privacy and security in early childhood data use

1

Privacy and Security in Early Childhood Data Use

Thursday August 1, 2013

Baron Rodriquez, PTAC DirectorDale King, FPCO Director

Corey Chatis, State Support TeamMissy Cochenour, State Support Team

Robin Nelson, DaSy Center

2

Welcome & Introductions- Robin Nelson, DaSy Center -- Missy Cochenour, SLDS SST -

3

• Develop understanding of key privacy issues in using data in early childhood

• Increase understanding of how to use early childhood data from planning through sustainability

• Review analysis of research questions for policy, program, and practice at various administration levels

• Learn about FERPA & HIPAA impact on development of EC research questions and sharing of data across agencies and with external audiences

• Develop state tools to take back to state to inform data use

Objectives for the Day

4

As a state, discuss what you hope to learn today and how each of you fit into the state picture around early childhood integrated data systems, both now and in the future.

Introductions

5

Data Use Framework

CREATESUPPORTPLAN

6

Privacy Considerations in Using Early

Childhood Data- Baron Rodriguez, PTAC -

7

What legal obligation do EC educational agencies and institutions have to protect PII from students records?

• Privacy of individual student records are protected under FERPA• Other Federal, State ,and local laws, such as HIPAA and IDEA, may

also apply

• Determine how/which information is going to flow between agencies to help assess which laws may apply

• Develop data sharing agreements which ensure data is only shared for authorized purposes and adequately protected at all times.

Privacy Considerations in Using Early Childhood Data

8


FERPA’s Audit and Evaluation Exception

A state or local educational authority may designate a third party as their “authorized representative” and then disclose PII from education records to them for the purposes of conducting an audit or evaluation of a federal or state-supported education program.

9


FERPA’s Audit and Evaluation Exception – Requirements

• Disclosing entity must be a state or local educational authority• Must be for the evaluation of a federal or state-supported

education program• Must use a written agreement to designate the recipient as the

authorized representative• The written agreement must include a number of required

elements

(see “Guidance on Reasonable Methods and Written Agreements”)

10


FERPA’s Audit and Evaluation Exception - Requirements (cont’d)

The recipient must:

• Comply with the terms of the written agreement;

• Use the PII only for the authorized purpose;

• Protect the PII from further disclosure or other uses;

• Destroy the PII when no longer needed for the evaluation.


Non-Profit Scenarios

Ray Marshall Center & Austin ISD

Midwest school district & large non-profit

12

SLDSData Use Framework

- Corey Chatis, SLDS SST -

13

Data Use Framework

CREATE

SUPPORT

PLAN

14

Data Use Framework: PLAN

• Mission and Goals

– What is the point?CREATE

SUPPORT

PLAN

15

Data Use Framework: PLANMission and Goals

– What is the point?

Identification and prioritization of users

• Who are we serving?

CREATE

SUPPORT

PLAN

16

Data Use Framework: PLANMission and Goals

– What is the point?

Identification and prioritization of users

• Who are we serving?

Identification of uses

• What types of decisions and/or actions will the system inform?

CREATE

SUPPORT

PLAN

17

Data Use Framework: CREATEStakeholder engagement

– How do we involve those whom we intend to serve? CREATE

SUPPORT

PLAN

18


– How do we involve those whom we intend to serve?

Products/Resources

–What types of products/ resources will the SLDS generate?

CREATE

SUPPORT

PLAN

19


– How do we involve those whom we intend to serve?

Products/Resources

–What types of products/ resources will the SLDS generate?

Delivery

– How will you deliver data to key users?

CREATE

SUPPORT

PLAN

20

Data Use Framework: SUPPORTUser support

– How will users know how to use the system?

– How will users understand the data provided by the system?

– How will users know what to do with the data provided by the system?

CREATE

SUPPORT

PLAN

21

Data Use Framework: SUPPORT (continued)

Evolution and Sustainability

– How do we continue to support users and their needs as they expand and evolve?

– How do we make the system an essential resource for users?

– How do we ensure we have the resources to continue meeting users’ needs?

CREATE

SUPPORT

PLAN

22

Data use Framework

Mission & Goals

Identification & Prioritization of Users

Identification of Uses Stakeholder

Engagement

Products/Resources

Delivery

User SupportEvolution & Sustainability

CREATE

SUPPORT

PLAN

23

Data Use Strategy: Plan- Corey Chatis, SLDS SST -

Mission and Goals: What is the point?

• Defining and communicating a common vision• Establishing clear goals, defining success – the value

of logic chains• Ensuring that all subsequent decisions regarding

tools, products, training, communication, etc. are anchored to the vision and goals

24

Data Use Strategy: Plan

Identification and Prioritization of User Roles:Who are we serving?

• The importance of focus: You cannot be everything to everyone• Understanding what is important to each user role

and how that supports the overall mission/objectives of the SLDS

25


Identification of Uses: What types of decisions and/or actions will the system inform?

• Ensuring the system has the data (granularity, frequency, quality) required to appropriately inform the identified decisions and/or actions• Identifying the “hooks” for each user role- how will

the SLDS data help them improve their work• Understanding how data can be applied within

users’ current context: Actionable and relevant

26


27

Governance Considerations

for Planning - Missy Cochenour, SLDS SST -- Robin Nelson, DaSy Center -

28

• Data governance is both an organizational process and a structure.

• It establishes responsibility for data, organizing program area staff to collaboratively and continuously improve data quality through the systematic creation and enforcement of policies, roles, responsibilities, and procedures.

• DG can be structured to support one sector (e.g., EC) or span across sectors (e.g., P-20W) – but there are key differences between the two.

What is EC Data Governance?

29

Data Governance: • Helps to protect interests of stakeholders by enforcing compliance

with agreed-upon rules and regulations regarding data management (including security)

• Outlines who can take what actions, when, with what information, and using what methods

• Defines rules of engagement, organizational bodies, accountable individuals, and processes

• Is formalized as a set of policies and procedures• Encompasses the full data life-cycle

(Your resource guide has a variety of data governance resources and for more information talk to Missy or Corey for additional EC Data Governance support)

What is EC Data Governance?

30

• Decision Making Authority• Establish organizational structure with different levels of DG &

specify roles and responsibilities at each level

• Data Request Process• Who approves or denies the requests? Based on what criteria?

• Recommending approval

• Reviewing cost estimates and available resources

• Identifying users• Standard policies and procedures establish rules of engagement

for dealing with all levels of stakeholders

Governance Process Related to Planning

31

Interactive State Session 1

- Missy Cochenour, SLDS SST -

32

Early Childhood Data Use: Plan

(toolkit will be provided)

Interactive State Session 1: Plan

33

Key Data Uses in Early Childhood


34

Data use Framework

Mission & Goals



Engagement

Products/Resources

Delivery


CREATE

SUPPORT

PLAN

35

What is driving the work in Early Childhood?• Critical policy and program questions across agencies

and programs

Who are the potential users?• Policymakers, program administrators, teachers,

parents, and others

Discussion question: What does the use have to do with Privacy?


36

User Interest/Need Example(s)

Policymakers & Legislators

Inform policy development, revision, and funding decisions

Resource allocation, program evaluation, legislative actions, etc

Program leaders Improve program effectiveness and efficiency

Program evaluation, resource allocation, staffing needs, community needs, program development, program planning, etc.

Educators Inform decisions to improve local-level learning environments

Resource allocation, staffing needs, instructional approaches, student placement, curriculum development, etc.

Researchers Assess the impact of policies and programs on students and education entities

Research questions, program evaluation, policy evaluation, etc.

Families Support learning and inform decisions about placement in available schools/programs/ courses

Which schools/program to send their child to, which classes to take to be ready for college, resources available, etc.


37

User Examples from Other StatesPolicymakers & Legislators 1. Are children birth to age 5 on track to succeed when they enter school?

2. What are the education and economic returns on early childhood investments?

3. What are the definable characteristics of the state’s Birth-8 workforce? 4. Which children and families are and are not being served by which

programs and services?

Program leaders 1. What characteristics of programs are associated with positive outcomes for which children

2. What characteristics of programs improve quality of services for families?

3. Is my program effective?4. Are my teachers prepared to meet the needs of the families we serve?

Educators 1. Is my class/child development on track to succeed when they enter school?

2. Is ‘this’ instructional strategy working for this child?Researchers 1. Does the self-regulation of a child predict their school success in K?

2. How effective is this program? (General program evaluation)3. What would the impact of increased quality standards have on the

workforce?

Families 1. What is the best program for my child? Where are programs located?2. Is my child on track to be ready for school?


38

FERPA and PART C of the IDEA

- Dale King, FPCO -

39


Family Educational Rights and Privacy Act (FERPA)

• FERPA provides parents the right to: • inspect and review education records

• seek to amend education records; and

• consent to the disclosure of personally identifiable information from education records, except as provided by law

40


FERPA and IDEA Part C• FERPA generally applies to records subject to Part C of

IDEA.• The more specific provisions in the new Part C regulations

published on September 28, 2011, (which regulations are consistent with, and incorporate the protections under, FERPA) govern the confidentiality rights of infants and toddlers with disabilities and their parents.

41

IDEA Part C and Confidentiality• Part C ensures the protection of the confidentiality of any

personally identifiable data, information, and records collected or maintained by the Secretary under Part C and by participating agencies, including the State lead agency and EIS providers, in accordance with FERPA.


42


Translation of TermsFERPA Part C

Education record Early intervention Record

Education Early intervention

Educational agency or institution Participating agency

School official Qualified EIS personnel/Service coordinator

State educational authority Lead agency

Student Child under IDEA Part C

43

Education Records and Early Intervention RecordsFERPA: “Education records” are records that are directly related to a student; and maintained by an educational agency or institution or by a party acting for the agency or institution.

Part C: “Early intervention records” to mean “all records regarding a child that are required to be collected, maintained, or used under part C of the Act and the regulations of this part.”

Health records on students, including immunization records, maintained by an educational agency or institution subject to FERPA are “education records” subject to FERPA.


44

Personally Identifiable InformationFERPA: includes, but is not limited to the student’s name, name of the student’s parent or other family members, address of the student or student’s family, social security number, student’s date of birth, place of birth, and mother’s maiden name. Also, includes other information that, alone or in combination, is linked or linkable to a specific student; or information requested by a person believed to know the identity of the student to whom the education record relates.

Part C: Means personally identifiable information as defined in 34 CFR 99.3 as amended, except that the term ‘student’ in the definition of personally identifiable information in 34 CFR 99.3 means ‘child’ as used in this part and any reference to ‘school’ means ‘EIS’ provider as used in this part


45

Inspection and Review of RecordsFERPA: Provides that educational agency or institution , as well as the SEA, afford parents and eligible students the right to inspect and review their education records, within 45 days of receiving request.

Part C: Requires each participating agency to comply with a parent’s request to inspect and review any early intervention records relating to their children that are collected, maintained, or used by the agency without any unnecessary delays and before any meeting regarding an IFSP, or any hearing pursuant to §§ 303.430(d) and 303.439, and in no case more than 10 days after the request has been made.


46

Amending RecordsFERPA: Affords parents the right to seek to amend information in their child’s education records and an opportunity for a hearing to challenge the content of education records.

Part C: Provides the same opportunity for a hearing to challenge the content of education records as FERPA provides. Part C states that a hearing held under § 303.411 must be conducted according to the procedures in FERPA.


47

Consent for DisclosureFERPA: Requires that a parent or eligible student provide a signed and dated written consent before a school discloses education records, except for specific exceptions.

Part C: requires parental consent before PII is disclosed to parties, other than to authorized representatives, officials, or employees of participating agencies in order to meet Part C requirements; and parental consent before using PII for any purpose other than meeting the requirements of Part C.

Part C: Part C lead agency or other participating agency may not disclose PII to any party except participating agencies (including lead agency and EIS providers) that are part of the State’s Part C system without parental consent, unless authorized to do so under Part C or one of the exceptions in FERPA, where applicable to Part C.


48

FERPA Exceptions to Consent Relevant to Part CTo comply with a judicial order or subpoena

To respond to a health or safety emergencyIn connection with audit or evaluation of Federal or State supported education programs, or for the enforcement of or compliance with Federal legal requirements which relate to those programs.

Disclosure of PII from education records of children in foster care to: “agency caseworker or other representative” of a State or local child welfare agency (CWA) who has the right to access a student’s case plan under State or tribal law. (Uninterrupted Scholars Act)


49

Record of AccessFERPA: Contains recordkeeping requirements for both schools and SEAs. Records must (1) be maintained as long as record is maintained; (2) include parties who requested or received information; and (3) include legitimate interest the parties had in receiving information.

Part C: Contains recordkeeping requirements for participating agencies. Agencies (1) must keep a record of parties obtaining access to early intervention records collected, maintained, or used under Part C; (2) and include name of party, date access given, and purpose for which the party is authorized to use the records.


50

Privacy and Governance Considerations for Use

- Corey Chatis, SLDS SST -

51

Complying with FERPA:

• Under what exception does it apply?• List the exceptions (could we create a spreadsheet to share so

they can take it home/ PTAC FAQ)

• Is there an MOU in place to share these data?• Does it include the critical question and the related

elements?• Aggregate and de-identified data

Privacy Considerations: Use Phase

52

Data Content Management• Clearly defined purposes explaining why data are collected

and usedData access and use policy• Who has what level of access to the data? • Under what conditions?

Data request process• Is PII absolutely necessary for this research?• How do external parties request access to the data?• Who approves or denies the requests? Based on what

criteria?

Governance Considerations: Use Phase

53



54

Early Childhood Data Use: Use


Interactive State Session 2: Use

55

PTAC 101 on Multi-Agency MOUs

- Baron Rodriguez, PTAC -

56

KEY POINTS

• Audit & Evaluation is generally the exception you would use to share data under FERPA. The Studies exception has a very narrow focus

• PTAC can assist with review of data sharing agreements. A few considerations:• PTAC can’t review in regard to state/local laws, which may be more stringent

• PTAC/ED can’t give a “stamp of approval,” but can say it meets the requirements and/or best practices set forth in the data sharing agreement checklist

• The agreement may differ depending on which exception you use and the architecture/ownership of the various systems. Consult with PTAC if you have questions on this.

• Utilize the PTAC checklist to get started! (Let’s go now!)

PTAC 101 on Multi-Agency MOUs

57

Early Childhood Create Strategies

- Missy Cochenour, SLDS SST -- Corey Chatis, SLDS SST-

58

Data use Framework

Mission & Goals



Engagement

Products/Resources

Delivery


CREATE

SUPPORT

PLAN

Stakeholder engagement: How do we involve those whom we intend to serve?

• Establishing goals for engagement• Setting expectations up front: what is being asked,

what will be provided• Communications versus input

• Leveraging existing groups• The importance of follow-up

59

Data Use Strategy: Create

Products/Resources: What are we creating?

• Selecting tools appropriate for users• User population size

• Technology skill level

• Degree of user-driven inquiry/interaction• Creating sum greater than the parts – the power of

an aligned set of resources anchored to a core set of critical questions

60


Delivery: How do we get it to users?

• Understanding users’ current work context• The value of well planned rollouts• Communication plan

• Timing based on users’ calendar

• Identifying hooks that prompt usage after initial rollout

61


62

Privacy and Governance Considerations for Create

- Baron Rodriquez, PTAC -

• Does your MOU allow for sharing data with the particular audience requesting?• Have you considered your system type and data flow to

ensure you are using the correct FERPA exception?• Does your website address all the FERPA compliance

elements needed before posting reports or accessing data files?• Have you considered alternative reporting mechanisms

such as aggregate data or properly de-identified data to ease legal/risk burden on your agency?

63

Privacy Considerations: Create

64

• Assigning different levels of data access based on their roles and responsibilities• Established policies and procedures to:• Define how individual data or reports will be shared with relevant

stakeholders

• Ensure that PII is protected in public aggregate reports

• Ensure that data sharing and reporting comply with federal, state and local laws

Governance Considerations: Create

65



66

Early Childhood Data Use: Create


Interactive State Session 3: Create

67

Perspectives on ResearchUsing

Early Childhood Data

68

Various Perspectives:

• Within the state agencies (WI, Hilary Shager)• Within a state collaborative research partner (ARC,

Sarah Argue)• National child outcomes (ECO Center/DaSy, Kathy

Hebbeler)• National research on EC to K12 (NCES-SLDS, DJ

Cratty)

Early Childhood Research Community Support

69

• How does your state plan to work with researchers? What are the benefits? The challenges?•What information shared by the panelist

really resonated with you?•What would you like to know more about?•What questions do you still have?

State Responses to the Panel

70

Baron Rodriquez, Privacy Technical Assistance Center

—Missy Cochenour, SLDS State Support

Team—

Robin Nelson, DaSy Center

Wrap Up

71

Questions & Answers

Thank you!!

privacy and security in early childhood data use

Documents

early childhood data

data useobjectives

early childhoodincrease

state picture

state support teamrobin

use lbribetween plan

create56privacy considerations

key privacy issues