This page (updated in September 2020) includes resources related to best practices for implementing data security agreements and addressing confidentiality/privacy issues when using and reporting administrative data.
This brief offers an overview of key concepts and content to be covered in privacy and security plans for state longitudinal data systems (SLDS) agencies as well as methods of developing and implementing these plans. It draws on best practices identified by the Privacy Technical Assistance Center (PTAC) and includes examples of privacy and security plans from Wisconsin and Kentucky.
To ensure that federally funded work related to statewide longitudinal data systems (SLDS) adequately protects the privacy and well-being of the individuals whose data they contain, the US Department of Education (ED) requires states to have their SLDS grant-funded projects undergo the same processes as other research grants to determine whether they require institutional review board (IRB) approval. This publication describes ED's IRB requirement for SLDS grantees and offers expert perspectives and tips for states approaching the IRB review process.
This spotlight highlights two states, California and Louisiana, with laws that strongly regulate data access. It describes how their state education agencies have adapted their data management and data use procedures to comply with state requirements while continuing to meet their reporting and operational needs.
This webinar highlights stories from Part C Coordinators who have or are developing collaborative data sharing agreements that allow them to share Part C data with their Early Hearing Detection and Intervention Program (EHDI).
This resource describes components of a data sharing agreement, outlines steps in developing an agreement, and includes examples of data sharing agreements.
This brief summarizes of a webinar on confidentiality issues faced by early childhood education programs that manage, view, and share data on children and/or interface with integrated and longitudinal data systems. It addresses select restrictions in place under Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPPA), and includes a list of commonly-asked questions and answers on the topic as well as a record of those asked and answered during the webinar.
The Administration for Children and Families (ACF) developed this Confidentiality Toolkit to help jurisdictions successfully navigate the delicate balance between privacy and security with the delivery of efficient and effective services. The Confidentiality Toolkit analyzes, explains and aids states and local jurisdictions in the navigation of a number of federal laws that impact the implementation of human services. Embedded throughout are success stories and sample documents from across the country from which jurisdictions using the Toolkit can borrow freely. This Toolkit has been developed for leaders in the human service field, to support their best efforts to share information across silos. (author abstract)
This document is intended to assist early childhood stakeholders in maintaining compliance with privacy and confidentiality requirements under IDEA and FERPA. It reviews the terminology used to describe data de-identification as well as related concepts and approaches; provides general best practice de-identification strategies and statistical techniques to protect children against data disclosures; and identifies additional resources on applicable IDEA and FERPA requirements.
This checklist is designed to assist stakeholder organizations with establishing and maintaining a successful data governance program by summarizing the key data privacy and security components of such a program and listing specific best practice action items.
This checklist is designed to assist stakeholder organizations with developing and maintaining a successful data security program by listing essential components that should be considered when building such a program, with focus on solutions and procedures relevant for supporting data security operations of educational agencies.
This 2014 document is an adaptation of the 2012 release of "Data Sharing Agreement Checklist" intended for K-12 audiences. Presented as a checklist, the document summarizes the requirements for the written agreements under the audit or evaluation exception that is specified in FERPA and that also applies to the IDEA for Part C early intervention and Part B 619 preschool special education.
The purpose of this checklist is to define a data use policy and provide best practices for using student data.
This white paper reviews some of the most relevant U.S. privacy laws and discusses how they provide a strong legal framework that governs Federal agencies, using the Census Bureau's Data Stewardship program as a case study. The paper then considers a range of protocols used by different agencies to provide researcher access to restricted data, such as the National Center for Education Statistics data licensing program.
The Statewide Longitudinal Data Systems Grant Program offers a variety of support resources.
The Toolkit briefly introduces each important principle of data stewardship for communities using health data. It provides both broad background information and tips for data users. Descriptions of stewardship principles are provided, along with checklists for each principle.
This document is intended to assist elementary and secondary schools and local educational agencies (LEAs or "districts") in achieving greater transparency with respect to their data practices.
The purpose of this document is to provide a case study to illustrate best practices for minimizing access to sensitive information with education data maintained in a statewide longitudinal data system.
This presentation acknowledges the various legal, technical, and political barriers faced when trying to access and use administrative data.
This report provides practical steps for how to establish a data governance structure.
This resource provides guidance for preparing data sharing agreements for administrative data. It builds on existing materials by pulling together relevant information from multiple sources into one document and sharing guidance from researchers with experience developing such agreements. It also includes examples of data sharing agreements (see Appendix A).
To help groups improve their data policies and practices, this guide assembles lessons from the experiences of partners in the National Neighborhood Indicators Partnership network and similar organizations. The guide presents advice and annotated resources for: protecting privacy and human subjects, ensuring data security, and managing the data life cycle. While applicable for non-sensitive data, the guide is geared for managing confidential data, such as data used in integrated data systems or Pay-for-Success programs.
This toolkit provides tools for integrating data for policy and program improvement in government setting. In addition to a step-by-step guide to communication and engagement on data privacy, the toolkit includes action-oriented appendices, including worksheets, checklists, exercises, and additional resources.
Home visiting programs typically collect sensitive information about family characteristics, risk factors, and services received. States may choose to integrate these data with other early childhood data to learn more about the reach and effectiveness of the services and supports that families receive. As more states begin to integrate data across early childhood programs, data integration leaders should consider how the privacy and security of home visiting data are maintained when shared across organizations or integrated with other early childhood data. (author abstract)
This document provides specific, practical recommendations for state education agencies as they safeguard student data and review and update their data privacy policies and practices to address changes in technology.
This spotlight highlights two states, California and Louisiana, with laws that strongly regulate data access. It describes how their state education agencies have adapted their data management and data use procedures to comply with state requirements while continuing to meet their reporting and operational needs. (author abstract)
The Data Destruction Document is a best practices guide on properly destroying sensitive student data after it is no longer needed. It details the life cycle of data and discusses various legal requirements relating to the destruction of data under FERPA, and examines a variety of methods for properly destroying data. The guide also discusses best practices for data destruction and provides some real-world examples of how to implement it within your organization. (author abstract)
In this paper we consider ways to facilitate researchers' access to administrative data collected about individuals and their families in the course of providing public benefits. In most cases, applicants to social welfare programs are required to disclose private information deemed essential to determining eligibility for those programs. Individuals who are otherwise eligible for services but who refuse to provide information may be denied those services. Most people forgo privacy in these circumstances; that is, they decide to provide personal information in order to obtain public benefits. They believe that they have little choice but to provide the requested information. Consequently, it is widely agreed that the uses of this information should be limited through confidentiality restrictions to avoid unwanted disclosures about the lives of those who receive government services.
This white paper details many of the barriers to using administrative data for evidence-building and how resource and capacity concerns can constrain the functional access and use of data even when legal and policy issues are resolved. The paper also provides a case study on how these barriers interact with access to various sources of wage data for evidence-building purposes.
This document provides an overview of various methods for disposing of electronic data, and discusses how these methods relate to legal requirements and established best practices for protecting student information.