1 / 28

STUDENT DATA DISCLOSURE AND CONFIDENTIALITY

STUDENT DATA DISCLOSURE AND CONFIDENTIALITY. FAMIS CONFERENCE Mari M. Presley, Assistant General Counsel Florida Department of Education June 14, 2011. PUBLIC RECORDS. General Rule: Unless specifically exempted by statute, a record held by an agency must be released.

ziva
Télécharger la présentation

STUDENT DATA DISCLOSURE AND CONFIDENTIALITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. STUDENT DATA DISCLOSURE AND CONFIDENTIALITY FAMIS CONFERENCE Mari M. Presley, Assistant General Counsel Florida Department of Education June 14, 2011

  2. PUBLIC RECORDS • General Rule: Unless specifically exempted by statute, a record held by an agency must be released. • An agency is only required to release already existing records; an agency is not required to CREATE a record in order to release it. • If public records are stored on a database, merely EXTRACTING the data is not “creating” a record.

  3. FDOE PROPOSAL • The following would NOT be “creating” a record, and would have to be disclosed upon request, unless exempted by statute: • Reports, lists, charts or data stored in tables and/or files (any combination of elements, sorted in any manner), with no filtered elements. A filter is a subset of a given element. • Reports, lists, charts or data stored in tables and/or files with sums or counts (any combination/sort). • Any previously generated report or dataset, without modification.

  4. FDOE PROPOSAL • The following records do not “exist,” and no disclosure is required: • Requests for data/information not currently collected by the Department (e.g., student’s eye color). • Requests that require staff to make assumptions not specified in the request (e.g., teacher turnover rate). • Requests that require staff to create subjective compilations. • Requests that require staff to calculate changes over time. • Requests that require staff to filter one or more data elements (e.g., % of LEP students who passed FCAT but did not pass CELLA). A filter is a subset of a given element. • Requests that require staff to define calculations not currently used or defined by the Department

  5. FERPA Family Educational Rights and Privacy Act • General Rule, Personally Identifiable Student records are confidential and must not be disclosed without consent • When is student data personally identifiable? • Contains directly identifying or specifically prohibited data; • Contains enough info that a reasonable person in the school community with no knowledge of the circumstances could identify the student with reasonable certainty; or • Targeted request

  6. DIRECTLY IDENTIFIABLE OR PROHIBITED ELEMENTS • Student’s name • Parents’ names • Family Members’ names • Address of Student or Family • Personal identifiers such as SS#, Student #, or biometric record • Date of Birth • Place of Birth • Mother’s Maiden Name

  7. ADDITIONAL MASKING REQUIRED • Even if a record contains no directly identifiable data and no prohibited elements, it may be personally identifiable. • Standard = Whether a reasonable person in the school community without knowledge of the relevant circumstances would be able to identify the individual student with reasonable certainty.

  8. National Center for Education StatisticsSLDS TECHNICAL BRIEF, DECEMBER 2010, BRIEF 3STATISTICAL METHODS FOR PROTECTING PII IN AGGREGATE REPORTING • http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011603 • This brief contains guidance on how to meet reporting requirements of NCLB while maintaining confidentiality under FERPA. • Provides examples of unintentional disclosures with tabular student data and best practices on how to avoid them. • Next slides use examples from this technical brief and explains NCES proposed best practices for REPORTING.

  9. UNINTENDED DISCLOSURESSUPPRESSING SMALL SUBGROUPS BUT NOT CATEGORIES The parents of the one student who scored “proficient” will know that all of the other Hispanic students in the population scored less than proficient. This would be an improper disclosure. Students with IEPs are protected.

  10. UNINTENDED DISCLOSURESUPPRESSING SUBGROUPS + CATEGORIES, BUT LEAVING COUNTS Numbers in red were originally suppressed, but can be recovered. Anyone reviewing the report knows that all students of “low income” scored below proficient. This is an unauthorized disclosure.

  11. National Center for Education StatisticsBEST PRACTICES FOR REPORTINGNO COUNTS PUBLISHED

  12. National Center for Education StatisticsBEST PRACTICES FOR REPORTINGCOUNTS PUBLISHED W/ COMPLEMENTARY SUPPRESSION Not Low Income row is suppressed for small subgroup number. Low Income row is a complementary suppression. Result = Data is protected from unintended disclosure, but leads to loss of information.

  13. National Center for Education StatisticsBEST PRACTICES FOR REPORTINGCOUNTS PUBLISHED W/ ADDITIONAL SUPPRESSION Since all groups at this school had at least 10 students, no items were suppressed.

  14. National Center for Education StatisticsBEST PRACTICES FOR REPORTINGCOUNTS PUBLISHED W/ ADDITIONAL SUPPRESSION

  15. National Center for Education StatisticsBEST PRACTICES FOR REPORTINGCOUNTS PUBLISHED W/ ADDITIONAL SUPPRESSION Since there were only two schools in the district, one can recover the results for the data suppressed on school 1 by comparing school 2 data to the district data, resulting in an unauthorized disclosure. Therefore, if data is suppressed for one school and totals are provided, complementary suppression for at least one additional school, or for the district, must be made.

  16. National Center for Education StatisticsBEST PRACTICES FOR REPORTINGBACKGROUND INFORMATION • In Reports of outcome measures, some schools, districts, or state level reports contain background information about the distribution of students in separate summary tables. (e.g., total number and percentage of students in each subgroup.) • To avoid unintended disclosure through recovery of masked data, use the following: • Use background counts for a day other than the assessment date • Report percentage performance results in whole numbers • Report percentage of students assessed as a whole number

  17. National Center for Education StatisticsBEST PRACTICES FOR REPORTINGRECODING THE ENDS OF THE DISTRIBUTION • Many states recode the top and bottom 5% by indicating >95% or <5% • This may result in unauthorized disclosure if the percentage represents a single student. • Therefore, recode as follows:

  18. National Center for Education StatisticsBEST PRACTICES FOR REPORTINGRECODING THE ENDS OF THE DISTRIBUTION • 10 to 20 students, collapse into two categories and recode ≥80% or ≤20% or intervals (e.g., 21-29%, 31-39%..., 71-79%) • 21 to 40 students, ≥90%, or ≤10%, or intervals • 41 to 100 students, ≥95%, or ≤5%, or intervals • 101 to 200 students, ≥98%, or ≤2%, or intervals • 201-300 students, ≥98%, or ≤2%, or whole numbers • 301 or more students, ≥99%, or ≤1%, or whole numbers

  19. National Center for Education StatisticsBEST PRACTICES FOR REPORTINGSUMMARY BEST PRACTICES • Report the % distribution of students by grade at school, district, or state level in a stand alone table • Report the % distribution of students by subgroup at school, district, or state level in a stand alone table • Do not report details of enrollment data within each subgroup by individual grades. • Use minimum reporting size of 10 students • Use complementary suppressions where necessary • Use whole number percentages when reporting outcomes • Use recoding rules described above.

  20. FDOE PROPOSED MASKING PROTOCOLS • State Level Data will generally not produce identifiable information and usually does not need to be masked. • District Level Data will be masked according to the protocol if it contains data linked to identifying characteristics, such as race, ethnicity, gender, ESE or other disability status, Free and Reduced Price lunch, Migrant or immigrant status, and ESOL status. • School and Small Group Level – same as district, but avoid fine levels of disaggregation • Individual Student Level – data containing multiple elements for a defined population is usually identifiable and access should be strictly limited.

  21. FDOE PROPOSED MASKING PROTOCOLS When masking is required, mask the following: • Data containing cell sizes of less than 10 students (including 0) • Cell sizes containing percentages, where underlying data includes less than 10 students (including 0) • Decimal values attached to percentages (i.e., only release whole number percentages) • Individual cell percentages ≥ 99% ≤ 1% of a given population

  22. FDOE PROPOSED MASKING PROTOCOLS • Complementary masking – if only one value is masked in a given row or column and the masked value could be derived from the remaining values provided, also mask the lowest value remaining in the row or column. • Use consistent format to prevent confusion • Where fewer than 10 students, including 0, use * or “N/A” to indicate a masked cell • Use “≥ 99%” or “≤ 1%” where these are masked • Add a key to symbols used and explain what masking technique has been used, and the reason masking was applied.

  23. PRIVACY TECHNICAL ASSISTANCE CENTER (PTAC) • U.S. Dep’t of Education established PTAC to: • Provide technical assistance • Provide a neutral forum for queries about FERPA compliance (PTAC is NOT an enforcement agency) • Voluntary Review MOU’s and interagency agreements • Offer Helpdesk • http://nces.ed.gov/programs/ptac/Home.aspx

  24. U.S. DEPARTMENT OF EDUCATIONPROPOSED REVISIONS TO FERPA REGULATIONS • http://www.gpo.gov/fdsys/pkg/FR-2011-04-08/pdf/2011-8205.pdf • Federal Register, Vol. 76, No. 68 April 8, 2011 • 34 CFR 99.3 Definitions • “authorized representatives” – any entity or individual designated by a State or local educational authority…to conduct any audit, evaluation, or compliance or enforcement activity in connection with Federal legal requirements that relate to those programs. • Recedes from prior guidance that authorized representatives must be “under the direct control” of the disclosing agency. • Requires an agreement with the authorized representative • If FPCO determines violation by authorized representative, they will be denied access to PII for five years.

  25. U.S. DEPARTMENT OF EDUCATIONPROPOSED REVISIONS TO FERPA REGULATIONS • Definition of Directory Information 34 CFR 99.3 • Would allow an educational agency to designate as directory information and nonconsensually disclose a Student ID number that is displayed on a student badge if it cannot be used to gain access to student records. • Definition of “Education Program” • Any program that is principally engaged in the provision of education, including, but not limited to early childhood education, elementary and secondary education, postsecondary education, special education, job training, career and technical education, and adult education, regardless of whether the program is administered by an educational authority.

  26. U.S. DEPARTMENT OF EDUCATIONPROPOSED REVISIONS TO FERPA REGULATIONS • U.S. Dept of Ed Enforcement Authority increased to include any institution that receives funds under any program administered by the Secretary • Limited Directory Information Policy • Would allow an LEA to limit disclosures of directory information to specified entities or for specified purposes, or both. • Research Studies • Clarifies that SEA’s may authorize Research Studies

More Related