Guidance for Operational Use of Student Data

Non-routine operational uses of student data include uses not covered in the drawer above. This includes large-scale institutional surveys, using data for marketing and outreach (outside of specific approved offices), and other activities. Guidance for these uses are below. For other activities not covered, please contact David Garrison, Senior Associate Registrar.

Purpose 

The purpose of the guidance is to ensure survey data collection efforts are aligned with institutional mission, goals, and philosophies driving the collection and usage of data at UC San Diego, including UC San Diego’s Strategic Plan, the UC San Diego Strategic Plan for Inclusive Excellence, the Principles of Community, and Privacy Principles. Through coordination and standardization of survey data collection efforts, UC San Diego seeks to protect community members’ time and privacy and reduce institutional risks and costs. 

All surveys, except those meeting the exemption criteria below, shall be reviewed for compliance with laws and regulations, alignment with institutional mission, goals, and philosophies, and ethical considerations prior to release. The Executive Vice Chancellor is responsible for creating and overseeing a committee to develop review criteria and process for survey reviews. 

Scope  

This guidance applies to all surveys of students, alumni, academic employees, career staff, non-career staff, or other affiliates in or associated with General Campus, Scripps Institution of Oceanography, and the Health Sciences, including surveys conducted by external entities and student groups. A pre-existing obligation to a funding agency or collaborator, prior use of a survey instrument, and/or IRB approval of a survey instrument do not exempt surveys from this guidance. 

If the data is being collected for academic research purposes (for publication), survey distributors must also independently seek IRB approval or exemption. Sometimes the demarcation between operational use and research is unclear, and seeking IRB guidance is advised in these cases. 

Definitions 

Human subjects research: Research about a living individual wherein an investigator (whether professional or student) conducting the research obtains 1) data through intervention or interaction with the individual, or 2) identifiable private information (i.e., personal information) from any source. 

Operational Use: Use of data related to the internal functions and processes of the university —such as admissions, enrollment, course scheduling, student financial aid— to manage operations, make decisions, and improve processes. Operational Use excludes uses for patient care, scholarly research, and direct delivery of educational services. 

Personal Information/Data: Information that, alone or in combination with other data, regardless of where those Data are stored or who has access, potentially identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with or single out an individual, a particular person, or household. 

Principal Investigator: In the context of this guidance, the Principal Investigator is the UC San Diego personnel who will take primary ownership of ensuring that all relevant policies and expectations are followed in the creation, distribution, storage, and analysis of the survey/survey data. 

Research: A systematic investigation, including research development, testing and evaluation, basic or applied research, designed to develop or contribute to generalizable knowledge. Generally, research is in the public interest, adheres to all applicable ethics and privacy laws, and the results are anticipated to be widely shared. 

Responsible Party: In the context of this guidance, the responsible party is a member of academic or administrative leadership who has reviewed and approved the survey to ensure alignment with institutional policy and goals. This should be a Dean or Vice Chancellor. 

Survey: In the context of this guidance, a survey is a systematized effort to make inferences about a population through gathering information directly from students, alumni, faculty, staff or other university affiliates using questionnaires, interviews, or focus groups. 

Existing Surveys 

The University of California System and UC San Diego invest significant resources in conducting quality surveys of their student, alumni, academic, and staff populations. Prior to creating a new survey, the Principal Investigator should familiarize themselves with the data and analyses already available for making data-informed decisions, including those posted to UC San Diego’s Institutional Research website and the University of California Institutional Research and Planning website. These surveys answer many of the frequently asked questions about the experiences of these populations on campus. Principal investigators are also encouraged to review the UC San Diego Institutional Survey Calendar to ensure their proposed timeline does not conflict with institutional survey efforts. Surveys highly duplicative of existing data collection efforts will not be approved. Survey timelines that conflict with institutional data collection efforts on the same population are unlikely to be approved. 

Survey Approval Steps: 

Principal Investigators must: 

1. Complete all necessary training (FERPA, Privacy@UC San Diego or Privacy 101) 
2. or Privacy 101Prepare all survey materials (survey content, drafts of all proposed communications to participants, and any other relevant documentation). 
3. Determine whether survey is exempt from this guidance. (See below.) 
4. Identify a responsible party. In most cases, this will be your Dean or Vice Chancellor. 
5. Complete the UC San Diego Survey Approval Form. Please keep the Survey Consultation Committee’s meeting calendar in mind for submission in order to ensure a faster review time. 

Surveys Exempt from This Guidance: 

The following surveys are considered exempt from this guidance:

• Surveys used to collect data strictly for assessment or program improvement internal to a business unit or department and involving fewer than 150 people. 
• Administrative surveys designed to solicit feedback from participants regarding a specific campus event. 
• Point-of-service surveys administered during or immediately following the service interaction. 
• Course-embedded curricular evaluations or assessments (per Regents policy 2301). 
• Administrative forms that individuals complete as part of routine business operations (e.g., directory updates, scholarship applications, IT services help tickets, and polls used for voting purposes such as elections and referenda) are not considered surveys, even if these are administered using electronic survey software. 
• Even if a survey is exempt, principal investigators should still: (1) familiarize themselves with existing surveys in order to reduce duplicative efforts that contribute to survey fatigue and waste of institutional resources; (2) follow all relevant laws and policies, and (3) utilize leading practices for data collection, analysis, and storage. 

Procedures and Resources

Survey Consultation Committee  

 The committee chair shall be a member of the Institutional Research Leadership Team. 

 The Survey Consultation Committee shall be comprised as follows: 

• Executive Director, Institutional Research and/or Director of Equity Research & Analytics and Director of Student Success & Analytics, as needed  
• Chief Privacy Officer, Campus 
• Director of Assessment, Evaluation and Organizational Development, Student Affairs and Campus Life 
• Faculty member, nominated by the Academic Senate Committee on Committees (2 representatives, 2-year service, rotating) 
• Teaching + Learning Commons representative, appointed by the Associate Vice Chancellor for Educational Innovation (1 representative, 2-year service) 
• Representative, appointed by the Vice Chancellor for Equity, Diversity, and Inclusion (1 representative, 2-year service) 
• A graduate student representative, appointed by the Graduate and Professional Students Association (1 representative, 1-year service) 
• An undergraduate student representative, appointed by Associated Students (1 representative, 1-year service) 

Invited based on population 

• Human Resources Data Steward or appointed representative (e.g. Tritonlytics representative) 
• Assistant Vice Chancellor of Academic Personnel or appointed representative 
• Data Steward – Student Academic/Administration or appointed representative 

The Survey Consultation Committee will meet based on a posted meeting calendar. Quorum is reached when 5 or more members convene. 

Sharing Student Data Externally

Purpose 

This guidance applies to sharing of student data with parties outside UC San Diego. This guidance provides definitions of key terms, limitations on when student data may be shared externally, and requirements for how student data may be shared externally. 

Definitions 

Artificial Intelligence (AI): A machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. Artificial intelligence systems use machine- and human-based inputs to perceive real and virtual environments; abstract such perceptions into models through analysis in an automated manner; and use model inference to formulate options for information or action. 

Central Office: Any office that reports directly to a Vice Chancellor and has formal delegation and signature authority to bind the institution or share data externally. The following are Central Offices for their specified domains: 

• Policy and Records Administration for public records requests 
• Office of Contracts and Grants Administration (OCGA) for any data request related to an academic research project, including requests from sponsors, collaborators, other universities, and consortia. 
• Integrated Procure-to-Pay Solutions (IPPS) for data sharing with service providers and sponsors of non-research projects. 
• Advancement for data sharing related to alumni relations, development, and fundraising. 
• Institutional Research (IR) for official institutional reports and analytics.
• Enrollment Management for official government and accreditation reporting. 

External Data Sharing: Sharing or provisions of access to data, in any format or by any means, with a Third Party. External Data Sharing includes public-facing dashboards or reports posted on UC San Diego’s website or that may be reasonably expected to be shared externally in the future. 

Personal Information/Data: Information that, alone or in combination with other data, regardless of where those Data are stored or who has access, potentially identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with or single out an individual, a particular person, or household. 

Student Data Access Committee (SDAC): Committee charged by the EVC to review and advise the Data Steward - Student Academic/Administration on appropriate uses, disclosures, and access to student data. 

Third Party: Any entity outside of UC San Diego, UC San Diego Health, and Scripps Institutional of Oceanography. For purposes of this document, Third Parties include vendors, higher ed organizations (e.g., AAU, UERU), state and federal government agencies, accrediting agencies, funders/granting agencies/sponsors, service providers, other universities and UC campuses, and UCOP. 

Limitations - Limited situations where non-aggregated student data may be shared externally 

 External Sharing of non-aggregated student data shall be limited to: 

• Required reporting to government agencies; 
• Required reporting to an accreditation agency; 
• Routine reporting to University of California Office of the President, such as for third- week census data; 
• Sharing with service providers and vendors – irrespective of whether payment is made or received – reviewed by the SDAC and/or data steward, the Campus Privacy Office, and the Office of Information Assurance. In most instances, an agreement with University of California Terms and Conditions and Appendix Data Security will be required; 
• Required reporting to funders and sponsors, where such a requirement has been contractually accepted by a Central Office, and where aggregate reporting is not sufficient; and 
• Legally required reporting and public records requests 

Requirements - Required processes and documents when sharing student data externally 

The following requirements apply to External Sharing of student data, except where legally required or as part of a public records request: 

• All sharing of data should align with: 
• UC San Diego’s Strategic Plan, 
• the UC San Diego Strategic Plan for Inclusive Excellence, 
• the Principles of Community, 
• and Privacy Principles. 
• Reporting of non-aggregated personal data must be reviewed by the SDAC and approved by the Data Steward - Student Academic/Administration. 
• External reporting of student data may only be conducted by those who have appropriate access to the underlying data (i.e., the Level of Access approved by the data steward). 
• Reporting of aggregate numbers of 5 or fewer will be reviewed by the SDAC as non-aggregated personal data (i.e., identifiable data). 
• Non-aggregated P-3 or P-4 personal data may only be shared securely in accordance with UC BFS-IS-3. 
• Except for required reporting to government agencies, sharing of non-aggregated P-3 or P-4 data requires a written agreement, executed by a Central Office, specifying: 
  • The appropriate and prohibited uses and disclosures of data, 
  • Retention limits, and 
  • Required security of data, including secured storage by the recipient. 

• Recipient will not be authorized to use Personal Data for its own purposes or to train its algorithms, AI, or similar systems without review from the SDAC, explicit authorization from the student data steward, and a written agreement executed by a Central Office. 

Purpose 

UC San Diego is a public institution that seeks to provide equitable access and opportunities to students in alignment with all legal and regulatory requirements. Segmentation of students for the purpose of marketing or other forms of outreach and communications should adhere to legal and regulatory requirements and institutional principles, including those outlined in the UC San Diego Strategic Plan, UC San Diego Strategic Plan for Inclusive Excellence, Principles of Community, and Privacy Principles. This guidance is provided for employees or others acting on behalf of the institution to ensure consistency and compliance.

Definitions 

Demographics: Data tied to a protected class under State or Federal law, or from which membership within a protected class might be inferred or deduced. This includes, but is not limited to race, color, religion, sex/gender identity, gender expression, sexual orientation, marital or parental status, medical condition, military or veteran status, national origin, ancestry, disability, age, and genetic information.

Operational Use: Use of data related to the internal functions and processes of the university —such as admissions, enrollment, course scheduling, student financial aid— to manage operations, make decisions, and improve processes. Operational Use excludes uses for patient care, scholarly research, and direct delivery of educational services (e.g., teaching, academic advising, tutoring).

Research: A systematic investigation, including research development, testing and evaluation, basic or applied research, designed to develop or contribute to generalizable knowledge. Generally, research is in the public interest, adheres to all applicable ethics and privacy laws, and the results are anticipated to be widely shared.

Guidance on marketing and outreach to student subpopulations based on non-demographics

There are numerous legitimate operational purposes for providing outreach and marketing to student subpopulations, such as enrollment status, class year, major, GPA, participation in an academic or co-curricular program or service, or expression of interest.

• Designated persons within the following entities are authorized to market and outreach to student subpopulations: Enrollment Management; Division of Graduate Education and Postdoctoral Affairs; Division of Undergraduate Education; Division of Extended Studies; Housing; and Alumni Engagement.
• Deans, department chairs, and provosts may authorize marketing and outreach to student subpopulations within their respective schools, departments, and colleges.
• Vice Chancellors may authorize individuals within their respective areas of responsibility to market and outreach to student subpopulations (e., the Vice Chancellor of Student Affairs and Campus Life may designate the Director of the Hub Basic Needs Center to authorize communications to students indicating prior need).

Guidance on marketing and outreach to student subpopulations based on demographics (see definition)

• The Data Steward - Student Academic/Administration may authorize marketing and outreach to student subpopulations based on demographics, where appropriate and in consultation with the Vice Chancellor for the Office for Organizational Transformation and Vice Chancellor for Student Affairs and Campus Life.
• All other requests require prior authorization from the Student Data Access Committee (SDAC).*
• Communications should be tracked by the Data Steward to ensure compliance with relevant laws and policies

*The university objective will be to build a consent mechanism that allows students to indicate their desire to be contacted based on specific forms of information. Once in place, communications targeted to students who have provided explicit consent to be contacted will not require review by the SDAC.

Revision Schedule

This guidance should be revisited biannually by the SDAC, with approval by the Data Steward - Student Academic/Administration and the Executive Vice Chancellor.

Frequently Asked Questions (FAQ)

How can I attract students most likely to benefit from my program/a service if I am not authorized to use demographic information to segment?

Consider carefully whether access to demographic information would help reach the students most likely to benefit from a program or service. Often demographic information is leaned upon as a proxy for understanding student backgrounds, experiences, and needs when more direct measures of need/benefit would be more appropriate. In this case, using demographic information in outreach and marketing could limit access to opportunities that would benefit a more generalizable student population.

It is appropriate to maintain listservs of individuals who have previously used a program or service with consent and appropriate privacy and security protocols in place. It is also appropriate to reach out to offices who provide corollary resources to support marketing and outreach programs, services, and other opportunities. Finally, it is appropriate to enable students to opt-in to marketing and outreach from specific centers or programs.

In what cases might it be appropriate to contact people based on their demographics?

Certain state and federal assistance programs may require students to meet specific eligibility criteria that involve demographic information (e.g., Native American Opportunity Plan). Outreach to inform individuals of their eligibility to apply to these specific opportunities is allowed.

How should I approach personal information that is not included as a protected class under state or federal law?

Although not considered protected class, information about a person’s history, background, or relationships outside of their direct educational experience at UC San Diego should be approached with caution. When marketing and outreaching, avoid stereotypes about who may need or benefit from specific opportunities and services that would prohibit equitable access.

Purpose 

The Student Data Access Committee shall provide consultation to the Data Steward - Student Academics/Administration on the creation, collection, protection, and distribution of student data. The Data Steward, with consultation from the Student Data Access Committee, seeks to protect student confidentiality and privacy; to maintain the integrity of all student data created, received, or collected by UC San Diego, including UC San Diego Health (institutional Information); to meet legal, regulatory, and policy requirements and adhere to Privacy Principles and ethical standards; and to ensure timely, efficient, and secure access to student information for appropriate uses. 

Scope 

The Student Data Access Committee shall provide consultation to the Data Steward – Student Academic/Administration on the creation, collection, protection, and distribution of UC San Diego student data. The Student Data Access Committee will make recommendations to the Data Steward – Student Academic/Administration; however, in all cases, the designated Data Steward – Student Academic/Administration will hold final decision-making authority. 

Responsibilities 

• Serve as strategic advisors to the Data Steward – Student Academic/Administration through representation of diverse stakeholders across UC San Diego on the creation, receipt, collection, protection, and distribution of student data 
• As requested, review and make recommendations related to non-routine requests for student data, with the following goals in mind: 
• Compliance with legal, regulatory, and policy requirements and adherence to ethical standards 
• Alignment to UC San Diego’s Strategic Plan, the UC San Diego Strategic Plan for Inclusive Excellence, the Principles of Community, and Privacy Principles 
• Appropriateness of methodology/analytical strategy/use case for student data 

Membership 

The Student Data Access Committee shall consist of: 

• Data Steward - Student Academic/Administration, who will serve as the committee chair 
• Chief Privacy Officer, Campus 
• Executive Director, Institutional Research and/or Director of Equity Research & Analytics and Director of Student Success Research & Analytics, as needed 
• Director of Assessment, Evaluation and Organizational Development, Student Affairs and Campus Life 
• Faculty member, nominated by the Academic Senate Committee on Committees (2 representatives, 2-year service, rotating) 
• Teaching + Learning Commons representative, appointed by the Associate Vice Chancellor for Educational Innovation (1 representative, 2-year service) 
• Graduate student representative, appointed by the Graduate and Professional Students Association (1 representative, 1-year service) 
• Undergraduate student representative, appointed by Associated Students (1 representative, 1-year service) 

Other campus experts may be consulted on an ad hoc basis, as determined by the committee chair. 

Quorum 

Five (5) or more standing committee members, one of whom must be the Data Steward - Student Academic/Administration, constitute a quorum. 

Meetings 

The Student Data Access Committee will meet quarterly, or as needed, to discuss matters related to the creation, receipt, collection, protection, and distribution of student data. Please see the Data Guidance and Survey Review Calendar for scheduled meeting dates.