6. Implementation Difficulties
◦ Overcoming obstacles – How many
hoops should you jump through?
◦ Differing obligations for third parties
contracting with different school
districts
◦ Researcher restrictions
www.nasbe.org
7. Preempt the Fear
◦ Be transparent
Bring together all
stakeholders before
making policy
Work with national
organizations and
other states
www.nasbe.org
8. 1. Statement of the policy/law's
purposes
2. Select the person(s) in charge
3. Transparency plan
4. Limiting Vendor Use of Data
5. Statewide data security plan
6. Ongoing Staff Training
www.nasbe.org
9. Make people aware
that they exist
Create new model
policies
Make it easy to sell
www.nasbe.org
Audience Check –
Who is part of an SEA?
Who is dealing with data privacy concerns in their state right now? What is your biggest concern?
Who feels they know a lot about this issue?
Who has been paying attention to this issue on the national level (what is happening in other states/federally)?
Main Roles Assigned To State-Level Officials
32 bills (7 signed into law) gave state boards of education privacy-related responsibilities
Most other bills assigned a role to the state legislature or state education agency
28 bills charged districts with responsibilities in safeguarding data and ensuring data quality
Psychometric
Biometric
10 states (Arizona, Colorado, Connecticut, Kansas, Kentucky, Mississippi, Missouri, Montana, New York, and West Virginia) have introduced bills addressing both data and Common Core and/or the PARCC or Smarter Balanced assessments. These bill either conflate the Common Core-aligned assessments and data collection or include other data privacy provisions within a bill to prohibit the use of the standards or assessments.
5 states (Arizona, Colorado, Mississippi, Missouri, and West Virginia) have introduced bills that would defund or severely limit funding to the SLDS.
The number of states that have introduced bills that would explicitly allow for parental opt-out or opt-in is growing (now at 15 states):
Arizona would allow opt-out from state assessments; Colorado from statewide and local assessments; Kansas for an education institution to disclose any PII; Mississippi from the SLDS; Montana for any data collection not related to a core academic subject; New Jersey from disclosing a student record to the any federal agency or nongovernmental entity; North Dakota from statewide, interim, summative, or career interest assessments; Oklahoma for any disclosure not required by law or the use of any website collecting PII; Oregon from statewide summative assessments; Rhode Island from “take-home technology” programs; Tennessee and South Dakota from the use of digital platforms unless the state certifies the platform is essential to the school mission; Utah from summative, interim, or formative tests that are not locally developed; West Virginia from statewide assessments; Wyoming for any disclosure not required by ESEA).
Resource Reminder: DQC has an issue brief and recommendations on opt-out based on a paper produced by the Future of Privacy Forum.
Although, as I noted above, Louisiana has not yet started its 2015 session, the sponsor of one of Louisiana’s laws from 2014 has prefiled a bill (HB 718) to amend that law. As you likely recall, last year the Louisiana legislature passed the most problematic student data privacy law in the country (it prohibits districts from sharing PII with any entity, including the state, without parental consent). We had heard that the sponsor was interested in reopening the law this year to try to make some fixes, which is great, but the amended bill as it stands is still deeply problematic. The bill would expand the parties districts can contract with for data services, but would also leave the majority of the law’s provisions in place and would prohibit any contractor from using student data for predictive modeling.
Psychometric
Biometric
10 states (Arizona, Colorado, Connecticut, Kansas, Kentucky, Mississippi, Missouri, Montana, New York, and West Virginia) have introduced bills addressing both data and Common Core and/or the PARCC or Smarter Balanced assessments. These bill either conflate the Common Core-aligned assessments and data collection or include other data privacy provisions within a bill to prohibit the use of the standards or assessments.
5 states (Arizona, Colorado, Mississippi, Missouri, and West Virginia) have introduced bills that would defund or severely limit funding to the SLDS.
The number of states that have introduced bills that would explicitly allow for parental opt-out or opt-in is growing (now at 15 states):
Arizona would allow opt-out from state assessments; Colorado from statewide and local assessments; Kansas for an education institution to disclose any PII; Mississippi from the SLDS; Montana for any data collection not related to a core academic subject; New Jersey from disclosing a student record to the any federal agency or nongovernmental entity; North Dakota from statewide, interim, summative, or career interest assessments; Oklahoma for any disclosure not required by law or the use of any website collecting PII; Oregon from statewide summative assessments; Rhode Island from “take-home technology” programs; Tennessee and South Dakota from the use of digital platforms unless the state certifies the platform is essential to the school mission; Utah from summative, interim, or formative tests that are not locally developed; West Virginia from statewide assessments; Wyoming for any disclosure not required by ESEA).
Resource Reminder: DQC has an issue brief and recommendations on opt-out based on a paper produced by the Future of Privacy Forum.
Although, as I noted above, Louisiana has not yet started its 2015 session, the sponsor of one of Louisiana’s laws from 2014 has prefiled a bill (HB 718) to amend that law. As you likely recall, last year the Louisiana legislature passed the most problematic student data privacy law in the country (it prohibits districts from sharing PII with any entity, including the state, without parental consent). We had heard that the sponsor was interested in reopening the law this year to try to make some fixes, which is great, but the amended bill as it stands is still deeply problematic. The bill would expand the parties districts can contract with for data services, but would also leave the majority of the law’s provisions in place and would prohibit any contractor from using student data for predictive modeling.
Psychometric
Biometric
10 states (Arizona, Colorado, Connecticut, Kansas, Kentucky, Mississippi, Missouri, Montana, New York, and West Virginia) have introduced bills addressing both data and Common Core and/or the PARCC or Smarter Balanced assessments. These bill either conflate the Common Core-aligned assessments and data collection or include other data privacy provisions within a bill to prohibit the use of the standards or assessments.
5 states (Arizona, Colorado, Mississippi, Missouri, and West Virginia) have introduced bills that would defund or severely limit funding to the SLDS.
The number of states that have introduced bills that would explicitly allow for parental opt-out or opt-in is growing (now at 15 states):
Arizona would allow opt-out from state assessments; Colorado from statewide and local assessments; Kansas for an education institution to disclose any PII; Mississippi from the SLDS; Montana for any data collection not related to a core academic subject; New Jersey from disclosing a student record to the any federal agency or nongovernmental entity; North Dakota from statewide, interim, summative, or career interest assessments; Oklahoma for any disclosure not required by law or the use of any website collecting PII; Oregon from statewide summative assessments; Rhode Island from “take-home technology” programs; Tennessee and South Dakota from the use of digital platforms unless the state certifies the platform is essential to the school mission; Utah from summative, interim, or formative tests that are not locally developed; West Virginia from statewide assessments; Wyoming for any disclosure not required by ESEA).
Resource Reminder: DQC has an issue brief and recommendations on opt-out based on a paper produced by the Future of Privacy Forum.
Although, as I noted above, Louisiana has not yet started its 2015 session, the sponsor of one of Louisiana’s laws from 2014 has prefiled a bill (HB 718) to amend that law. As you likely recall, last year the Louisiana legislature passed the most problematic student data privacy law in the country (it prohibits districts from sharing PII with any entity, including the state, without parental consent). We had heard that the sponsor was interested in reopening the law this year to try to make some fixes, which is great, but the amended bill as it stands is still deeply problematic. The bill would expand the parties districts can contract with for data services, but would also leave the majority of the law’s provisions in place and would prohibit any contractor from using student data for predictive modeling.
Statement of the policy/law's purposes
A statement of the purposes of a privacy policy that acknowledges both the educational value of data and the importance of privacy and security safeguards
Select the person(s) in charge
A Chief Privacy Officer and an advisory board
Statewide data security plan
Where you put the answers to your fundamental questions
Statewide policies governing personally identifiable information
Address administrative, physical, and technical safeguards
Data Accuracy
Do Not Use SSNs
Keep Identifiable Data at the Local Level
Making Rules Enforceable
Contracting Restrictions
Digital Literacy Instruction
Provide More Parental Rights
A plan for ensuring the state has sufficient staff and technical capacity to store, manage, and protect the data
A plan for ensuring educators/administrators have the knowledge and skills to use education data effectively and securely
Transparency plan (and enhancing public knowledge)
Strategies for transparency about data use, storage, retention, destruction, and protection
Establishment of public data inventory and description of data elements
An Explanation of How the State Privacy Policy or Law Follows FERPA
Digital Literacy Instruction
Websites, handouts, etc