of providing identity management, which includes, for example, directory authentication and authorization services, and contact information.
   4. UDS consumers must provide details on what UDS data they store locally.
   5. UDS consumers must take all necessary precautions to secure UDS data in transmission and in storage. This includes utilizing security best practices as posted online.
   6. Consumers of UDS data will be held responsible for any security breach traceable to their use or specific authorization and will be held liable for any willful misuse or deliberate system damage traceable to their use and specific authorization.
   7. Periodic and random audits will be performed on the use of UDS data by the Office of Cybersecurity.
   8. Consumers of UDS data must provide access logs and access to systems containing UDS data upon request to the Office of Cybersecurity.

2. Enforcement

   1. See provisions 6, 7, and 8 of this policy.

---

Footnotes:

¹ Identity management refers to the policies, processes, and technologies by which the identities of persons are proofed, registered, and maintained. Authentication is the process of validating that identity. Authorization is providing access rights and privileges based on that identity.

² "UDS consumers" refers to applications or services that use data from the UDS.

Related UW-Madison Policies:

Office of the Registrar, FERPA Overview 

Related UW–Madison Documents, Web Pages, or Other Resources:

IT Policy Glossary

External References:

Regent Policy Document 25-3, Acceptable Use of Information Technology Resources

Policy Administration

Approval Authority:

Chief Information Officer & Vice Provost for Information Technology

Policy Manager:

Assistant Director, Cybersecurity Program and Business Services

Contact:

IT Policy Writer and Analyst -- Heather Johnston, itpolicy@cio.wisc.edu

Effective Date:

07-07-2005

Revised Dates:

06-28-2013

Reviewed Dates:

10/13/2017

Retrieved:

04-25-2024 05:51:19