Incomplete and inconsistent formal agreements on terms and conditions can lead to the negligence of staff and contractors in the processing and dissemination of sensitive data. Resources must establish data access agreements that define appropriate use and access to covered data, as well as procedures for granting authorization for exemptions from restrictions. A model of the data access agreement is provided below. The presentation and text example are provided as a guide and must be adapted to the specifics of each set of systems/data. Identify the data owner (by name and/or roll) and identify the data to be accessed. Capture or provide (depending on the connection) the user`s name and location and the responsibility that requires access to the registration. When my employment ends at university or my professional responsibility no longer requires access to the data or the extent of the required access changes, I have a shared responsibility with the Data Proprietor to ensure that my access to the system is properly revoked or changed. If my access is not changed in time, they will notify the data owner. The purpose of the data access agreement is to define the conditions under which users have access to the data indicated and to obtain an express acceptance of these conditions by a user before he or she has access to the data. Designation of data sensitivity. The data [registration name] in [system name] is classified as UC P1-P4 (formerly UCB PL0-PL3) and data protection is established accordingly. I agree to preserve the quality and integrity of the information I access and to protect the privacy of the personal data of someone I access.
(Example of a UC P2/P3 (formerly UCB PL1) System in which users enter/edit records:)I recognize that Berkeley must have strict control over access to personal data, which contains the name or initials of a person in connection with: and does not enter the system [system name] of such data or other level 2 protection data. (z.B) Minimum Security Standard for Electronic Information (MSSEI)Minimum Security Standard for Networked Devices (MSSND)Berkeley Data Classification StandardData Protection Profiles Notification to users of MSSEI security requirements for individual devices: Secondary storage/system should not be created from system data without prior authorization from the data controller and authorization of the secondary memory/system from the Office of the IOC. I will get permission from the owner before transferring [system name] data to someone who has not accepted the terms of this data access agreement. Data protection in this system is subject to the following law, policy and regulation: — intentional and authorized use of data. I agree to use [system name] only for legitimate business purposes, which limits my use to my pre-professional duties. I agree with the terms of this data access agreement.