The CSU System has authority over the use of its data, as well as its institutions’ data and is the legal custodian of this data. All data at CSUS are considered valuable, institutional assets, and its use must align with the system’s strategic goals.

The CSU System will develop, document, periodically update, and implement policies, standards, procedures, guidelines, and training necessary to support an effective Data Governance Program. The program will guide the strategic use, management, and reporting of CSU System or institutional data.

Provisions

The Data Governance Policy applies to all users of institutional data and IT resources. Data use must align with the CSUS mission and comply with national, state, and institutional laws, policies, and contracts.

Exceptions to the policy require approval from the Data Governance Steering Committee and the System CIO. Research Data is exempt from this policy due to its unique regulatory requirements.

Resources

• Administrative Data Governance Policy (PDF), effective May 12, 2025
• Interim Guidelines for AI in University Operations (PDF)

Additional Existing Policies and Regulations

• CSU Acceptable Use for Computing and Networking Resources Policy
• CSU Accessibility of Electronic Information and Technologies Policy
• CSU Central Administrative Data Governance Policy
• CSU Information Collection and Personal Records Privacy Policy
• CSU Information Technology Security Policy
• CSU Network Identity Policy
• Colorado State University Records Retention Schedule
• Colorado State University Research Data Policy
• Colorado Open Records Act (CORA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Americans with Disabilities Act (ADA)
• Family Educational Rights and Privacy Act (FERPA)
• The Electronic Communications Privacy Act of 1986 (ECPA)
• Federal Trade Commission (FTC) Red Flags Rule
• Gramm-Leach Bliley Act (GLBA)
• State of Colorado SB 24-205