Encoding? Cryptology? War? What does all of this have to do with educational data management and usage? A lot! Pick up a newspaper today and you will see articles on data “breeches” from the National Security Agency, through retail marketplace providers all the way down to student information security concerns with the various data project alphabet soup we all are aware in the role we play supporting data usage. Apparently there is a need for an “Ultra-proof Enigma” for the data we steward!
It is generally recognized that while data security and data privacy issues overlap to some degree but there are enough differences that data privacy concerns can effectively be treated separately. Educational solutions at the school and district levels are increasingly deployed in the cloud, and that introduces a set of new concerns about who might be granted (or otherwise obtain) access to student health records, discipline actions or demographic identification information.
During the 2014 SIF Annual Meeting, at a session called “Who Owns the Data?”, a large group of school, state and vendor representatives determined a SIF Project Team was needed to focus on privacy issues surrounding access to and use of sensitive student related data. This (international) Project Team will concentrate on end user (School, Local Authority, District and State) issues relating to student data privacy. It will investigate the impact of educational cloud service providers and determine what set of “common privacy policies” they must commit to in order to meet, or where necessary exceed, FERPA and local data privacy mandates.
The work will address questions relating to:
- Who “owns” the data?
- Who “has” the data?
- Who can access the data?
- Who determines who can access the data?
- Who can change the data?
- Who defines “rules of ownership”?
- Who enforces these rules?
- Who verifies these rules are enforced?
- Are there any special requirements when data is stored in 3rd party cloud?
The group will define a set of data privacy “effective practices” and document how those can be specified and enforced in solutions based upon openly developed technical standards usage in marketplace provider products and their end user customers.
Ask anyone, one of my favorite mantra is “You can’t have passion without participation!” To participate in this critical work drop me a line at firstname.lastname@example.org.