6000 - Miscellaneous

6025 - Data Governance Plan

DATA GOVERNANCE PLAN                                                            6025

 

  1. PURPOSE

Data governance is an organizational approach to data and information management that is formalized as a set of policies and procedures that encompass the full life cycle of data; from acquisition, to use, to disposal. The Sevier School District (SSD) takes seriously its moral and legal responsibility to protect student privacy and ensure data security. Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401 requires that SSD adopt a Data Governance Plan. SSD supports the continual updating, improvement, and implementation of this policy as further guidance and procedures are made available by the Utah State Board of Education (USBE). SSD will work to meet implementation deadlines outlined by USBE as resources become available.

  1. SCOPE AND APPLICABILITY

2.1      This policy is applicable to all employees, temporary employees, and contractors of the SSD. The policy must be used to assess agreements made to disclose data to third-parties. This policy is designed to ensure only authorized disclosure of confidential information. The following 8 subsections provide data governance policies and processes for SSD:

2.1.1   Data Advisory Groups

2.1.2   Non-Disclosure Assurances for Employees

2.1.3   Data Security and Privacy Training for Employees

2.1.4   Data Disclosure

2.1.5   Data Breach

2.1.6   Record Retention and Expungement

2.1.7   Data Quality

2.1.8   Transparency

2.2      Furthermore, the SSD Information Technology Security Policy works in conjunction with this Policy, which:

2.2.1   Designates SSD as the steward for all confidential information maintained within SSD.

2.2.2   Designates Data Stewards access for all confidential information.

2.2.3   Requires Data Stewards to maintain a record of all confidential information that they are responsible for.

2.2.4   Requires Data Stewards to manage confidential information according to this policy and all other applicable policies, standards and plans.

2.2.5   Complies with all legal, regulatory, and contractual obligations regarding privacy of SSD data. Where such requirements exceed the specific stipulation of this policy, the legal, regulatory, or contractual obligation shall take precedence.

2.2.6   Provides the authority to design, implement, and maintain privacy procedures meeting SSD standards concerning the privacy of data in motion, at rest and processed by related information systems.

2.2.7   Ensures that all SSD board members, employees, contractors, and volunteers comply with the policy and undergo annual privacy training.

2.2.8   Provides policies and process for

2.2.8.1            Systems administration,

2.2.8.2            Network security,

2.2.8.3            Application security,

2.2.8.4            Endpoint, server, and device Security

2.2.8.5            Identity, authentication, and access management,

2.2.8.6            Data protection and cryptography

2.2.8.7            Monitoring, vulnerability, and patch management

2.2.8.8            High availability, disaster recovery, and physical protection

2.2.8.9            Incident Responses

2.2.8.10         Acquisition and asset management, and

2.2.8.11         Policy, audit, e-discovery, and training.

  1. DATA ADVISORY GROUPS

3.1.     Structure

SSD has a three-tiered data governance structure to ensure that data is protected at all levels of Utah’s educational system (LEA Student Data Manager, IT Systems Security Manager, and Educators).

3.2      Group Membership

Membership in the groups require board approval. Group membership is for two years. If individual members exit the group prior to fulfilling their two-year appointment, the board may authorize SSD Superintendent or designee to appoint a replacement member.

3.3      Individual and Group Responsibilities

The following tables outlines individual SSD staff and advisory group responsibilities.

3.3.1   Table 1. Individual SSD Staff responsibilities

 

Role Responsibilities

Chief Privacy Officer

 

1.    Authorize and manage the sharing, outside of the education entity, of personally identifiable student date from a cumulative record for the education entity.

2.    Act as the primary local point of contact for the state student data officer.

3.    A student data manager may share personally identifiable student data that are:

a.     of a student with the student and the student’s parent

b.    required by state or federal law

c.     in an aggregate form with appropriate data redaction techniques applied

d.    for a school official

e.    for an authorized caseworker or other representative of the Department of Human Services or the Juvenile Court.

f.      in a response to a subpoena issued by a court

g.    directory information

4.     A student data manager may not share personally identifiable student data for the purpose of external research or evaluation.

5.     Create and maintain a list of all LEA staff that have access to personally identifiable student data.

6.     Ensure annual LEA level training on data privacy to all staff members, including volunteers. Document all staff names, roles and training dates, times, locations, and agendas.

 

Role Responsibilities

IT Systems Security Manager

 

1. Acts as the primary point of contact for SSD student data security administration in assisting the board to administer this part;

2. Ensures compliance with security systems laws throughout the SSD education system, including:

a.     providing training and support to applicable SSD employees; and

b.    producing resource materials;

3.  Investigates complaints of alleged violations of systems breaches;

4.  Provides an annual report to the board on SSD systems security needs.

 

 Role Responsibilities

Educators

 

Fully support Data and Security Managers and comply with this policy and Policy #6015, Information Technology Security and stay current on training.

  1. EMPLOYEE NON-DISCLOSURE ASSURANCES

Employee non-disclosure assurances are intended to minimize the risk of human error and misuse of information.

4.1      Scope

All SSD employees with access to student educational data or confidential educator records must sign and obey the SSD Employee Non-Disclosure Agreement (See Appendix A), which describes the permissible uses of SSD technology and information.

4.2      Non-Compliance

Non-compliance with the agreements shall result in consequences up to and including removal of access to SSD network; if this access is required for employment, employees may be subject to dismissal.

4.3      Non-Disclosure Assurances

All student data utilized by SSD is protected as defined by the Family Educational Rights and Privacy Act (FERPA) and Utah statute. This policy outlines the way SSD staff is to utilize data and protect personally identifiable and confidential information. A signed agreement form is required from all SSD staff to verify agreement to adhere to/abide by these practices and will be maintained by SSD. All SSD employees with access to student educational data or confidential educator records (including contract or temporary) will:

4.3.1   Complete a Security and Privacy Fundamentals Training.

4.3.2   Complete a Security and Privacy Training for Researchers and Evaluators, if your position is a research analyst or if requested by the Technology Director.

4.3.3   Consult with SSD principals/administrators in their role as internal data owners when creating or disseminating reports containing data.

4.3.4   Use password-protected SSD-authorized computers when accessing any student-level or staff-level records.

4.3.5   NOT share individual passwords for personal computers or data systems with anyone.

4.3.6   Log out of any data system/portal and close the browser after each use.

4.3.7   Store sensitive data on appropriate-secured location. Unsecured access and flash drives, DVD, CD-ROM or other removable media, or personally-owned computers or devices are not deemed appropriate for storage of sensitive, confidential or student data.

4.3.8   Keep printed reports with personally identifiable information in a locked location while unattended and use the secure document destruction service provided at SSD when disposing of such records.

4.3.9   NOT share personally identifying data during public presentations, webinars, etc. If users need to demonstrate child/staff level data, demo records should be used for such presentations.

4.3.10 Redact any personally identifiable information when sharing sample reports with general audiences, in accordance with guidance provided by the student data manager, found in Appendix B (Protecting PII in Public Reporting).

4.3.11 Take steps to avoid disclosure of personally identifiable information in reports, such as aggregating, data suppression, rounding, recoding, blurring, perturbation, etc.

4.3.12 Delete files containing sensitive data after using them on computers or move them to secured servers or personal folders accessible only by authorized parties.

4.3.13 NOT use email to send screenshots, text, or attachments that contain personally identifiable or other sensitive information. If users receive an email containing such information, they will delete the screenshots/text when forwarding or replying to these messages. If there is any doubt about the sensitivity of the data the Student Data Privacy Manager should be consulted.

4.3.14 Use secure methods when sharing or transmitting sensitive data. The approved method is SSD Secure File Transfer Protocol (SFTP) website. Also, sharing within secured server folders is appropriate for SSD internal file transfer.

4.3.15 NOT transmit child/staff-level data externally unless expressly authorized in writing by the data owner and then only transmit data via approved methods such as described in item ten.

4.3.16 Limit use of individual data to the purposes, which have been authorized within the scope of job responsibilities.

4.4      Data security and privacy training

4.4.1   PURPOSE

SSD will provide a range of training opportunities for all SSD staff, including employees, temporary employees with access to student educational data or confidential educator records in order to minimize the risk of human error and misuse of information.

4.4.2   Scope

All SSD employees with access to student educational data or confidential educator records

4.4.3   Compliance

New employees who do not comply may not be able to use SSD networks or technology.

4.4.4   POLICY

4.4.4.1            Within the first week of employment, all SSD employees and temporary employees with access, must sign and follow the SSD Employee Acceptable Use Policy, which describes the permissible uses of SSD technology and information.

4.4.4.2            New employees who do not comply may not be able to use SSD networks or technology. Within the first week of employment, all SSD employees with access to student educational data or confidential educator records must also sign and obey the SSD Employee Non-Disclosure Agreement, which describes appropriate uses and the safeguarding of student and educator data.

4.4.4.3            All current SSD employees are required to participate in an annual Security and Privacy Fundamentals Training Curriculum within 60 days of the adoption of this rule.

4.4.4.4            SSD requires a targeted Security and Privacy Training for all employees and will determine the annual training topics for these targeted groups based on SSD training needs.

4.4.4.5            Participation in the training, as well as a signed copy of the Employee Non-Disclosure Agreement, will be annually monitored and reported.

  1. DATA DISCLOSURE

5.1      PURPOSE

Providing data to persons and entities outside of the SSD increases transparency, promotes education in Utah, and increases knowledge about Utah public education. This policy establishes the guidelines for sharing data maintained by SSD. It is intended to be consistent with the disclosure provisions of the Federal Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g, 34 CFR Part 99 and Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401.

5.2      POLICY FOR DISCLOSURE OF PERSONALLY IDENTIFIABLE INFORMATION (PII)

5.2.1   Student or Student’s Parent/Guardian Access

Parents are advised that the records maintained by SSD are provided to SSD by the school district in which their student is/was enrolled, and access to their student’s record can be obtained from the student’s school district. In accordance with FERPA regulations 20 U.S.C. § 1232g (a)(1) (A) (B) (C) and (D), LEAs will provide parents with access to their child’s education records, or an eligible student access to his or her own education records (excluding information on other students, the financial records of parents, and confidential letters of recommendation if the student has waived the right to access), within 45 days of receiving an official request. SSD is not required to provide data that it does not maintain, nor is SSD required to create education records in response to an eligible student’s request.

5.2.2   Third Party Vendor

5.2.2.1            Third party vendors may have access to students’ personally identifiable information if the vendor is designated as a “school official” as defined in FERPA, 34 CFR §§ 99.31(a)(1) and 99.7(a)(3)(iii). A school official may include parties such as: professors, instructors, administrators, health staff, counselors, attorneys, clerical staff, trustees, members of committees and disciplinary boards, and a contractor, consultant, volunteer or other party to whom the school has outsourced institutional services or functions.

5.2.2.2            All third-party vendors contracting with SSD must be compliant with Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401. Vendors determined not to be compliant may not be allowed to enter into future contracts with SSD without third-party verification that they are compliant with federal and state law, and board rule.

5.2.3   Internal Partner Requests

Internal partners to SSD include school officials who are determined to have a legitimate educational interest in the information.

5.2.4   Governmental Agency Requests

5.2.4.1            SSD may not disclose personally identifiable information of students to external persons or organizations to conduct research or evaluation that is not directly related to a state or federal program reporting requirement, audit, or evaluation. The requesting governmental agency must provide evidence the federal or state requirements to share data in order to satisfy FERPA disclosure exceptions to data without consent in the case of a federal or state

5.2.4.1.1        reporting requirement

5.2.4.1.2        audit

5.2.4.1.3        evaluation

5.2.4.2            The SSD Student Data Manager will ensure the proper data disclosure avoidance are included if necessary.

5.3      Policy for External disclosure of Non-Personally Identifiable Information (PII)

5.3.1   SCOPE

External data requests from individuals or organizations that are not intending on conducting external research or are not fulfilling a state or federal reporting requirement, audit, or evaluation will not be allowed.

5.4      Data Disclosure to a Requesting External Researcher or Evaluator

5.4.1   Responsibility: The Student Data Manager will ensure the proper data are shared with external researcher or evaluator to comply with federal, state, and board rules.

5.4.2   SSD may not disclose personally identifiable information of students to external persons or organizations to conduct research or evaluation that is not directly related to a state or federal program audit or evaluation. Data that do not disclose PII may be shared with an external researcher or evaluators for projects unrelated to federal or state requirements if:

5.4.2.1            A SSD Director or Superintendent sponsors an external researcher or evaluator request.

5.4.2.2            Student data are not PII, but are in an aggregate form and de-identified through disclosure avoidance techniques and other pertinent techniques as determined by the Student Data Manager.

5.4.2.3            Researchers and evaluators supply the SSD a copy of any publication or presentation that uses SSD data 10 business days prior to any publication or presentation.

5.5      Process: Research Proposal must be submitted using this form:http://www.schools.utah.gov/data/Data-Request/ResearcherProposal.aspx. Research proposals are sent directly to the Director, Superintendent or designee for review. If the request is approved, an MOA is drafted and reviewed by the Superintendent, and/or District Administration and sent to the Student Data Manager, appropriate Data Steward fulfills the request, de-identifies data as appropriate, and sends to another Data Steward for Quality Assurance (ensuring student data protection). If it passes QA, data are sent to the requester and saves the dataset in a secure folder managed by the Coordinator of Data and Statistics. If it does not pass QA, the data are sent back to the Data Steward for modification.

  1. DATA BREACH

6.1      PURPOSE

Establishing a plan for responding to a data breach, complete with clearly defined roles and responsibilities, will promote better response coordination and help educational organizations shorten their incident response time. Prompt response is essential for minimizing the risk of any further data loss and, therefore, plays an important role in mitigating any negative consequences of the breach, including potential harm to affected individuals.

6.2      POLICY

6.2.1   SSD shall follow industry best practices to protect information and data. In the event of a data breach or inadvertent disclosure of personally identifiable information, SSD staff shall follow industry best practices outlined in the SSD IT Security Procedures for responding to the breach. Further, SSD shall follow best practices for notifying affected parties, including students, in the case of an adult student, or parents or legal guardians, if the student is not an adult student.

6.2.2   Concerns about security breaches must be reported immediately to the IT security manager who will collaborate with appropriate members of the SSD executive team to determine whether a security breach has occurred. If the SSD data breach response team determines that one or more employees or contracted partners have substantially failed to comply with SSD’s IT Security Policy/Procedure and relevant privacy policies, they will identify appropriate consequences, which may include termination of employment or a contract and further legal action. Concerns about security breaches that involve the IT Security Manager must be reported immediately to the Superintendent. SSD will periodically update, in keeping with best practices, and resources from USBE in preparing for and responding to a security breach.

7. DATA RETENTION

7.1 The District shall classify all student data which it collects under an approved records retention schedule. The District shall retain and dispose of all student data in accordance with an approved records retention schedule.
7.2 If no existing retention schedule governs student disciplinary records collected by the District:
7.2.1 The District may propose to the State Records Committee a retention schedule of up to one year if collection of the data is not required by federal or state law or Board rule; or
7.2.2 The District may propose to the State Records Committee a retention schedule of up to three years if collection of the data is required by federal or state law or State Board rule, unless a longer retention period is prescribed by federal or state law or State Board rule.

7.3 The District’s retention schedules shall take into account the District’s administrative need for the data.

7.4 Unless the data requires permanent retention, the District’s retention schedules shall require destruction or expungement of student data after the administrative need for the data has passed.

7.5 A parent or adult student may request that the District amend, expunge, or destroy any record not subject to an approved retention schedule and believed to be inaccurate, misleading, or in violation of the privacy rights of the student. The District shall process such a request following the same procedures outlined to amend a student education record under FERPA, as set out in Policy FE “Right to Amend Records.”

8. SHARING STUDENT DATA
The District may not share a student’s personally identifiable student data without written consent, except in conformance with the requirements of this policy and with the Family Educational Rights and Privacy Act (“FERPA”) and related provisions under 20 U.S.C. §§ 1232(g) and 1232(h).
Utah Code § 53E-9-308 (2019)

9. PERMITTED AND PROHIBITED SHARING OF STUDENT DATA BY STUDENT DATA MANAGER

9.1 A student data manager may share the personally identifiable student data of a student with the student and the student’s parent. Otherwise, a student data manager may only share a student’s personally identifiable student data from a cumulative record in accordance with federal law or as follows. Such data may be shared with:

9.1.1 A school official;
9.1.2 An authorized caseworker, in accordance with this policy, or other representative of the Department of Human Services; or
9.1.3 A person to whom the District has outsourced a service or function:
9.1.3.1 To research the effectiveness of a program’s implementation; or
9.1.3.2 that the District’s employees would typically perform.

9.2 A student data manager may share a student’s personally identifiable student data from a cumulative record with a caseworker or representative of the Department of Human Services if:
9.2.1 The Department of Human Services is:
9.2.1.1 legally responsible for the care and protection of the student; or
9.2.1.2 providing services to the student; and
9.2.2 The student’s personally identifiable student data is not shared with a person who is not authorized:
9.2.2.1 to address the student’s education needs; or
9.2.2.2 by the Department of Human Services to receive the student’s personally identifiable student data; and
9.2.3 The Department of Human Services maintains and protects the student’s personally identifiable student data.
9.2.4 A student data manager may share a student’s personally identifiable student data to improve educational outcomes for the student where the student is:
9.2.4.1 In the custody of or under the guardianship of, the Department of Human Services;
9.2.4.2 Receiving services from the Division of Juvenile Justice Services;
9.2.4.3 In the custody of the Division of Child and Family Services;
9.2.4.4 Receiving services from the Division of Services for People with Disabilities; or
9.2.4.5 Under the jurisdiction of the Utah Juvenile Court.

9.3 A student data manager may share aggregate data.

9.4. A student data manager may not share personally identifiable student data for the purpose of external research or evaluation except as follows: If a student data manager receives a request to share data for the purpose of external research or evaluation, the student data manager shall:
9.4.1 Verify that the request meets the requirements of 34 C.F.R. § 99.31(a)(6);
9.4.2 Submit the request to the District’s external research review process; and
Fulfill the instructions that result from the review process.

9.5 If the student data manager is informed that the State Board of Education intends to share student data collected by the District with the Utah Registry of Autism and Developmental Disabilities, the student data manager shall give notice to the parent of each student whose data is to be shared of the State Board’s intention to share the data. This notice shall be provided at least 30 days before the State Board is to share the data. If a parent requests that the State Board not share the data, the student data manager shall relay that request to the State Board.

9.6 A student data manager may share personally identifiable student data in response to a subpoena issued by a court.

9.7 In accordance with State Board of Education rule, a student data manager may share personally identifiable information that is directory information.
Utah Code § 53E-9-308 (2019)

10. QUALITY ASSURANCES AND TRANSPARENCY REQUIREMENTS

10.1 PURPOSE
Data quality is achieved when information is valid for the use to which it is applied, is consistent with other reported data and users of the data have confidence in and rely upon it. Good data quality does not solely exist with the data itself, but is also a function of appropriate data interpretation and use and the perceived quality of the data. Thus, true data quality involves not just those auditing, cleaning and reporting the data, but also data consumers. Data quality at is addressed in five areas:

10.1.1 Data Governance Structure
The SSD data governance policy is structured to encourage the effective and appropriate use of educational data. The SSD data governance structure centers on the idea that data is the responsibility of all SSD departments and that data driven decision-making is the goal of all data collection, storage, reporting and analysis. Data driven decision making guides what data is collected, reported and analyzed.

10.1.2 Data Requirements and Definitions

10.1.2.1 Clear and consistent data requirements and definitions are necessary for good data quality. On the data collection side, the SSD communicates data requirements and definitions to LEAs through the Data Clearinghouse Update Transaction documentations (see http://www.schools.utah.gov/vomputerservices/Data-Clearinghouse.aspx). The SSD also communicates with SSD IT staff regularly, at monthly Data Warehouse Group meetings and at biannual Data Conferences. Where possible, SSD program specialists are invited to these meetings and the same guidance is give to the appropriate program directors.

10.1.2.2 On the data reporting side, the production and presentation layers provide standard data definitions and business rules. Data Stewards coordinate data releases through the Data Warehouse Group meetings. All data released includes relevant data definitions, business rules, and are date stamped. Further, Data and Statistics produces documentation, trainings and FAQs on key statistics and reports, such as AYP, graduation rate and class size.

10.1.3 Data Collection
10.1.3.1 Data elements should be collected only once—no duplicate data collections are permitted. Where possible, data is collected at the lowest level available (i.e. at the student/teacher level). Thus, there are no aggregate data collections if the aggregate data can be derived or calculated from the detailed data.
10.1.3.2 For all new data collections, SSD provides to LEAs clear guidelines for data collection and the purpose of the data request. The SSD also notifies LEAs as soon as possible about future data collections. Time must be given to LEAs in order for them to begin gathering the data needed.

10.1.4 Data Auditing
Data and Statistics Data Analysts perform regular and ad hoc data auditing. They analyze data in the warehouse for anomalies, investigate the source of the anomalies, and work with IT and/or LEAs in explaining and/or correcting the anomalies. Data Analysts also work with School Finance to address findings from the Auditors.

10.1.5 Quality Control Checklist
Checklists have been proven to increase quality (See Appendix C).

11. DATA TRANSPARENCY
Annually, SSD will publically post:

11.1 SSD data collections

11.2 Metadata Dictionary as described in Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401

12. APPENDIX
Appendix A. SSD Employee Non-Disclosure Agreement
As an employee of the Sevier School District I hereby affirm that: (Initial)
______ I have read the Employee Non-Disclosure Assurances attached to this agreement form and read and reviewed Data Governance Plan SSD policies. These assurances address general procedures, data use/sharing, and data security.
______ I will abide by the terms of the SSD policies and its subordinate process and procedures;
______ I grant permission for the manual and electronic collection and retention of security related information, including but not limited to photographic or videotape images, of your attempts to access the facility and/or workstations.

Trainings
______ I have completed SSD Data Security and Privacy Fundamentals Training.
______ I will complete SSD Data Security and Privacy Fundamentals Training within 30 days.

Using SSD Data and Reporting Systems
______ I will use a password-protected computer when accessing data and reporting systems, viewing child/staff records, and downloading reports.
______ I will not share or exchange individual passwords, for either personal computer(s) or SSD system user accounts, with SSD staff or participating program staff.
______I will log out of and close the browser after each use of SSD data and reporting systems.
______I will only access data in which I have received explicit written permissions from the data owner.
______I will not attempt to identify individuals, except as is required to fulfill job or volunteer duties, or to publicly release confidential data;

Handling Sensitive Data
______ I will keep sensitive data on password-protected SSD -authorized computers.
______ I will keep any printed files containing personally identifiable information in a locked location while unattended.
______ I will not share child/staff-identifying data during public presentations, webinars, etc. I understand that dummy records should be used for such presentations.
______ I will delete files containing sensitive data after working with them from my desktop, or move them to a secured SSD server.
Reporting & Data Sharing
______ I will not redisclose or share any confidential data analysis except to other authorized personnel without SSD express written consent.
______ I will not publically publish any data without the approval of the Superintendent.
______ I will take steps to avoid disclosure of personally identifiable information in SSD -level reports, such as aggregating, data suppression, rounding, recoding, blurring, perturbation, etc.
______ I will not use email to send screenshots, text, or attachments that contain personally identifiable or other sensitive information. If I receive an email containing such information, I will delete the screenshots/text when forwarding or replying to these messages.
______I will not transmit child/staff-level data externally unless explicitly authorized in writing.
______ I understand that when sharing child/staff-identifying data with authorized individuals, the only approved methods are phone calls or SSD Secure File Transfer Protocol (SFTP). Also, sharing within secured server folders is appropriate for SSD internal file transfer.
______ I will immediately report any data breaches, suspected data breaches, or any other suspicious activity related to data access to my supervisor and the SSD Information Security Officer. Moreover, I acknowledge my role as a public servant and steward of child/staff information, and affirm that I will handle personal information with care to prevent disclosure.
Consequences for Non-Compliance
______ I understand that access to the SSD network and systems can be suspended based on any violation of this contract or risk of unauthorized disclosure of confidential information;
______I understand that failure to report violation of confidentiality by others is just as serious as my own violation and may subject me to personnel action, including termination.
Termination of Employment
_______I agree that upon the cessation of my employment from SSD I will not disclose or otherwise disseminate any confidential or personally identifiable information to anyone outside of SSD without the prior written permission of the Chief Information Officer of SSD.
Print Name: ___________________________________
Signed: ________________________________________
Date: __________________

Appendix B. Protecting PII in Public Reporting

Data Gateway Statistical Reporting Method for Protecting PII
Public education reports offer the challenge of meeting transparency requirements while also meeting legal requirements to protect each student’s personally identifiable information (PII). Recognizing this, the reporting requirements state that subgroup disaggregation of the data may not be published if the results would yield personally identifiable information about an individual student. While the data used by the SSD and local agencies(LEAs) is comprehensive, the data made available to the public is masked to avoid unintended disclosure of personally identifiable information at summary school, LEA, or state-level reports.

This is done by applying the following statistical method for protecting PII.
1. Underlying counts for groups or subgroups totals are not reported.

2. If a reporting group has 1 or more subgroup(s) with 10 or fewer students.
2.1 The results of the subgroup(s) with 10 or fewer students are recoded as “N<10”
2.2. For remaining subgroups within the reporting group
2.2.1 For subgroups with 300 or more students, apply the following suppression rules.
2.2.1.1 Values of 99% to 100% are recoded to ≥99%
2.2.1.2 Values of 0% to 1% are recoded to ≤1%

3. For subgroups with 100 or more than but less than 300 students, apply the following suppression rules.
3.1 Values of 98% to 100% are recoded to ≥98%
3.2 Values of 0% to 2% are recoded to ≤2%

4. For subgroups with 40 or more but less than 100 students, apply the following suppression rules.
4.1 Values of 95% to 100% are recoded to ≥95%
4.2 Values of 0% to 5% are recoded to ≤5%

5. For subgroups with 20 or more but less than 40 students, apply the following suppression rules.
5.1 Values of 90% to 100% are recoded to ≥90%
5.2 Values of 0% to 10% are recoded to ≤10%
5.3 Recode the percentage in all remaining categories in all groups into intervals as follows (11-19,20-29,…,80-89)

6. For subgroups with 10 or more but less than 20 students, apply the following suppression rules.
6.1 Values of 80% to 100% are recoded to ≥80%
6.2 Values of 0% to 20% are recoded to ≤20%
6.3 Recode the percentage in all remaining categories in all groups into intervals as follows (20-29,30-39,…,70-79)

Appendix C. Quality Control Checklist

1. Reliability (results are consistent)
1.1 Same definitions were used for same or similar data previously reported or it is made very clear in answering the request how and why different definitions were used
1.2 Results are consistent with other reported results or conflicting results are identified and an explanation provided in request as to why is different
1.3 All data used to answer this particular request was consistently defined (i.e. if teacher data and student data are reported together, are from the same year/time period)
1.4 Another SSD data steward could reproduce the results using the information provided in the metadata

2. Validity (results measure what are supposed to measure, data addresses the request)
2.1 Request was clarified
2.2 Identified and included all data owners that would have a stake in the data used
2.3 Data owners approve of data definitions and business rules used in the request
2.4 All pertinent business rules were applied
2.5 Data answers the intent of the request (intent ascertained from clarifying request)
2.6 Data answers the purpose of the request (audience, use, etc.)
2.7 Limits of the data are clearly stated
2.8 Definitions of terms and business rules are outlined so that a typical person can understand what the data represents

3. Presentation
3.1 Is date-stamped
3.2 Small n-sizes and other privacy issues are appropriately handled
3.3 Wording, spelling and grammar are correct
3.4 Data presentation is well organized and meets the needs of the requester
3.5 Data is provided in a format appropriate to the request
3.6 A typical person could not easily misinterpret the presentation of the data

 

Approved : 08/09/17

Revised: 02/19/20

Tags: Data Privacy Information

Inspire the mind, create a passion for learning, educate for success in life.


Sevier School District does not discriminate on the basis of race, color, national origin, sex, disability, or age in its programs. Please contact your school principal for further information.