Student Data Privacy Manifesto

Background

The use of student data is in the forefront of the national education conversation. Laws such as the Family Educational Rights and Privacy Act (FERPA) establish the minimum standards for student data privacy. This Manifesto seeks to establish a higher bar for the education community to embrace and support.

TerminologyThe first issue is that “student data” is an overly broad term. To better frame the discussion, we adopt the FERPA terminology for:

Personally identifiable information (PII) – information (e.g., name, SSN, date of birth, etc.) that alone or in combination is linked to a specific student that would allow someone to identify the student with reasonable certainly.

Education records - records that are directly related to a student that are maintained by the education agency. Education records, by definition, must contain or be linked to personally identifiable information.

By their nature, there are legitimate privacy concerns over access to student personally identifiable information and student education records.

In addition there are two noteworthy derivations from education records:

Aggregate data – data that is collected at an education organization level that is not at an individual student level (e.g., counts, averages).

De-identified data – student-level data that has had enough personally identifiable information removed or obscured such that the remaining information cannot be reasonably be used to identify an individual student.

The vast majority of data collected by state and federal agencies for accountability is aggregate data. A significant amount of aggregate data is published and publically available. Data that is typically released to researchers is de-identified data. The preparation of both aggregate and de-identified data must be carefully prepared so not to result in inadvertent disclosures. There are a number of publications available that describe best practices in this area.

When properly derived, there should not be privacy concerns about aggregate or de-identified data.

Preamble

We believe in the power of data to positively impact student performance when appropriately managed, delivered, visualized, and applied. We urge schools to provide teachers access to all of their students’ data and be properly trained to apply that data.

We also believe that student data privacy is of critical importance that requires immediate attention and action by the education community at large.

We believe that the national conversation on student data privacy is fueled by the lack of transparency into what data is being collected, who is accessing it, in what form, and for what purpose. We believe that appropriate process and technology can be applied to provide an appropriate level of transparency.

Moreover we believe that there is a pervasive lack of trust in how student data is used by the education community. That distrust is not only from parents and other stakeholders from the outside, but also a distrust of others amongst those in the education community. We believe that this distrust cannot be solved by technology, but must be addressed through process, professional development, and training.

The Manifesto is presented to define a set of future standards, benchmarks, and best practices for the education industry as a whole to embrace, realizing that today, no organization, vendor, or contractor would be in compliance.

This Manifesto acknowledges all applicable laws governing student data privacy and is not meant to contradict, interpret or weaken any of these laws.

Student Data Privacy ManifestoThis Manifesto calls for the education community, including education agencies, organizations, personnel, contractors, and vendors to implement technology, adopt processes, and provide training to:

1. Ensure that all agencies, organizations, contractors, and vendors that have access to student education records provide the same strength of protection, control, and transparency as codified in appropriate policies, contracts, and data sharing agreements.

2. Ensure that all persons that have access to student education records have training and certification (micro credentials) on the proper use and protection of education records.

3. Limit access to individual student education records to the minimal set of personnel essential for legitimate education purposes, for the shortest period of time required for that purpose, and to the smallest set of data required for that purpose.

4. To the maximum extent possible, use properly prepared aggregate data and de-identified data in place of individual student education records.

5. Provide parents transparency into the sources and uses of student data, specifically providing electronic access to:

a. View a catalog of the types of data collected in student education records.b. View a catalog of those organizations and users (by role) that have been granted access

to student education records and the purpose and scope of that access.c. View a catalog of applications and databases that hold or can access student education

records and their purpose.d. View a time-date log of persons (by name, organization, and role) that updated or

accessed their child’s education record along with their relevant micro credentials.

6. Provide parents control of the child’s education record, specifically to providing electronic facilities to:

a. View their child’s education record and request corrections, redactions, or amendments.

b. Authorize electronic transfer of select data records to a third party (e.g., college, tutor, doctor).

c. Authorize (opt-in) any non-educational use of their child’s education record.