CUSTOMER SERVICE. ACCOUNTABILITY. EFFICIENCY. SECURITY.
Interagency Data Team
September 12, 2018
CUSTOMER SERVICE. ACCOUNTABILTY. EFFICIENCY. SECURITY.
WELCOME, AGENDADATA TEAM NEWS
Michael BentivegnaData Visualization and Analysis PM
Office of the Chief Technology Officer
CUSTOMER SERVICE. ACCOUNTABILITY. EFFICIENCY. SECURITY.
AGENDA• Welcome, News & Updates
Michael Bentivegna, Data Visualization and Analysis PMOffice of the Chief Technology Officer
• Privacy Advisory Working GroupTurna Lewis, Privacy CounselOffice of the Chief Technology Officer
• Heath Insurance Portability & Accountability Act of 1996 (HIPAA)Phillip Husband, General Counsel & FOIA OfficerDC Health
• Family Education Rights & Privacy Act of 1974Darrell Ashton, Assistant Superintendent of Data, Assessment and ResearchOffice of the State Superintendent of Education (OSSE)
CUSTOMER SERVICE. ACCOUNTABILITY. EFFICIENCY. SECURITY.
BUSINESS INTELLIGENCE SOFTWARE UPDATES
• Tableau Production version 2018.1.1
• Major upgrade to move to 2018.2• Hold off on Desktop upgrades
• Tableau Public w/automated ETL updates • Hyper not currently supported by Informatica
Tableau extension at this time
• Met with Tableau President and CEO• Adam Selipsky
CUSTOMER SERVICE. ACCOUNTABILITY. EFFICIENCY. SECURITY.
BUSINESS INTELLIGENCE SOFTWARE UPDATES
• MicroStrategy Production Version 10.11 • MicroStrategy Dataset connector - connecting existing
enterprise dataset (PeopleSoft, Procurement, QuickBase, etc.) to any other dashboard in the agency’s own MicroStrategy projects based on the user’s security definition.
CUSTOMER SERVICE. ACCOUNTABILITY. EFFICIENCY. SECURITY.
GIS SOFTWAREDC AGOL – ARCGIS ONLINE/PORTAL
- Reach users by sharing maps imbedded in web pages and through web applications
- Easily Add DC GIS Data- Leverage ready to use apps,
Story Maps, Survey tools and data collection applications.
- Use custom templates- Easy access to Mobile- Create Map/BI Galleries- Data Initiatives Pages
(http://opendata.dc.gov/)- Hybrid of Cloud/DC GIS
Infrastructure- Included with citywide Esri
ELAhttp://dcgis.maps.arcgis.comhttps://dcgis.dc.gov/
• ArcGIS Server Upgrade to version 10.6 scheduled for 9/20
• ArcGIS Portal version at 10.6.1
CUSTOMER SERVICE. ACCOUNTABILITY. EFFICIENCY. SECURITY.
TRAINING FOR TABLEAU
• Tableau Intro & Intermediate (Eventbrite –search Tableau)
• Introductory training• September 19 and October 20 (Both full)
• October 31 - November 1
• Intermediate training• October 3 - 4
• November 7 - 8
CUSTOMER SERVICE. ACCOUNTABILITY. EFFICIENCY. SECURITY.
TRAINING FOR MS AND GIS
• MicroStrategy Intro Classes (Eventbrite –search MicroStrategy)
• October 23 - 24
• November 27 - 28
• December 18 - 19
• GIS (PeopleSoft – request training – Search by name “GIS” or course number)
• 230 Overview DC GIS Services February 6
• 233 ArcGIS Online January 16
CUSTOMER SERVICE. ACCOUNTABILITY. EFFICIENCY. SECURITY.
PRIVACY ADVISORY WORKING GROUP
Turna Lewis, Privacy CounselOffice of the Chief Technology Officer
CUSTOMER SERVICE. ACCOUNTABILITY. EFFICIENCY. SECURITY.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Phillip Husband, General CounselDC Health
Family Educational Rights and Privacy Act (FERPA)
The BasicsSeptember 12, 2018
Darrell Ashton, Assistant Superintendent of Data, Assessment, and ResearchOffice of the State Superintendent of Education
Goal for Today
Provide information to help you understand:• The basics of FERPA and how it protects the privacy
of student data• OSSE’s requirements under FERPA• How OSSE shares data with other agencies in the
context of FERPA requirements
12
Agenda
• What Is FERPA?• Key FERPA Definitions
– Education record– Personally identifiable information (PII)
• OSSE and FERPA– How OSSE Shares Data Under FERPA– Written Agreement Requirements
• What This All Means for You
13
What is FERPA?• Family Educational Rights and Privacy Act (20 U.S.C. §
1232g; 34 CFR Part 99)• Federal privacy law that gives parents / guardians the
right to:– Receive access to their child’s education records– Seek to have those records amended– Consent (in writing) to the disclosure of personally
identifiable information (PII) from education records, except as provided by law
– File a complaint with the Family Policy Compliance Office about alleged violations
14
What Is an Education Record?
• Information recorded in any format, including, but not limited to, handwriting, print, computer, video, audio, film, that is directly related to a student
• Maintained by an educational agency or institution
Because education records relate directly to a student, they contain personally identifiable information (PII).
15
What Is PII?
Personally Identifiable Information (PII) is information that, alone or in combination, can be linked to a specific student including but not limited to:• Name of student, parents, or other family members• Address of student, parents, or other family
members• Personal identifier, e.g., Social Security Number, OSSE
unique student identifier (USI), biometric record• Indirect identifiers, e.g. date of birth, place of birth,
mother’s maiden name
16
What Are Penalties for Violating FERPA?
The U.S. Secretary of Education could:• Withhold further federal funds• Compel compliance by issuing a cease and desist
order• Terminate eligibility to receive funding under any
applicable program
*If the violation were made by an entity with which OSSE has shared data, OSSE could also be held liable if OSSE did not use reasonable methods to ensure the entity’s compliance with FERPA.
17
OSSE and FERPA
• The majority of information about children and students maintained by OSSE is provided by local education agencies (LEAs), schools and licensed child development facilities.
• OSSE is a custodian and steward of these data.• OSSE has responsibilities for protecting the privacy of
these data, including complying with and enforcing FERPA when sharing these data for any purposes.
*Be aware: - Although there are a few notable differences, LEAs have similar roles and
responsibilities, including under FERPA.- The Office of the Deputy Mayor for Education (DME) is also considered a
state education agency for purposes of FERPA.
18
What PII Does OSSE Maintain?
Some examples:
Student name Disability statusDate of birth IEPParent name and contact information
English Learner status
Race/ethnicity Bus route (OSSE transportation)
Gender PARCC scoresAttendance DisciplineUnique student identifier (USI) Social Security number
19
How OSSE Can Share Data Under FERPA
FERPA permits sharing data with to third parties under certain circumstances. OSSE is typically authorized to disclose data for reasons that include: • Pursuant to parent or student rights under FERPA• Sharing information back with LEAs, schools, and
educators about their students• Lawyer or court order• Written data sharing agreements under a legal
exception to parental consent
20
FERPA Exceptions That Apply to OSSE
• Two main exceptions to parental consent apply to OSSE:– Authorized representative. Allows sharing data to
other agencies conducting audit, evaluation, or enforcement activities related to federal- or state-supported education programs on OSSE’s behalf
– Research studies. Allows sharing data for research for specific purposes on behalf of schools.
21
Written Agreement Best Practices
Best practices under FERPA require that agreements:• Describe the relationship between the parties sharing
and receiving data• State the specific purpose(s) for which the
information is being shared• List the specific data elements being shared• Prohibit re-disclosure• Require data destruction at the end of the agreement
or when the data are no longer needed for the purpose(s) of the agreement
22
Written Agreement Best Practices
Best practices (continued)• Specify an end date• Name data points of contact• Maintain the right to audit and monitor compliance• Require compliance with all legal requirements to
maintain the data securely• Specify requirements in the case of a data breach,
including responsibilities and procedures for notification and mitigation
23
What This Means for You
To receive data from OSSE, you will have to:• Sign and abide by a written agreement, based on
FERPA best practices (we have templates for that)• Not use the data for any purposes not in the
agreement• Not share OSSE data with any other entities without
approval from OSSE• Be able to maintain the data securely• Submit to compliance monitoring of the agreement
24
What This Means to YouWhat This Means for You (continued)• Be able to destroy all OSSE data at the end of the
agreement and certify that you have done so• Respond to all OSSE communications about
violations of the agreement, or face the possibility of not having access to OSSE data in the future
• In some cases, provide advance copies of publications so OSSE can ensure you have protected the privacy of student data
25
Questions
26
Additional Resources
OSSE: • Darrell Ashton, Division of Data, Assessment &
Research, [email protected]• OSSE & Federal Privacy Laws
U.S. Department of Education • Privacy Technical Assistance Center • FERPA website including FERPA regulations
Data Quality Campaign • A Stoplight for Student Data Use
27
CUSTOMER SERVICE. ACCOUNTABILITY. EFFICIENCY. SECURITY.
OPEN DISCUSSION
NEXT MEETING TENTATIVELY SCHEDULED FOR DECEMBER
THANK YOU