Table of contents
Expectations for access to university data by university employees for the fulfillment of job responsibilities was approved by DPAC on July 7, 2017.
Appropriate Data Stewards may grant individual University of Maryland faculty and staff access to university unit record data (URD) if such access is necessary for said individual(s) to fulfill a job responsibility as directed by his/her supervisor. Employees who are granted access to URD must acknowledge receipt and understanding of and agree to abide by the following guidelines.
Definitions
- Data Stewards - Designated senior university officials who have overall responsibility for subsets of institutional data that are managed by their reporting units.
- Family Educational Rights and Privacy Act (FERPA) - A federal law that protects a student's privacy interest in his or her education records.
- Unit Record Data (URD) - Data that are not aggregated, are identifiable, and/or could be used in combination to identify a person or an item (e.g., department, course roster, financial code) maintained by the university in the course of business. These data could be confidential, and/or could include:
Personal Identifiable Information (PII) – identifiable information that is maintained in education records and includes direct identifiers, such as a student's name or identification number, indirect identifiers, such as a student's date of birth, or other information which can be used to distinguish or trace an individual's identity either directly or indirectly through linkages with other information. - Directory Information - Certain information has been designated "Directory Information" and will be disclosed without prior consent unless a student files written notice. Directory information includes, but is not limited to: name, address, telephone/email, date of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, most recent previous educational institution attended.
Training
I agree to participate in any training that is required as a precondition to accessing Unit Record Data, and any additional training or retraining that may be required by the relevant Data Steward(s), university policy, or applicable law.
Limitations on use of URD
I agree:
- To access URD for the sole purpose of fulfilling activities related to my job responsibilities;
- Not to access URD to conduct other than routine analyses without explicit written authorization from my supervisor and the relevant Data Steward(s);
- To refrain from identifying individuals from de-identified URD;
- Not to use my access to URD through my job responsibilities for academic research or scholarly publications. If I wish to use URD for such purposes, I must first comply with the Institutional Review Board and request permission from the appropriate Data Steward(s).
Security of URD
To protect against unauthorized use and access of URD, I agree:
- To use URD in accordance with the University of Maryland Guidelines for the Acceptable Use of Computing Resources and existing university policies.
- To comply with restrictions on use of FERPA Education Records as implemented by University policy.
- Not to extend access to URD to any third party, with the exception of directory information (see the next item).
- That if, in the course of my job responsibilities, I share Directory Information with other University of Maryland employees, I will do so only with those who have gone through FERPA training.
- To store electronic copies of URD in a format and manner consistent with security expectations adopted by the Division of Information Technology, found in the Interim Standard Protecting Sensitive Information.
- To the extent I make or store copies of URD in connection with a particular activity, to delete all such copies upon completion of the activity or the expiration or termination of my access to URD.
Publications and reports based on URD
I agree I will not share any findings outside the University of Maryland without prior approval of the Senior Vice President and Provost or designee.
Unauthorized access or use
I understand that I may be subject to any, but not limited to, the following based on any breach of these expectations, in accordance with university procedure: Warning and remediation; loss of access to data for set amount of time or permanently; letter of reprimand, with consequences to performance review and/or access to merit pay; demotion of title and duty with associated cut in salary; separation from the university; and, criminal penalty. I agree that if I become aware of any breach of these expectations by another university employee, that I will notify my supervisor.
Referenced web links (embedded above)
- Existing University Policies: https://it.umd.edu/governance/IT-Policies
- Data Stewards: https://itsupport.umd.edu/itsupport?id=kb_article_view&sysparm_article=KB0012364
- FERPA Law: https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
- IRB: https://www.umresearch.umd.edu/RCO/New/index.html
- IT Policies: https://it.umd.edu/governance/IT-Policies
- Acceptable Use of Computer Resources: https://www.president.umd.edu/administration/policies/section-x-miscellaneous-policies/x-100a
- FERPA at UMD: http://www.registrar.umd.edu/current/Policies/FERPA.html
- Interim Standard Protecting Sensitive Information: https://itsupport.umd.edu/itsupport?id=kb_article_view&sysparm_article=KB0012916