Skip to main content

Currently Skimming:

2 Balancing Privacy, Confidentiality, and Access at the U.S. Department of Education
Pages 9-22

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 9...
... to inspect and review education records, to seek to amend education records, and to consent to disclosure of personally identifiable information from education records. The law applies to education agencies that receive funding from the department, including public elementary and secondary schools, 
From page 10...
... The new rules would make it easier for state and local education agencies to redisclose information to each other, such as when a state department of education discloses student K-12 education records to a state higher education commission in order to track individual student achievement over time. The proposed rules would also update and clarify the definition of personally identifiable information and provide standards for removing all personally identifiable information from education data, as necessary or appropriate to release the information as deidentified data.
From page 11...
... The major challenge to advancing this goal, in his view, is that FERPA has been interpreted to lodge virtually all control of student data in individual schools and institutions of higher education. The department's regulations state that FERPA covers local education agencies, including public schools and higher education institutions, but not state education agencies. Echoing Campbell, Winnick said that FERPA prohibits these agencies and institutions from disclosing personally identifiable education records without written parental consent, unless the disclosure is covered by a list of exceptions.
From page 12...
... In addition, FERPA does not prohibit creating a state data warehouse, obtaining personally identifiable information from student education records, or using these data to evaluate schools, districts, postsecondary institutions, and programs, including making accountability determinations. State education agency employees and contractors engaged by the state may review and analyze personally identifiable information for these purposes.
From page 13...
... However, he indicated that the proposed regulation does not provide for state education authorities to enter these research agreements, thus undermining a key purpose for the state education data systems. Winnick pointed out that the Department of Education's own National Center for Education Statistics, which is subject to the same FERPA provisions as state data systems, has a long-standing practice of entering licensing agreements with third-party research organizations to use student data for research studies.
From page 14...
... In the discussion that followed Campbell's presentation, Marilyn Seastrom (National Center for Education Statistics) explained that one impetus for the proposed new regulations was to address the states' uncertainty about the meaning of "for, or on behalf of." This language, she said, put the state in the position of endorsing that a proposed research study would be useful to the school or local education agency, causing them to be very cautious about disclosing education records for studies.
From page 15...
... The report cards must also include information on the percentage of students not tested, two-year trend data by subject and grade, each school's status in attaining adequate yearly progress, the professional qualifications of teachers, and other data. Santy explained that, as the states have increased their public reporting of aggregated educational achievement and school accountability data over the past few years, they have received more requests from outside education organizations and researchers for access to their data in a form that is more usable than the report cards.
From page 16...
... Santy outlined several questions about confidentiality facing the states as they cooperate with the Department of Education, the Data Quality Campaign, and the State Education Data Center to share and report their performance data. The No Child Left Behind Act includes provisions designed to protect the confidentiality of student records, directing   See http://www.schooldatadirect.org/.
From page 17...
... DATA LICENSING SYSTEM OF THE national center for education statistics The National Center for Education Statistics at the Department of Education balances confidentiality with research access through a data licensing system, described by Marilyn Seastrom. Seastrom opened by noting that the center uses somewhat different disclosure protections for its own sample survey data than for administrative data owned and maintained by the states.
From page 18...
... confidentiality law, states that no person may •  se any individually identifiable information collected under an u Education Sciences Reform Act nondisclosure pledge for any non statistical purpose, except in the case of terrorism; •  ake any publication whereby the data for a particular person can m be identified; or •  ermit anyone other than the individuals authorized by the direc p tor to examine the individual reports. In addition, both this law and CIPSEA regulations exempt the center's individually identifiable data from the legal process, including requests from the public under the Freedom of Information Act.
From page 19...
... This analysis software system provides online tabulations in a framework that allows external users to analyze individually identifiable data without direct access to individual data records. In the data licensing system, center data security staff issue licenses for access to restricted-use data, while contracted security investigators conduct inspections to ensure that the confidentiality provisions of the license are met.
From page 20...
... For example, the restricteduse data must be loaded and run on a standalone computer, any network devices must be disconnected when the restricted-use data are installed and used on the computer, and the data must be purged and overwritten prior to reattaching to any network. Seastrom explained that contracted security personnel monitor compliance with all aspects of the security plan and security requirements, which limit data use to a secure room or office, require a password (which must be changed every three months)
From page 21...
... Miron Straf asked whether, under the law, a licensed researcher who discovered individually identifiable information in restricted-use data provided by the center was responsible for protecting that information. Seastrom agreed that, in this case, the burden of protection would lie with the researcher.


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.