Privacy and Security in Early Childhood Data Use
Download
Report
Transcript Privacy and Security in Early Childhood Data Use
Thursday August 1, 2013
Baron Rodriquez, PTAC Director
Dale King, FPCO Director
Corey Chatis, State Support Team
Missy Cochenour, State Support Team
Robin Nelson, DaSy Center
1
Welcome & Introductions
- Robin Nelson, DaSy Center - Missy Cochenour, SLDS SST 2
Objectives for the Day
• Develop understanding of key privacy issues in using data
in early childhood
• Increase understanding of how to use early childhood
data from planning through sustainability
• Review analysis of research questions for policy, program,
and practice at various administration levels
• Learn about FERPA & HIPAA impact on development of EC
research questions and sharing of data across agencies
and with external audiences
• Develop state tools to take back to state to inform data
use
3
Introductions
As a state, discuss what you hope to learn
today and how each of you fit into the state
picture around early childhood integrated data
systems, both now and in the future.
4
Data Use Framework
PLAN
CREATE
SUPPORT
5
Privacy Considerations
in Using Early
Childhood Data
- Baron Rodriguez, PTAC 6
Privacy Considerations in Using Early
Childhood Data
What legal obligation do EC educational agencies and
institutions have to protect PII from students records?
• Privacy of individual student records are protected under
FERPA
• Other Federal, State ,and local laws, such as HIPAA and IDEA, may
also apply
• Determine how/which information is going to flow
between agencies to help assess which laws may apply
• Develop data sharing agreements which ensure data is
only shared for authorized purposes and adequately
protected at all times.
7
Privacy Considerations in Using Early
Childhood Data
FERPA’s Audit and Evaluation
Exception
A state or local educational authority may
designate a third party as their “authorized
representative” and then disclose PII from
education records to them for the purposes of
conducting an audit or evaluation of a federal
or state-supported education program.
8
Privacy Considerations in Using Early
Childhood Data
FERPA’s Audit and Evaluation Exception –
Requirements
• Disclosing entity must be a state or local educational
authority
• Must be for the evaluation of a federal or state-supported
education program
• Must use a written agreement to designate the recipient
as the authorized representative
• The written agreement must include a number of required
elements
(see “Guidance on Reasonable Methods and Written Agreements”)
9
Privacy Considerations in Using Early
Childhood Data
FERPA’s Audit and Evaluation Exception Requirements (cont’d)
The recipient must:
• Comply with the terms of the written agreement;
• Use the PII only for the authorized purpose;
• Protect the PII from further disclosure or other uses;
• Destroy the PII when no longer needed for the evaluation.
10
Privacy Considerations in Using Early
Childhood Data
Non-Profit Scenarios
Ray Marshall Center & Austin ISD
Midwest school district & large non-profit
SLDS
Data Use Framework
- Corey Chatis, SLDS SST 12
Data Use Framework
PLAN
CREATE
SUPPORT
13
Data Use Framework: PLAN
• Mission and Goals
– What is the point?
PLAN
CREATE
SUPPORT
14
Data Use Framework: PLAN
Mission and Goals
– What is the point?
PLAN
CREATE
Identification and
prioritization of users
• Who are we serving?
SUPPORT
15
Data Use Framework: PLAN
Mission and Goals
– What is the point?
PLAN
CREATE
Identification and
prioritization of users
• Who are we serving?
SUPPORT
Identification of uses
• What types of decisions and/or
actions will the system inform?
16
Data Use Framework: CREATE
Stakeholder engagement
– How do we involve
those whom we intend
to serve?
PLAN
CREATE
SUPPORT
17
Data Use Framework: CREATE
Stakeholder engagement
– How do we involve those
whom we intend to serve?
PLAN
CREATE
Products/Resources
– What types of products/
resources will the SLDS
generate?
SUPPORT
18
Data Use Framework: CREATE
Stakeholder engagement
– How do we involve those
whom we intend to serve?
PLAN
CREATE
Products/Resources
– What types of products/
resources will the SLDS
generate?
SUPPORT
Delivery
– How will you deliver data to key
users?
19
Data Use Framework: SUPPORT
User support
– How will users know
how to use the system?
– How will users
understand the data
provided by the system?
PLAN
CREATE
SUPPORT
– How will users know
what to do with the
data provided by the
system?
20
Data Use Framework: SUPPORT
(continued)
Evolution and Sustainability
– How do we continue to
support users and their
needs as they expand and
evolve?
– How do we make the system
an essential resource for
users?
– How do we ensure we have
the resources to continue
meeting users’ needs?
PLAN
CREATE
SUPPORT
21
Data use Framework
Identification of
Uses
Stakeholder
Engagement
Identification &
Prioritization of Users
Products/Resources
PLAN
CREATE
Mission & Goals
Delivery
SUPPORT
Evolution &
Sustainability
User Support
22
Data Use Strategy: Plan
- Corey Chatis, SLDS SST -
23
Data Use Strategy: Plan
Mission and Goals: What is the point?
• Defining and communicating a common vision
• Establishing clear goals, defining success – the value
of logic chains
• Ensuring that all subsequent decisions regarding
tools, products, training, communication, etc. are
anchored to the vision and goals
24
Data Use Strategy: Plan
Identification and Prioritization of User Roles:
Who are we serving?
• The importance of focus: You cannot be everything
to everyone
• Understanding what is important to each user role
and how that supports the overall
mission/objectives of the SLDS
25
Data Use Strategy: Plan
Identification of Uses: What types of decisions
and/or actions will the system inform?
• Ensuring the system has the data (granularity,
frequency, quality) required to appropriately inform
the identified decisions and/or actions
• Identifying the “hooks” for each user role- how will
the SLDS data help them improve their work
• Understanding how data can be applied within
users’ current context: Actionable and relevant
26
Governance
Considerations
for Planning
- Missy Cochenour, SLDS SST - Robin Nelson, DaSy Center 27
What is EC Data Governance?
• Data governance is both an organizational process and a
structure.
• It establishes responsibility for data, organizing program
area staff to collaboratively and continuously improve
data quality through the systematic creation and
enforcement of policies, roles, responsibilities, and
procedures.
• DG can be structured to support one sector (e.g., EC) or
span across sectors (e.g., P-20W) – but there are key
differences between the two.
28
What is EC Data Governance?
Data Governance:
• Helps to protect interests of stakeholders by enforcing
compliance with agreed-upon rules and regulations
regarding data management (including security)
• Outlines who can take what actions, when, with what
information, and using what methods
• Defines rules of engagement, organizational bodies,
accountable individuals, and processes
• Is formalized as a set of policies and procedures
• Encompasses the full data life-cycle
(Your resource guide has a variety of data governance resources and for more
information talk to Missy or Corey for additional EC Data Governance support)
29
Governance Process Related to Planning
• Decision Making Authority
•
Establish organizational structure with different levels of DG &
specify roles and responsibilities at each level
• Data Request Process
•
Who approves or denies the requests? Based on what criteria?
•
Recommending approval
•
Reviewing cost estimates and available resources
• Identifying users
•
Standard policies and procedures establish rules of engagement
for dealing with all levels of stakeholders
30
Interactive State
Session 1
- Missy Cochenour, SLDS SST 31
Interactive State Session 1: Plan
Early Childhood Data Use: Plan
(toolkit will be provided)
32
Key Data Uses
in Early Childhood
- Missy Cochenour, SLDS SST 33
Data use Framework
Identification of
Uses
Stakeholder
Engagement
Identification &
Prioritization of Users
Products/Resources
PLAN
CREATE
Mission & Goals
Delivery
SUPPORT
Evolution &
Sustainability
User Support
34
Key Data Uses in Early Childhood
What is driving the work in Early Childhood?
• Critical policy and program questions across agencies
and programs
Who are the potential users?
• Policymakers, program administrators, teachers,
parents, and others
Discussion question: What does the use have
to do with Privacy?
35
Key Data Uses in Early Childhood
User
Interest/Need
Example(s)
Policymakers &
Legislators
Inform policy development,
revision, and funding decisions
Resource allocation, program evaluation,
legislative actions, etc
Program leaders
Improve program
effectiveness and efficiency
Program evaluation, resource allocation,
staffing needs, community needs, program
development, program planning, etc.
Educators
Inform decisions to improve
local-level learning
environments
Resource allocation, staffing needs,
instructional approaches, student placement,
curriculum development, etc.
Researchers
Assess the impact of policies
and programs on students and
education entities
Research questions, program evaluation, policy
evaluation, etc.
Families
Support learning and inform
decisions about placement in
available schools/programs/
courses
Which schools/program to send their child to,
which classes to take to be ready for college,
resources available, etc.
36
Key Data Uses in Early Childhood
User
Policymakers & Legislators
Examples from Other States
1. Are children birth to age 5 on track to succeed when they enter school?
2. What are the education and economic returns on early childhood
investments?
3. What are the definable characteristics of the state’s Birth-8 workforce?
4. Which children and families are and are not being served by which
programs and services?
Program leaders
1.
2.
Educators
Researchers
Families
3.
4.
1.
2.
1.
2.
3.
1.
2.
What characteristics of programs are associated with positive
outcomes for which children
What characteristics of programs improve quality of services for
families?
Is my program effective?
Are my teachers prepared to meet the needs of the families we serve?
Is my class/child development on track to succeed when they enter
school?
Is ‘this’ instructional strategy working for this child?
Does the self-regulation of a child predict their school success in K?
How effective is this program? (General program evaluation)
What would the impact of increased quality standards have on the
workforce?
What is the best program for my child? Where are programs located?
Is my child on track to be ready for school?
37
FERPA and PART C
of the IDEA
- Dale King, FPCO 38
FERPA and PART C of the IDEA
Family Educational Rights and Privacy Act
(FERPA)
• FERPA provides parents the right to:
• inspect and review education records
• seek to amend education records; and
• consent to the disclosure of personally identifiable
information from education records, except as provided by law
39
FERPA and PART C of the IDEA
FERPA and IDEA Part C
• FERPA generally applies to records subject to Part C of
IDEA.
• The more specific provisions in the new Part C regulations
published on September 28, 2011, (which regulations are
consistent with, and incorporate the protections under,
FERPA) govern the confidentiality rights of infants and
toddlers with disabilities and their parents.
40
FERPA and PART C of the IDEA
IDEA Part C and Confidentiality
• Part C ensures the protection of the confidentiality of any
personally identifiable data, information, and records
collected or maintained by the Secretary under Part C and
by participating agencies, including the State lead agency
and EIS providers, in accordance with FERPA.
41
FERPA and PART C of the IDEA
Translation of Terms
FERPA
Part C
Education record
Early intervention Record
Education
Early intervention
Educational agency or institution
Participating agency
School official
Qualified EIS personnel/Service
coordinator
State educational authority
Lead agency
Student
Child under IDEA Part C
42
FERPA and PART C of the IDEA
Education Records and Early Intervention Records
FERPA: “Education records” are records that are directly related to a
student; and maintained by an educational agency or institution or by a
party acting for the agency or institution.
Part C: “Early intervention records” to mean “all records regarding a child
that are required to be collected, maintained, or used under part C of the
Act and the regulations of this part.”
Health records on students, including immunization records, maintained
by an educational agency or institution subject to FERPA are “education
records” subject to FERPA.
43
FERPA and PART C of the IDEA
Personally Identifiable Information
FERPA: includes, but is not limited to the student’s name, name of the
student’s parent or other family members, address of the student or
student’s family, social security number, student’s date of birth, place of
birth, and mother’s maiden name. Also, includes other information that,
alone or in combination, is linked or linkable to a specific student; or
information requested by a person believed to know the identity of the
student to whom the education record relates.
Part C: Means personally identifiable information as defined in 34 CFR
99.3 as amended, except that the term ‘student’ in the definition of
personally identifiable information in 34 CFR 99.3 means ‘child’ as used in
this part and any reference to ‘school’ means ‘EIS’ provider as used in this
part
44
FERPA and PART C of the IDEA
Inspection and Review of Records
FERPA: Provides that educational agency or institution , as well as the SEA,
afford parents and eligible students the right to inspect and review their
education records, within 45 days of receiving request.
Part C: Requires each participating agency to comply with a parent’s
request to inspect and review any early intervention records relating to
their children that are collected, maintained, or used by the agency
without any unnecessary delays and before any meeting regarding an IFSP,
or any hearing pursuant to §§ 303.430(d) and 303.439, and in no case
more than 10 days after the request has been made.
45
FERPA and PART C of the IDEA
Amending Records
FERPA: Affords parents the right to seek to amend information in their
child’s education records and an opportunity for a hearing to challenge the
content of education records.
Part C: Provides the same opportunity for a hearing to challenge the
content of education records as FERPA provides. Part C states that a
hearing held under § 303.411 must be conducted according to the
procedures in FERPA.
46
FERPA and PART C of the IDEA
Consent for Disclosure
FERPA: Requires that a parent or eligible student provide a signed and
dated written consent before a school discloses education records, except
for specific exceptions.
Part C: requires parental consent before PII is disclosed to parties, other
than to authorized representatives, officials, or employees of participating
agencies in order to meet Part C requirements; and parental consent
before using PII for any purpose other than meeting the requirements of
Part C.
Part C: Part C lead agency or other participating agency may not disclose
PII to any party except participating agencies (including lead agency and
EIS providers) that are part of the State’s Part C system without parental
consent, unless authorized to do so under Part C or one of the exceptions
in FERPA, where applicable to Part C.
47
FERPA and PART C of the IDEA
FERPA Exceptions to Consent Relevant to Part C
To comply with a judicial order or subpoena
To respond to a health or safety emergency
In connection with audit or evaluation of Federal or State supported
education programs, or for the enforcement of or compliance with Federal
legal requirements which relate to those programs.
Disclosure of PII from education records of children in foster care to:
“agency caseworker or other representative” of a State or local child
welfare agency (CWA) who has the right to access a student’s case plan
under State or tribal law. (Uninterrupted Scholars Act)
48
FERPA and PART C of the IDEA
Record of Access
FERPA: Contains recordkeeping requirements for both schools and SEAs.
Records must (1) be maintained as long as record is maintained; (2) include
parties who requested or received information; and (3) include legitimate
interest the parties had in receiving information.
Part C: Contains recordkeeping requirements for participating agencies.
Agencies (1) must keep a record of parties obtaining access to early
intervention records collected, maintained, or used under Part C; (2) and
include name of party, date access given, and purpose for which the party
is authorized to use the records.
49
Privacy and Governance
Considerations for Use
- Corey Chatis, SLDS SST 50
Privacy Considerations: Use Phase
Complying with FERPA:
• Under what exception does it apply?
• List the exceptions (could we create a spreadsheet to share so
they can take it home/ PTAC FAQ)
• Is there an MOU in place to share these data?
• Does it include the critical question and the related
elements?
• Aggregate and de-identified data
51
Governance Considerations: Use Phase
Data Content Management
• Clearly defined purposes explaining why data are
collected and used
Data access and use policy
• Who has what level of access to the data?
• Under what conditions?
Data request process
• Is PII absolutely necessary for this research?
• How do external parties request access to the data?
• Who approves or denies the requests? Based on what
criteria?
52
Interactive State
Session 2
- Missy Cochenour, SLDS SST 53
Interactive State Session 2: Use
Early Childhood Data Use: Use
(toolkit will be provided)
54
PTAC 101 on
Multi-Agency MOUs
- Baron Rodriguez, PTAC 55
PTAC 101 on Multi-Agency MOUs
KEY POINTS
• Audit & Evaluation is generally the exception you would use
to share data under FERPA. The Studies exception has a very
narrow focus
• PTAC can assist with review of data sharing agreements. A
few considerations:
• PTAC can’t review in regard to state/local laws, which may be more stringent
• PTAC/ED can’t give a “stamp of approval,” but can say it meets the requirements
and/or best practices set forth in the data sharing agreement checklist
• The agreement may differ depending on which exception
you use and the architecture/ownership of the various
systems. Consult with PTAC if you have questions on this.
• Utilize the PTAC checklist to get started! (Let’s go now!)
56
Early Childhood
Create Strategies
- Missy Cochenour, SLDS SST - Corey Chatis, SLDS SST57
Data use Framework
Identification of
Uses
Stakeholder
Engagement
Identification &
Prioritization of Users
Products/Resources
PLAN
CREATE
Mission & Goals
Delivery
SUPPORT
Evolution &
Sustainability
User Support
58
Data Use Strategy: Create
Stakeholder engagement: How do we involve those
whom we intend to serve?
• Establishing goals for engagement
• Setting expectations up front: what is being asked,
what will be provided
•
Communications versus input
• Leveraging existing groups
• The importance of follow-up
59
Data Use Strategy: Create
Products/Resources: What are we creating?
• Selecting tools appropriate for users
•
User population size
•
Technology skill level
• Degree of user-driven inquiry/interaction
• Creating sum greater than the parts – the power of
an aligned set of resources anchored to a core set of
critical questions
60
Data Use Strategy: Create
Delivery: How do we get it to users?
• Understanding users’ current work context
• The value of well planned rollouts
• Communication plan
• Timing based on users’ calendar
• Identifying hooks that prompt usage after initial
rollout
61
Privacy and Governance
Considerations for Create
- Baron Rodriquez, PTAC 62
Privacy Considerations: Create
• Does your MOU allow for sharing data with the particular
audience requesting?
• Have you considered your system type and data flow to
ensure you are using the correct FERPA exception?
• Does your website address all the FERPA compliance
elements needed before posting reports or accessing data
files?
• Have you considered alternative reporting mechanisms
such as aggregate data or properly de-identified data to
ease legal/risk burden on your agency?
63
Governance Considerations: Create
• Assigning different levels of data access based on their
roles and responsibilities
• Established policies and procedures to:
• Define how individual data or reports will be shared with relevant
stakeholders
• Ensure that PII is protected in public aggregate reports
• Ensure that data sharing and reporting comply with federal, state
and local laws
64
Interactive State
Session 3
- Missy Cochenour, SLDS SST 65
Interactive State Session 3: Create
Early Childhood Data Use: Create
(toolkit will be provided)
66
Perspectives on Research
Using
Early Childhood Data
67
Early Childhood Research Community Support
Various Perspectives:
• Within the state agencies (WI, Hilary Shager)
• Within a state collaborative research partner (ARC,
Sarah Argue)
• National child outcomes (ECO Center/DaSy, Kathy
Hebbeler)
• National research on EC to K12 (NCES-SLDS, DJ
Cratty)
68
State Responses to the Panel
• How does your state plan to work with
researchers? What are the benefits? The
challenges?
• What information shared by the panelist
really resonated with you?
• What would you like to know more about?
• What questions do you still have?
69
Wrap Up
Baron Rodriquez, Privacy Technical
Assistance Center
—
Missy Cochenour, SLDS State Support
Team
—
Robin Nelson, DaSy Center
70
71