Overview
The Data Access Framework provides a repeatable, risk based process for requesting access to UBC data. It is in alignment with information security classifications, under the authority of Policy 104, Acceptable Use and Security of UBC Electronic Information and Systems. The framework supports data access requests for the purpose of administrative functions, systems integration, research and/or external data needs that are consistent with UBC’s mandate. All requests are reviewed based on factors such as privacy, security, administrative burden, and alignment with UBC values and priorities.
Benefits
The Data access requests process allows UBC’s data to be protected regardless of who is requesting information. Due diligence is made to ensure regulatory compliance around access, usage and storage of data especially where personal information is involved. This is achieved by:
- Data access is registered and reportable
- Data is protected in motion and at rest
- Efficient and secure method to access data via API(s)
- Compliance with information privacy regulations
- Metrics-based risk model used for data access
Types of Data Access
Access can be requested for APIs, UBC data, and reports, for the purpose of administrative processes, research, or use of APIs for system integrations.
Data Access Request Process
Step 1: The Data Access Request process starts with a requester completing and submitting a questionnaire.
Step 2: Responses are assessed for risk, taking into consideration identifiability of individuals, quantity of Personal Information, information security classification of data requested, context and purpose of use, level of confidentiality, and access to and location of personal information storage.
Step 3: Based on the risk, the request requires varying levels of approval: data may be auto-released if considered as low risk; reviewed and approved by the appropriate Data Steward (medium-high risk); or reviewed and approved by the Data Access Committee (very high risk, or otherwise escalated by the Data Steward).
Step 4: Once a decision is made, and the request is deined, the requester is notified with commentary. If the request is approved, it is further validated, confidentially/information sharing agreements are signed, and the request is fulfilled.
To get started, please visit the Access UBC Data page for further instructions.