Protecting & Sharing Data at BU

Who it’s for
Responsibilities
Internal sharing
Third-party sharing
Confidence check
Get help
Resources

BU’s data represents people, research, and our shared mission. Everyone who works with University information, whether you analyze it, share it, or simply view it, helps uphold the trust that keeps BU strong. This page shows how to protect data, share it responsibly, and collaborate confidently within BU’s Data Enablement and Information Security framework.

Start with your responsibilities
Jump to resources

Quick guidance

Know your data type and channel before you share.

Classify: Restricted, Confidential, Internal, or Public.
Minimize: Share the least data needed; mask small counts.
Authorize: Contact your Data Trustee for higher-risk or broader sharing. Make sure a Data Use Agreement is in place.
Secure: Use BU-approved platforms such as SharePoint, Teams, and encrypted email.

Questions? datagov@bu.edu

Who this is for

This guidance is for all BU faculty, staff, administrators, student employees, and affiliates who handle University data—even if you do not hold a formal data governance role. If you work with data in any way, you are part of BU’s data ecosystem. Your choices protect privacy, ensure compliance, and enable data-driven progress across the University.

Your responsibilities

1) Protect data thoughtfully

Know the classification: Restricted Use, Confidential, Internal, or Public. Learn more by reviewing the Data Sharing Guide.
Store and handle data only in approved systems for that classification.
Limit access to those with a legitimate business need.
Apply masking and minimum-cell-size rules when sharing.

2) Share responsibly & transparently

Share only via approved Sharing Mechanisms such as SharePoint, Teams, and encrypted email.
Confirm recipients, purpose, and authorization before sending.
Remove hidden tabs, notes, or IDs not intended for others.
Label files with classification and intended use.

3) Engage Data Governance & InfoSec

For sensitive or novel uses, you may need submit a Data Use Agreement (DUA). contact your Data Trustee if you are unsure if your use case requires a DUA.
Align with the Data Sharing Guide and Data Access Management Policy (1.2.B).
Loop in Information Security for external or novel sharing and vendor use.
Questions? datagov@bu.edu

Collaboration

Sharing data within BU

You’re on the right track when

The purpose is academic, administrative or operational.
Classification and access permissions are verified.
Aggregates respect masking and minimum-cell-size.

Take an extra moment when

Data includes identifiers or could re-identify individuals when combined.
You are merging data from multiple systems.
The audience is broad, such as leadership or multi-unit distribution.

Sharing data with third parties

New step — Contact your Data Trustee

If you plan to share beyond your usual audience, combine datasets in ways that increase risk, or send data outside BU, contact your Data Trustee early to confirm approvals, conditions of use, and the appropriate channel.

Identify the classification and the purpose.
Confirm whether Trustee approval is required.
Ensure the correct agreement is in place. For broader sharing, sensitive data, research, or higher-risk use cases, review the Data Use Agreement guidance page.
Use an approved secure transfer, such as encrypted sharing or a secure portal.
Document what was shared, with whom, when, and why.

Unsure? Pause and email datagov@bu.edu.

Ready to share?

Classify

What kind of data is this?
Which classification applies: Restricted, Confidential, Internal, or Public?

Minimize

Share only what is necessary for the purpose.
Remove identifiers and mask small counts.

Authorize & secure

Do I have the required approvals, including Trustee approval if needed?
Am I using a BU-approved secure method?

Yes to all three? Share with confidence.

Rapid Response

If something goes wrong

Stop sharing or retract access if possible.
Notify datagov@bu.edu and Information Security immediately.
Share what happened, when, to whom, and the channel used confidentially.

Early reporting helps us respond quickly.

Get support

Data Enablement

Policy and sharing guidance, roles and approvals, and usage questions.

Email Data Enablement

Information Security

Access control reviews, secure transfer methods, and technical safeguards.

Data Access Management Policy (1.2.B)

Key Resources

Policies & guides

Data Sharing Guide — How to share data securely within and beyond BU.
Data Policies — Classification, protection standards, and usage policies.
Data Enablement Roles & Responsibilities — Who does what across BU.
Find Your Data Trustee — Contact the right Trustee for approvals and questions.
Data Usage Resources — Definitions, tools, and everyday best practices.
Information Security: Data Access Management Policy (1.2.B) — Requirements for granting, reviewing, and removing access to University data.