Student Privacy & K-12 Data Governance

OPI Policy 7.2.01: Student Records Confidentiality

The resources this policy refers to are linked below:

A - OPI Employee AIM Access Request

B - OPI Employee Confidentiality Agreement

C - OPI Data Tiers for Release of Data

D - OPI Cell Suppression Flow Chart

E - OPI Affidavit of Non-Release

F - Contractor's Employee or Contractor Nondisclosure Statement

G - Researcher-FERPA Memorandum of Understanding

H - FERPA Memorandum of Understanding Audit-Evaluation Exception

The Office of Public Instruction (OPI) is required to collect and report specific data elements to the USED in order to support planning, policy-making, and management/budget decision-making at the federal level. The OPI has a standard to: 

1. not collect any data we are not required to report
2. reduce as much burden or redundancy as possible on the schools and districts who submit data
3. promote transparency about the results of the data to our wide range of stakeholders.

Data collected by the OPI can be found in our GEMS Data Warehouse. For more information about data being reported to the USED, visit the US EDFacts Initiative page.

Data Governance Manual

OPI Data Governance Committee

The mission of the OPI Data Governance Committee (DGC) is to establish and enforce policies related to agency data collection, management, and reporting.

Guiding Principles:

• Ethics and security will be a part of every decision the group makes.
• Members have the authority and commitment to make policy recommendations and decisions.
• Members will bear in mind legal considerations, including Family Educational Rights and Privacy Act (FERPA), when making decisions.
• Data quality will be considered when making decisions.

The OPI Data Governance Committee is made up of Data Owners and others at OPI with a high level of responsibility regarding data. Each data element that is collected and reported on is assigned a Data Owner. The Data Owner is responsible for defining how data is defined, collected, quality assured and reported, as well as provides guidance around how to use it appropriately.

Data Governance Committee Charter

 

Core Data Stewards Committee

The Core Data Stewards Committee is made up of staff throughout the agency who have been designated by a Data Owner as a Data Steward to carry out day-to-day responsibilities, actions, and management regarding the data within their area of responsibility. The Core Data Stewards Committee is a collaboration of OPI Data Stewards and is managed and coordinated by the OPI Data Governance Facilitator.

• Data Stewards
  These individuals manage data elements at various points of the data lifecycle. They act on behalf of the owner to carry out certain responsibilities related to program data elements/categories (in accordance with the business and technical rules set forth for that data element). Data stewards are a subset of Data Owners; In most cases, data are “owned” by senior business leads that have the authority for sensitive data, and those owners will delegate their rights to stewards for managing the data.
• Data Owner
  For each data element that is collected by the OPI and reported to the USED, a Data Owner will be assigned. The Data Owner is responsible for defining how data is defined, collected (working with Data Governance and Core Data Stewards Committees) and quality assured and reported, and guidance around how it is used appropriately.

For more information, E-Mail: Jamey Ereth, Data Governance Manager at jereth@mt.gov.

Montana Student Privacy Alliance - The 2019 Legislature passed the Online Protections for Pupils (20-7-1325, MCA) and Pupil Records -- Online Privacy Protection (20-7-1326, MCA) laws to further protect the privacy of Montana students.  The Montana Educational Technologist Association (META) and Office of Public Instruction have collaboratively developed the Montana Student Privacy Alliance as a resource for districts to find and share terms of service, agreements and contracts.

 

TrustEd Apps - The TrustEd Apps program is a process developed by the non-profit learning consortium Global IMS to vet applications and certify them for data privacy.  Most educational applications are created and managed by vendors who do their best to protect the identity of the individuals accessing the system and the data that they generate. However, a comprehensive review of student privacy, data security, and other safety issues is the responsibility of the school or district to ensure that appropriate safeguards of student data are in place. Using vetted educational applications can provide additional assurance that the information gathered by these educational applications is being used responsibly.

 

Checklist for Developing a School District Privacy Program

 

Student Privacy Toolkit - From the Student Privacy Forum, this toolkit provides information about how schools and districts use and protect student data, but also provides guidance on how to communicate with students about being responsible digital citizens and protecting themselves online.

 

US Department of Education K-12 and Higher Education Data Security Page - This page is a portal to guidance and best practice resources for the educational community to use to enhance the security of their information systems. 

• Join the US Department of Education Student Privacy Listserve to be informed about updates and new information.