Data Governance Privacy & Security

“Just because you can access the data doesn’t mean you should—ethics begin where the rules end.” IAPP 

Foster responsible, fair, and transparent use of data in all tasks

• Use data only for its intended and authorized purpose.

• Avoid manipulating, misrepresenting, or selectively presenting data to fit a narrative.

• Respect privacy—do not access or share data out of curiosity or without a clear business need.

• Disclose limitations and context when presenting data to avoid misleading interpretations.

Data minimization

Data minimization is a fundamental principle of Hamilton College’s data governance program. The institution is committed to:

• Collecting only the data necessary to fulfill specified business purposes
• Limiting data collection to what is relevant and proportionate to the intended use
• Establishing clear retention periods and removing data when no longer needed
• Regularly reviewing existing data collections to identify and eliminate unnecessary data
• Designing systems and processes with data minimization as a core requirement
• Implementing measures to prevent excessive data accumulation over time

All Data Governance Resources

Aggregation of Data to Protect Sensitive Information

• Data elements may require higher classification when combined, even if individually classified as LOW or MODERATE.
• Aggregation can increase sensitivity and identifiability, particularly in small populations.
• Demographic data that is non-sensitive alone (e.g., age, location, status) can require HIGH classification when combined into detailed profiles.
• Research data that is MODERATE in isolation may reveal sensitive human subject patterns when aggregated, requiring HIGH classification.
• Academic performance data (e.g., enrollment, grades, demographics) can become identifiable when combined, necessitating HIGH classification.