Secondary memory/systems should not be created from the data [system name] without the prior permission of the data owner and the registration and approval of the secondary memory/system with the IOC Office. Incomplete and inconsistent formal agreements on terms and conditions can lead to the negligence of staff and contractors in the processing and dissemination of sensitive data. A model of the data access agreement is provided below. The presentation and text example are provided as a guide and must be adapted to the specifics of each set of systems/data. The purpose of the data access agreement is to define the conditions under which users have access to the data indicated and to obtain an express acceptance of these conditions by a user before he or she has access to the data. Resources must establish data access agreements that define appropriate use and access to covered data, as well as procedures for granting authorization for exemptions from restrictions. Designation of data sensitivity. The data [registration name] in [system name] is classified as UC P1-P4 (formerly UCB PL0-PL3) and data protection is established accordingly. I agree to preserve the quality and integrity of the information I access and to protect the privacy of the personal data of someone I access. (Example of a UC P2/P3 (formerly UCB PL1) System in which users enter/edit records:)I recognize that Berkeley must have strict control over access to personal data, which contains the name or initials of a person in connection with: and does not enter the system [system name] of such data or other level 2 protection data.
Identify the data owner (by name and/or roll) and identify the data to be accessed. Capture or provide (depending on the connection) the user`s name and location and the responsibility that requires access to the registration. When my employment ends at university or my professional responsibility no longer requires access to the data or the extent of the required access changes, I have a shared responsibility with the Data Proprietor to ensure that my access to the system is properly revoked or changed. If my access is not changed in time, they will notify the data owner. Planned and authorized use of data. I agree to use [system name] only for legitimate business purposes, which limits my use to my pre-professional duties. I will get permission from the owner before transferring [system name] data to someone who has not accepted the terms of this data access agreement. Data protection in this system is governed by the following law, the following directive and regulation: — I agree with the terms of this data access agreement. Notification to users of MSSEI security requirements for individual devices: links to other relevant documents, z.B.
Minimum Security Standard for Electronic Information (MSSEI) Minimum Security Standard for Networked Devices (MSSND) Berkeley Data Classification StandardData Protection Profiles.