1306 Data Sharing and External Data Disclosure Impact

1306 Data Sharing and External Data Disclosure

Effective Date: June 26, 2026

SECTION 1. PURPOSE & SCOPE

1.1. PURPOSE: The purpose of this administrative policy is to establish a consistent, institution-wide framework for the review, approval, and governance of data shared or disclosed outside of Fairmont State University. This administrative policy ensures that external data sharing aligns with institutional priorities, legal and regulatory requirements, data governance standards, and principles of data privacy, security, and integrity. Furthermore, this administrative policy ensures that the University is reporting reliable, consistent data to all external stakeholders.

1.2. SCOPE: This administrative policy applies to all Fairmont State University units, departments, colleges, offices, faculty, staff, administrators, affiliates, contractors, and third parties acting on behalf of Fairmont State University. It governs all forms of data sharing or disclosure to entities external to the University, regardless of format, medium, or method of transmission.

SECTION 2. APPROVAL, DELEGATION & APPLICABILITY

2.1. AUTHORITY: The Executive Director of Institutional Research and Effectiveness (IR&E) is designated as the authoritative body responsible for reviewing, approving, and overseeing all external data sharing and disclosure requests. IR&E has the authority to approve, deny, condition, or require modification of any proposed external data sharing.

2.2. DELEGATION: IR&E may delegate specific review or approval responsibilities to designated data stewards, governance committees, or subject-matter experts as appropriate. Such delegation does not relieve IR&E of overall accountability for compliance with this administrative policy.

2.3. APPLICABILITY: This administrative policy applies to all external data sharing activities, including but not limited to:

2.3.1. Data provided to government agencies, accrediting bodies, or regulatory entities

2.3.2. Data shared with vendors, contractors, consultants, or partners

2.3.3. Data disclosed for research, reporting, benchmarking, or public dissemination

2.3.4. Ad hoc, recurring, or automated data exchanges

2.3.5. Data entered into, processed by, or utilized by artificial intelligence (AI) tools, models, or platforms, including generative AI systems.

2.4. This administrative policy applies regardless of whether a data sharing agreement, memorandum of understanding, or contract is in place.

SECTION 3. DEFINITIONS

3.1. APPROVAL: Authorization granted by IR&E permitting external data sharing under specified conditions.

3.2. DATA: Any information collected, maintained, or managed by Fairmont State University, including but not limited to student, employee, financial, operational, research, and institutional data.

3.3. DATA STEWARD: An individual or office responsible for the oversight, quality, and appropriate use of a defined set of institutional data.

3.4. EXTERNAL DATA SHARING or DISCLOSURE: The provision, transmission, release, or granting of access to data to any individual, organization, or entity not part of Fairmont State University.

3.5. IR&E: The Office of Institutional Research and Effectiveness, or its successor unit.

SECTION 4. POLICY

4.1. POLICY: It is the policy of Fairmont State University that all External Data Sharing or Disclosures must receive prior written approval from IR&E and/or be subject to an executed Data Protection Compliance Agreement. No Fairmont State University unit or individual may share data externally without such approval, except where disclosure is explicitly required by law and cannot be delayed.

4.2. IR&E will evaluate requests based on factors including, but not limited to:

4.2.1. Purpose and necessity of the data sharing.

4.2.2. Data sensitivity and classification.

4.2.3. Legal, regulatory, and contractual obligations.

4.2.4. Data privacy, confidentiality, and security risks.

4.2.5. Alignment with institutional policies and strategic objectives.

4.2.6. Alignment with data definitions.

4.3. Approved data sharing activities must comply with all conditions imposed by IR&E, including limitations on scope, duration, use, storage, and re-disclosure of data.

4.4. EXEMPTIONS: This administrative policy does not affect:

4.4.1. Course and program evaluations.

4.4.2. Classroom assignments.

4.4.3. Research surveys approved by the Institutional Review Board.

4.4.4. Sponsored research data controlled by grant, contract, or data use agreements.

4.4.5. Public record requests handled under WV Freedom of Information Act.

4.4.6. Other instances as approved by the Executive Director of IR&E.

SECTION 5. COMPLIANCE

5.1. COMPLIANCE: This administrative policy is designed to ensure accuracy of all forms of data sharing or disclosure to external entities regardless of format, medium, or method of transmission.

5.2. NONCOMPLIANCE: Failure to comply with this administrative policy may result in corrective actions, including remediation, restricting or revoking access, training, or disciplinary measures.

SECTION 6. REVISION HISTORY

6.1. FREQUENCY OF REVIEW: This administrative policy shall be reviewed at least every three (3) years, or more frequently as needed to reflect changes in legal requirements, institutional practices, or data governance standards.

6.2. APPROVED: June 26, 2026.