1 / 17

Student Data Transparency and Security Act: What You Need to Know

Gain a comprehensive understanding of the Student Data Transparency and Security Act (HB 16-1423) from the CALET 2017 Winter Conference agenda. This act aims to enhance transparency and security of student personally identifiable information (PII). Discover key definitions, policy breakdown, and the roles of education stakeholders. Unveil requirements for local education providers and software vendors to safeguard student data. Learn about the responsibilities outlined by the State Board of Education and Colorado Department of Education, and explore compliance standards with FERPA regulations. Access valuable resources, including a Quick Reference Guide from Caplan & Earnest. Stay informed about contractual rules, data security plans, and the handling of external data requests. Parental rights regarding student PII inspection and corrections are also highlighted. Explore examples of transparency practices in schools and understand the obligations for LEPs and contract providers. Take proactive steps toward data transparency and security in educational settings.

esthera
Download Presentation

Student Data Transparency and Security Act: What You Need to Know

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Student Data Transparency and Security Act: What You Need to Know (HB 16-1423) CALET 2017 Winter Conference

  2. Agenda • Overview & Breakdown • Panel Q&A • Table Top • Next Steps • Resources

  3. Overview • 2 Years in the Making • Sponsors worked collaboratively with: CASE/CALET, Parents, Vendors • Intent is to increase transparencyand security of student personally identifiable information (PII) • We all have a role: • State Board of Education • Colorado Department of Education (CDE) • Local Education Providers • Software Vendors

  4. Overview • Caplan & Earnest: • Quick Reference Guide: https://goo.gl/NSgN48 • Similarities to FERPA • Breakdown: • Definitions • Policy • Transparency • Contract Rules

  5. Key Definitions • "STUDENT PERSONALLY IDENTIFIABLE INFORMATION" means information that, alone or in combination, personally identifies a student or the student's parent or family, and that is collected, maintained, generated, or inferred by a public education entity, either directly or through a school service, or by a school service contract provider or school service on-demand provider. • "SCHOOL SERVICE" Means an internet website, online service, online application, or mobile application that: • (I) is designed and marketed primarily for use in a preschool, elementary school, or secondary school; • (II) is used at the direction of teachers or other employees of a local education provider; and • (III) collects, maintains, or uses student personally identifiable information. • Exception: Does not include a service provider that is designed and marketed for use by individuals or entities, even if also marketed to schools • "CONTRACT PROVIDER“ & "ON-DEMAND PROVIDER" Teacher District School

  6. Policy - State Board of Education Requirements • Explain the types of student PII collected and create policies to protect the collected student PII • Make available: • A data dictionary with definitions and purpose including PII that LEPs must report for state/federal mandates • Policies to comply with FERPA • All data sharing agreements • Detailed data security plan (including authorizing access, compliance standards, privacy and security audits, security breach procedures, PII retention, staff training) • Requirements on how and why student data is shared

  7. Policy - CDE Requirements • Develop a process for handling external data requests • Must maintain on its website a list of all PII data agreements and associated contracts • Cannot require LEP to provide PII, criminal records, health records, social security numbers, biometric info, political affiliations, or beliefs unless required by state/federal law • Support and provide for LEPs: • Sample privacy and protection policy • Sample service provider contract language • Data retention and destruction procedures • Security breach planning • Security and privacy training materials and, upon request, training services

  8. Policy - LEP BOE Requirements • No later than 12/31/2017, must adopt policy for: • student information privacy & protection • hearing complaints from parents concerning the LEP's data policies • If a contract provider “commits a material breach”, the BOE must hold a public meeting “within a reasonable time” to: • Discuss material breach • Allow response from contract provider • Allow for public testimony • Determine whether or not to continue with contract

  9. Transparency - LEP Requirements • CONTRACT PROVIDERS: • LEP Must maintain on website: • Explanation of student PII data elements that the LEP collects and maintains • Link to CDE’s data dictionary • List of all service contract providers that the LEP contracts with and associated contract • ON-DEMAND PROVIDERS: • Must maintain on website “to the extent practicable, a list of the school service on-demand providers“ • If the LEP has evidence of non-compliance with Terms of Service (ToS) or Act, the LEP is “strongly encouraged to cease or refuse to use” • Must notify CDE and maintain on LEP website a list of on-demand providers with whom LEP ceases or refuses to do business

  10. Transparency – Site Examples • Fountain – Ft. Carson • http://www.ffc8.org/Page/2667 • Denver Public Schools • https://atm.dpsk12.org/

  11. Transparency – Parent’s Rights • Right to inspect and review student's PII • Request a paper or electronic copy of student's PII • Request corrections to factually inaccurate student PII that an LEP maintains • Can notify the LEP and provide “evidence” of any “substantial” non-compliance with “Terms of Service (ToS)” or Act

  12. Contract – LEPs & Contract Provider Requirements • New or renewed agreements with contract providers must include the Act's restrictions & requirements • Data Transparency • Must provide clear information on what PII is collected and how it is used on website and to LEP • Use of Data • Can only use student PII for purposes authorized by the contract • Cannot sell PII • Cannot use PII for targeted advertising • Must notify LEPs of material breach • Data Destruction • Must destroy student PII at the LEPs request or end of contract • Various exceptions are allowed e.g. personalized learning, improving products, safety/security, etc. • Caplan & Earnest, CASB, CDE

  13. Timeline

  14. Panel Q&A

  15. Table Top Discussion • What steps have you taken in your district? • Are you vetting the on demand providers and how? • Have you discussed with Cabinet, Legal & BOE? • How can CALET be helpful?

  16. Next Steps • Data Privacy & Security Addendum with new and renewed District contracts • Work with schools to: • Identify existing contract providers • Include District data privacy & security addendum • Change software procurement process • Begin collecting contract provider’s contracts & PII • Begin designing collection and review of on-demand providers • Discuss with LEP Leadership, Legal, Administrators, etc. • Work with CDE for policy, recommendations, and training

  17. Resources

More Related