Encoding? Cryptology?
War? What does all of this have
to do with educational data management and usage? A lot!
Pick up a newspaper today and you will see articles on data “breeches”
from the National Security Agency, through retail marketplace providers all the
way down to student information security concerns with the various data project
alphabet soup we all are aware in the role we play supporting data usage. Apparently there is a need for an
“Ultra-proof Enigma” for the data we steward!
It is generally recognized that while data security and
data privacy issues overlap to some degree but there are enough differences
that data privacy concerns can effectively be treated separately. Educational solutions at the school and
district levels are increasingly deployed in the cloud, and that introduces a
set of new concerns about who might be granted (or otherwise obtain) access to
student health records, discipline actions or demographic identification
information.
During the 2014 SIF Annual Meeting, at a session called
“Who Owns the Data?”, a large group of school, state and vendor representatives
determined a SIF Project Team was needed to focus on privacy issues surrounding
access to and use of sensitive student related data. This (international) Project Team will
concentrate on end user (School, Local Authority, District and State) issues
relating to student data privacy. It
will investigate the impact of educational cloud service providers and
determine what set of “common privacy policies” they must commit to in order to
meet, or where necessary exceed, FERPA and local data privacy mandates.
The work will address questions relating to:
- Who “owns” the data?
- Who “has” the data?
- Who can access the data?
- Who determines who can access the data?
- Who can change the data?
- Who defines “rules of ownership”?
- Who enforces these rules?
- Who verifies these rules are enforced?
- Are there any special requirements when data is stored in 3rd party cloud?
The group will define a set of data privacy “effective
practices” and document how those can be specified and enforced in solutions
based upon openly developed technical standards usage in marketplace provider
products and their end user customers.
Ask anyone, one of my favorite mantra is “You can’t have
passion without participation!” To participate
in this critical work drop me a line at lfruth@sifassociation.org.