NPSO Webinar: Data Privacy, Transparency, & Data Sharing. Baron Rodriguez, Director Privacy Technical Assistance Center

Size: px

Start display at page:

Download "NPSO Webinar: Data Privacy, Transparency, & Data Sharing. Baron Rodriguez, Director Privacy Technical Assistance Center"

Nelson Melton
8 years ago
Views:

1 NPSO Webinar: Data Privacy, Transparency, & Data Sharing 2014 Baron Rodriguez, Director Privacy Technical Assistance Center 1

2 Agenda Discuss the current landscape: The Good, The Bad, The Ugly Discuss consideragons regarding data: transparency, accountability, & security. What FERPA says about disclosure (a.k.a. data sharing) 2

3 The Good U Penn Philadelphia 3

4 The Bad: Data overload 4

5 The Bad: Data overload 5

6 The Bad: Data Overload 6

7 Current State 7

8 A look at incomplete data 8

9 A look at incomplete data 9

10 A look at complete/linked data 10

11 The Bad: Data Versus Informa>on 11

12 The Bad: Privacy misunderstood Did you know that most people will give away personal informagon for on average $.99? Did you know that in states around the country there are nearly 40 privacy bills focused on the protecgon of student informagon? 12

13 The Bad: Privacy misunderstood 13

14 Transparency In the absence of informagon, people tend to assume the worst Be open about what you re doing Highlight your successes 14

15 The Ugly: Bad Communica>on 15

16 The Ugly: Bad Communica>on 16

17 The Ugly: In the news: 17

18 The Ugly: Data Breaches 18

19 LEAs: Balancing Data Use and Privacy Protection School districts maintain and use personal student information Legally and ethically responsible for safeguarding collected information Unauthorized or accidental disclosure Strive to balance benefits of using student data vs. protecting student privacy Educational purposes Serving students needs Protecting records through efficient data governance

20 Privacy Concerns Education records generally contain PII Children and young adults particularly vulnerable Identity theft and fraud Security of medical and financial data Accidental misuse of information Privacy concerns increase as more data are stored and accessed electronically Identity authentication Secure data transfer Data breaches

21 Privacy Protection Laws and Regulations Local policies, state, and federal laws governing Access rights of parents and eligible students Authorized disclosure of restricted information to external entities for specific and pre-approved purposes Requirements and conditions for data disclosure Parental notification, informed consent, and recordation of data releases Data sharing agreements

22 Access to Student Records: Nondirectory Information Non-directory information Can be released with written consent The consent should specify the information that may be released, the purpose of the release, and the recipient

23 Disclosure of Student Records Without Consent FERPA and other federal statues, such as PPRA, restrict the release or collection of different types of sensitive information without prior consent Under FERPA, parents and eligible students have the right to consent to disclosures of PII Rights must be described in the Annual FERPA Notice 23

24 Disclosure of PII from Education Records under FERPA FERPA permits non-consensual disclosure of PII from education records under several exceptions Staff or employees who need access to perform duties School official exception Legitimate educational interest External entities Studies exception Audit or evaluation exception Uninterrupted Scholars Act Other (e.g., court order, health or safety emergency) 24

25 What is the most common exception used for disclosure without consent? Answer: Generally, the Audit and Evaluation exception. Example: An LEA could designate a university as an authorized representative in order to disclose, without consent, PII from education records on its former students to the university. The university then may disclose, without consent, transcript data on these former students to the LEA to permit the LEA to evaluate how effectively the LEA prepared its students for success in postsecondary education 25

26 Studies Exception For or on behalf of schools, school districts, or postsecondary institutions Studies must be for the purpose of Developing, validating, or administering predictive tests; or Administering student aid programs; or Improving instruction Written Agreements 26

27 Written Agreements: Studies Exception Written agreements must Specify the purpose, scope, and duration of the study and the information to be disclosed, and Require the organization to use PII only to meet the purpose(s) of the study limit access to PII to those with legitimate interests destroy PII upon completion of the study and specify the time period in which the information must be destroyed 27

28 What can we do to move data forward in this environment? Let parents know what information you re collecting, and why you re collecting it Keep (and publish) a data inventory Inform parents about your data governance and information security practices Be open about who you share data with, and why. (Post your data sharing contracts and MOUs) Value! Value! Value! (Explain what s in it for the parents/children) 28

29 ParGng Thoughts

30 FPCO Contact InformaGon Family Policy Compliance Office Telephone: (202) Privacy Technical Assistance Center Telephone: (855) FAX: (202) FAX: (855) Website: Website: 30

PTAC Toolkit for LEAs: Staff Policies and Teacher Access March 24, 2014

PTAC Toolkit for LEAs: Staff Policies and Teacher Access March 24, 2014 Baron Rodriguez, PTAC Director Mike Tassey, PTAC Security Consultant Today s Presentation Toolkit for the school districts overview