1 / 27

Privacy, Confidentiality, and Personally Identifiable Information

2011 State Data Conference. Privacy, Confidentiality, and Personally Identifiable Information. Christopher Cassel Nebraska Department of Education www.education.ne.gov/nssrs. Scott Summers Nebraska Department of Education www.education.ne.gov. Agenda. Privacy Laws

mills
Download Presentation

Privacy, Confidentiality, and Personally Identifiable Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2011 State Data Conference Privacy, Confidentiality, and Personally Identifiable Information Christopher Cassel Nebraska Department of Education www.education.ne.gov/nssrs Scott Summers Nebraska Department of Education www.education.ne.gov

  2. Agenda • Privacy Laws • New Federal “Privacy Technical Assistance Center” (PTAC) Resources • FERPA Notice of Proposed Rule Making (NPRM) • Questions

  3. Privacy Laws • Federal Privacy Act • FERPA • Family Education Rights & Privacy Act • U.S. Department of Agriculture • National School Lunch Act • Child Nutrition Act • HIPAA • Health Insurance Portability and Accountability Act • Nebraska State Law

  4. Privacy Technical Assistance Center • New U.S. Department of Education “Chief Privacy Officer” • New “Privacy Technical Assistance Center” (PTAC) • http://nces.ed.gov/programs/ptac • Established by U.S. Department of Education’s National Center for Education Statistics (NCES) • Seeks to be “one-stop” resource for education stakeholders regarding data: • Privacy • Confidentiality • Security practices

  5. PTAC Resources • Glossary • http://nces.ed.gov/programs/ptac/glossary.aspx • Frequently Asked Questions (FAQs) • Technical Briefs • Three published, seven planned

  6. PTAC Technical Brief 1 • “Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records” • NCES 2011-601 • http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601 • Summary of terminology and issues

  7. Privacy, Confidentiality & PII

  8. PII: FERPA Definition (1 of 3) Personally Identifiable Information (PII) • Student's name • Name of the student's parent or other family members • Address of the student or student's family • A personal identifier, such as the student's Social Security Number, student number, or biometric record

  9. PII: FERPA Definition (2 of 3) [Personally Identifiable Information (PII) definition, continued] • Other indirect identifiers, such as the student's date of birth, place of birth, and mother's maiden name • Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty

  10. PII: FERPA Definition (3 of 3) [Personally Identifiable Information (PII) definition, continued] • Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates

  11. Disclosure • FERPA: “… to permit access to … PII contained in education records … to any party except the party identified …” • Disclosures may be: • Authorized • Unauthorized • Inadvertent

  12. Directory Information

  13. PTAC Technical Brief 2 • “Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records” • NCES 2011-602 • http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011602

  14. Brief 2: Data Stewardship • Defines “Data Stewardship” and recommends actions to ensure confidentiality • Conduct PII inventory • Implement internal controls to protect PII • Provide public notice of education records system • Policies and Procedures

  15. Brief 2: Direct vs. Indirect Identifiers • Direct Identifiers • Information unique the student • Name, address, Social Security Number, NDE Student ID, photographs, etc. • Indirect Identifiers • Information not unique to the student but can be used in combination with other information about the student to identify a specific student • Race/ethnicity, date of birth, place of birth, grade level, participation in a particular program, etc.

  16. Brief 2: Sensitivity • Not all personally identifiable data have the same level of sensitivity. • Sensitivity should be evaluated both in terms of the specific data element and other available personally identifiable data elements. • Note that an individual’s SSN, medical history, or financial account information is generally considered more sensitive than an individual’s phone number or ZIP code.

  17. PTAC Technical Brief 3 • “Statistical Methods for Protecting Personally Identifiable Information in Aggregate Reporting” • NCES 2011-603 • http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011603

  18. Brief 3: Reporting Rules • Identifies best practices • Recommends reporting rules to avoid unauthorized or inadvertent disclosures • Masking Rules • For examples, see “NDE Data Access and Use Policies and Procedures”

  19. NDE Data Access and Use Policy and Procedures • Available on NSSRS Resources page of Nebraska Student and Staff Record System website (www.education.ne.gov/nssrs) • Establishes NDE procedures for collecting, maintaining, disclosing, and disposing of education records containing PII • NDE masking rules defined

  20. Future PTAC Technical Briefs • Upcoming briefs will focus on: • Different types of data sharing and data use agreements • Electronic data security • Privacy training • Release dates to be determined

  21. Monday, April 27, 2009

  22. FERPA Clarifications • Handout: “Safeguarding Student Privacy” • Notice of Proposed Rule Making (NPRM) • http://www.gpo.gov/fdsys/pkg/FR-2011-04-08/pdf/2011-8205.pdf • Public comment accepted by USDE: • Until May 23, 2011 • At http://www.regulations.gov

  23. Summary of Proposed FERPA Changes • Stronger Enforcement • Ensuring the Safety of Students • Protect students from marketers or criminals • Allow student ID or badge to be worn or presented • Ensuring effectiveness of Publicly Funded Programs • Allow states to enter research agreements with organizations not under their “direct control” • Promoting research on effectiveness • Sharing data on how high school graduates perform academically in college

  24. Reminders • Districts provide much public reporting • Policies and procedures • Communication and a team-based “Data Quality Culture”

  25. Resources • Family Policy Compliance Office (FPCO) • www2.ed.gov/policy/gen/guid/fpco/index.html • Privacy Technical Assistance Center (PTAC) • nces.ed.gov/programs/ptac • NSSRS Information • www.education.ne.gov/nssrs • NDE Bulletins • www.education.ne.gov/ndebulletins

  26. Questions?

  27. Partnering with Districts for Data Quality Data Quality

More Related