HiPerGator is a shared system, with many users working on open and sensitive data, as classified by UF Guidelines:
Policy
When a project is identified that benefits from the storage and processing capabilities of HiPerGator and that project involves student records, the procedure described below shall be followed.
NOTE: Currently faculty and TAs who work with students and student records on a daily basis all receive FERPA training and are aware of the limitations imposed by the law and where to get advice when issues arise that are not clear to them. This policy does not cover the use of desktop or laptop computers to work on grades of students or similar tasks.
The scope of this policy is when faculty, staff, and researchers use sophisticated tools for larger data sets such as machine learning to learn how to improve learning and teaching outcomes. For example:
- Helping identify students who could benefit from extra help and what the form of that assistance may be.
- Helping instructors for possible auto-grading, or teaching evaluation, etc.
NOTE: Collected documents such as writings of students (essays or homework) that are submitted by students as part of their educational activities count as student record, see https://studentprivacy.ed.gov/ferpa#0.1_se34.1.99_13.
Procedure
When an activity that falls in the scope of this policy, the researcher shall work with various support staff to accomplish the following tasks:
Project registration
A project is registered by entering a Request in UF’s Integrated Risk Management (IRM) system at https://riskmanagement.ufl.edu/apps/ArcherApp/Home.aspx This will record details like the data owner (usually the principal investigator) and the type and size of data involved. The risk assessment by UFIT Information Security Office (ISO) is simplified because of the security controls in place on HiPerGator, but it provides a record about the project and who will be involved in it.
UFIT Research Computing staff will record the project by its IRM identifier with the researcher’s HiPerGator account. A project specific HiPerGator group will be created to provide access to the data by the role of the project participants, which is encoded as membership of that group.
A data management plan submitted as part of the risk assessment will briefly describe the workflow and disposition of the project data. What participating members are expected and allowed to do with the data will be defined by their role.
Participant agreement and registration
The members of the project group will sign an agreement form that specifies:
- They understand their role in the project
- They will take FERPA basics training in myTraining, course nr. UF_PRIV802_OLT
- They will take HiPerGator training on handling restricted data
A scanned or digitally signed agreement for each project participant is stored in the IRM system.
When the procedure is not followed, the project will not be given any resources. If participants fail to follow the steps, the university process for FERPA violations will be followed as described in the FERPA training.
What is needed
To set up a FERPA group on HiPerGator, Research Computing needs the following:
- PI Information
- Project Name (and suggested short version for a group name)
- Risk Assessment Number
- Specific staff to add to the group (must be listed on the IRB, must have submitted the Data Management Plan)
- Amount of Orange/Blue storage to allocate from new or existing purchase
Special Precautions
If there are special precautions that apply to the project and are called out in the risk assessment, then such actions or requirements will be added to the agreement.