Duke maintains data which are essential to performing university business. These data are to be viewed as valued resources over which the university has both rights and obligations to manage, secure, protect, and control. Protected data must be managed, used and protected in accordance with federal and state laws and with Duke policies so as to ensure its integrity, availability, privacy, and confidentiality.
Each employee, agent, or affiliate of Duke who handles protected data for the purpose of performing his or her job duties (or other functions directly related to his or her contractual affiliation with Duke), is a steward of protected data and is responsible for the proper handling of university-owned data resources under his or her control. Some examples of types of protected data are payroll, personnel, faculty, student, alumni, development, financial, facilities-related, and sponsored research data. Some data are unique and may have additional protocols for their management and use, including sponsored research, survey, marketing, and outsourced data.
HR Data Request Form
Use the HR Data Request Form to request distribution of HR and Payroll data or creation of special reports. All requests must have the approval of the requesting department's appropriate Vice President, C.O.O., Dean, or appropriate senior management or senior administrator.
Data Classifications
Duke's HR Office has defined three levels of data classification - Sensitive, Restricted, and Public.
Sensitive data: Explicit approval is needed in order to receive access to sensitive data elements. Sensitive data elements include those which Duke is either required by law to protect, or which Duke protects to mitigate institutional risk.
Restricted data: Duke employees and non-employees who have a business need for restricted data elements will be granted access to them. Restricted data elements are those which Duke has a contractual or proprietary obligation to protect, and those where disclosure would not significantly harm the university.
Public data: All other data elements, which can be accessible to the general public.
Specific Data Elements
The HR Office has also determined which data elements are classified as Restricted and Sensitive, at an institutional level:
Sensitive | Restricted |
---|---|
Social Security Number | Number of dependents |
Date of birth | Race |
Home address | Gender |
Home telephone number | Salary/pay data |
Places lived/Prior addresses | Performance evaluation |
Arrest record | Performance improvement plan |
Convictions | Performance ratings |
Marital status | Harassment or discrimination claims |
Employee and Occupational Health (EOHW) files | Reason for separation/termination |
Personally-identifiable health information | Health plan details |
Worker’s compensation claim | Benefit plan enrollment |
Worker’s compensation diagnosis | Beneficiary name |
Worker’s compensation treatment | Beneficiary relationship |
Driver’s license number | FICA status |
Personal Assistance Services (PAS) use | Paycheck liens |
Direct deposit information | |
Disciplinary actions | |
Reference check data | |
FMLA or other LOA effective date | |
RIF information (including severance) | |
Rehire status | |
Rehire status | |
Pay adjustments | |
Number of exemptions | |
Additional exemption amounts |
Procedures
- All requests for distribution of HR and Payroll data or creation of special reports must be sent to the Human Resources Information Systems department of Human Resources. All requests must have the approval of the requesting department's appropriate Vice President, C.O.O., Dean, or appropriate senior management or senior administrator, and provide the following:
- The use/purpose of the data requested
- A submission of any messages/materials to be distributed based on the data (these materials will be reviewed by the Vice President of HR, the Vice President of Financial Services, and/or their designees)
- A description as to how long the data will be used and how, where and by whom it will be maintained.
- Requests should be completed at the online HR Data Request Form. Once a requestor completes an online form, the request is automatically sent to the requesting department's appropriate Vice President, C.O.O., Dean, or appropriate senior management or senior administrator - requestors will be asked to provide the email address. The appropriate department VP, C.O.O., Dean, or appropriate senior management or senior administrator will then be asked to review the request and, if it is approved, forward it on to HR.
- HR will respond within 5 business days to data/label requests. Requests for special reports will be given an estimated time for completion once the report requirements have been reviewed by HR and other departments as needed (Payroll, OIT and Administrative Systems Management). Some requests will require special programming that will need to be prioritized with their other commitments.
- The data reflects HR and Payroll information at a point in time and can only be considered accurate at that point in time.
All requestors must ensure the following:
- The information requested in this form consists of confidential HR and Payroll data. It is the responsibility of the recipient of this information to ensure that the data only be used for the purpose approved, that it be stored securely, and that unauthorized access to the data is prevented.
- This information may not be disclosed, made available or otherwise used for any purpose other than specified. The requestor is also prohibited from selling or distributing the data received.
- Data received by electronic file, hardcopy data, and copies made from hardcopy data must be destroyed within 5 business days following the completion of use. Requestors must email the HR Helpdesk (HR-Helpdesk@duke.edu) when the file has been deleted.
Violations of the terms of the agreement will constitute misuse of confidential personnel information and applicable Duke policies will be followed.
Note: The below agreement will be forwarded to the requestor of the data along with the data file.
Duke Personnel Data Service Agreement
You are receiving confidential data on Duke employees in electronic format. Please understand that this data is complete and/or correct as of date required - HR and Payroll information changes constantly. You may use this data only for the purpose for which you requested. If you need similar or the same information in the future please submit another request. To avoid accidental, inappropriate, or unauthorized use of this data in the future, please delete all copies of these files, including backups - electronic and hardcopy - within five business days after use. Please email the HR Helpdesk at HR-Helpdesk@duke.edu once the files have been deleted.
Thank you for helping us maintain the integrity of use of our employee data.