Data Sharing Guide


AS&IR maintains guidelines for data sharing to help inform and align units and departments on the appropriate use of BU data. These guidelines build upon BU’s Data Protection Standards and outline when it is appropriate to include the Data Executive or Trustee representing an area of data in reviewing work in progress.


Data Sharing Guide by Area and Classification

Data An area or piece of information, or specific data element(s)
Identifiable Record-Level Record-level data paired with UID, EMPLID, Name, Email, other personally identifiable attribute(s), or with some combination of attributes that would allow identification of individuals.
Record-Level Record-level data that has been de-identified. Identification of individuals should not be possible through application of a single or combination of attributes in the report/data set.
Aggregate Aggregated data (e.g., counts) not tied to individual records.
Data Classification BU Data Classification Policy that applies to the specified data at the specified level/identification. Categories include Restricted (use), Confidential, Internal, or Public. Policy available at: https://www.bu.edu/policies/data-classification-policy/
ASIR Subclassification Granular classification within each official BU Data Classification category to better reflect audience-specific policies.
Sharing Policy Information about how and with who data can be shared. Based on BU Data Classification Policy.
Masking Limit Limit applied to publication or sharing of aggregate data that specifies the minimum number of individuals records that can be included given category, otherwise the value should be masked to protect individual privacy. There can be multiple limits corresponding to different classifications (e.g., mask values < 10 internally and mask values < 15 publicly).
BU Classification ASIR Subclassification Sharing Mechanisms Can be shared with… Example Business Need/Use Case
Restricted Use Restricted – Data Trustee Approval Required Secure Email, Restricted Use Specified Workspace Must have written Data Executive or Trustee signoff or projects with a demonstrated administrative or business need, in addition to meeting any published privacy or Information Security Standards. Requests including data such as Social Security Number (SSN) or other personally identifiable information (PII)
Confidential Confidential – President, Provost, Trustees Secure Email, SharePoint, Teams, Power BI President and Provost; Trustees at President’s discretion. Additional executive level leadership at President’s discretion. Reports, dashboards or data for distribution to president or provost
Confidential Confidential – Data Trustee Approval Required Secure Email, SharePoint, Teams, Power BI Data Executive or Trustee must approve requests for sharing of this information.
Internal Internal – Leadership Email, SharePoint, Teams, Power BI President, Provost, VPs, Associate VPs/Department Heads; Associate Provosts, Deans, Associate Deans, Academic Department Chairs Reports circulate to university leadership
Internal Internal – Administrative Email, SharePoint, Teams, Power BI President, Provost, VPs, Associate VPs/Department Heads; Associate Provosts, Deans, Associate Deans, Academic Department Chairs, Faculty/Staff for projects with a demonstrated administrative or business need Emails Student Outreach, Capacity Planning
Internal Internal – External Consortia (e.g., AAUDE) Email, Secure Upload External consortia of which BU is a participant. Consortia data privacy and sharing policies have been reviewed and approved by Data Trustees. CIP level data for AAU Data Exchange
Public Public – Faculty or Student Research Website, Email, Scholarly Publications Faculty, Postdoc, or PhD Student Researchers Approved request of research data for publication
Public Public – General Interest Website, Email, Social Media General or media requests Enrollment by Country to update the BU Fact Book