Study Session State Board of Education

Education data collection, security and use: Why and how student data is different in the age of the cloud.

February 12, 2014

“Privacy and Cloud Computing in Public Schools”

“As public schools in the United States rapidly adopt cloud-computing services to fulfill their educational objectives, and transfer increasing quantities of student information to third-party providers, privacy issues become more salient and contentious. “

Center for Law and Information Policy (CLIP) Fordham University December, 2013

Context for the presentation Current CDE practices and procedures Current Colorado law CDE policies Policy ideas from other states Next steps Discussion

Overview

3

Monitor student progress and diagnose needs Inform/improve instruction School safety Educator effectiveness Program evaluation District and school accountability

Why do we collect student and educator data?

4

WHAT student information is collected by the state? WHY is it collected? HOW is it used and safeguarded? WHERE is it kept and for how long? WHO has access?

Current State: State-Level Student Data Collection

and Protection

5

Applies to CDE, schools, and local educational agencies that receive grant funds from the U.S. Dept. of Education Provides parents rights to inspect and challenge the contents

of their children’s education records Prohibits schools and local educational agencies from

disclosing students’ education records without written parental consent Prohibits disclosure of personally identifiable information in

students’ education records unless an exception permits disclosure Sharing aggregate student data that cannot be traced to

individual students is permissible

Family Educational Rights and Privacy Act (FERPA): Summary

6

Conditions where prior consent is not required to disclose personally identifiable information – when the disclosure is: To other school officials Under certain circumstances, an educational institution may disclose to

a contractor or consultant To officials of another school, school system, or institution of

postsecondary education where the student seeks to enroll To state and local educational authorities, under some circumstances To organizations conducting studies on behalf of educational agencies or

institutions In connection with a health or safety emergency Under other very specific circumstances where disclosure may be

required

FERPA: Summary

7

Office of Information Technology: Information Security Plans, § 24-37.5-

404, C.R.S. Each public agency shall develop an

information security plan The information security plan shall include: Assessments of risk A process for providing adequate information security Security awareness training Periodic evaluation of the effectiveness of information

security A process for detecting, reporting, and responding to

security incidents

Each school year the department shall calculate adequate longitudinal academic growth for each student for that school year in each subject that is included in the statewide assessments. § 22-11-203, C.R.S. The department must ensure that the state data reporting system is

capable of protecting the privacy of students. § 22-11-501, C.R.S. The state board may promulgate additional rules as it finds

necessary, including rules establishing a numbering system to uniquely identify individual students. § 22-11-104, C.R.S. Data Pipeline, which moves required education information from

school districts to the CDE, assigns each student a unique student ID that stays with the student throughout her public school career.

Student Longitudinal Data

9

Exchange of Student Records, § 23-1-119.3, C.R.S.

The department of higher education and the department of education shall: Establish a procedure that allows for the direct, electronic exchange of

student unit record data for students enrolled in Colorado public high schools. Identify the student data relevant to high school students’ transitions to

the postsecondary system that will be shared. Collect student authorization for the transfer of data.

Data may be used to provide students with relevant information concerning the transition from high school to higher education public institutions. Data may be used in the admission of eligible students to higher education

public institutions.

School District Protection of Student Data, § 22-1-123, C.R.S.

A school district shall not release the education records of a student to any person, agency, or organization without the prior written consent of the parent or legal guardian of the student, except as provided for by FERPA.

A school district shall not release directory information to any

person, agency, or organization without complying with the FERPA requirement of allowing parents to prohibit release without prior consent.

School District Protection of Student Data, § 22-1-123, C.R.S.

Prior written consent from a student’s parent or legal guardian must be obtained before giving a student any survey intended to gather information concerning the student or the student’s parent's or legal guardian's: Political affiliations Illegal, anti-social, self-incriminating, or demeaning behavior Income, except as required by law Social security number Other specific information

The state does not collect this information. The state only collects aggregate data.

School District Protection of Student Data, § 22-1-123, C.R.S.

District forms for obtaining parent consent to release personally identifiable information concerning the parent’s or legal guardian’s child’s education records must specify: Specific records to be released Specific reasons for such release Identity of the person or entity requesting the information Intended use of the information Method by which the records will be released The right to review and receive a copy of the records to be released

When an entity owns computerized data that includes personal information becomes aware of a security system breach, they must conduct a prompt good faith investigation to determine the likelihood that personal information has been or will be misused. Once the breach is discovered, notice must be provided

without unreasonable delay unless a law enforcement agency determines it will impede a criminal investigation.

Notification of Security Breach, § 6-1-716, C.R.S.

14

Intended to improve the collection of data by streamlining the submission and reporting of data from school districts to the CDE to the federal government Creation of data dictionary, which defines the data elements

the department collects and the methods by which the department collects the data through the single statewide data collection system Legislative mandate that the state board must review the rules

for implementing FERPA and adopt an interpretation of FERPA that will facilitate the exchange and sharing of student information to the greatest extent possible in compliance with FERPA

Data Reporting and Technology Act, §§ 22-2-301 - 308, C.R.S.

15

Maintaining and Training on Policies Continual monitoring New employees and targeted data users Internal Use of Data Limited access Data Management Committee Breaches in Security Concerns immediately reported Consequences

Overview of CDE Student Information Security and Privacy Policy (1/3)

16

Disclosure of Educator Data Reasons for collection Protections in place

Disclosure of De-Identified Student Data Institutional Review Board

Disclosure of Personally Identifiable Student Data Use by school officials for legitimate educational purpose Student transfer and enrollment Educational studies Audits or compliance activities

Overview of CDE Student Information Security and Privacy Policy (2/3)

17

Data Sharing Agreements FERPA requirements Additional CDE policies Monitoring and Enforcement of Agreements Third-party data security and data stewardship plans Audits Reviews prior to publication Consequences for failure to comply

Overview of CDE Student Information Security and Privacy Policy (3/3)

18

Creation of Data Index Maintaining, Training and Enforcement of Policies Disclosure of Student Data Data Sharing Agreements Parent Notification and Access to Student Records

Overview of District Guidance on Information Security and Privacy Policies

19

Transparency Oklahoma; Maryland Restrictions on Data Collections Nebraska Protection of Data Oklahoma; Massachusetts Parent Role

New York; Arizona

Activity in Other States

20

WHAT student information is collected by the state (districts)? Feasible and secure ways for parents to review and edit their students’

data WHY is it collected? Impact of parental opt-out on data collection and utility for informing

instruction and “program” evaluation HOW is it used and safeguarded? Agreements with data users and vendor contracts

WHERE is it kept and for how long? Observation-based assessments that involve video recordings of student

behavior WHO has access? Agreements with data users and vendor contracts

Emerging Issues: State-Level Student Data Collection and Protection

21

Next Steps

Finalize guidance to LEA’s Develop a resource bank of best practices

Educate CDE staff on data security processes and procedures Work with the legislature to: Consolidate current legislative requirements for educator data

collection and security Strengthen existing safeguards for student and educator data

Stay abreast of new developments in regard to data security