SIF Association

This blog is run by the staff of the SIF (Schools/Systems Interoperability Framework) Association for the use of it's members and the general educational community.

It is specifically designed for those who are interested in understanding what SIF is about, where the standard is going and how Schools, Districts and State Educational Authorities will benefit.



Monday, June 16, 2014

Coding the Code...

If you are a history and/or movie fan you may be familiar with the story of the Enigma machine.  Made popular in the movie U-571, the Enigma machine was invented at the end of WW1 and then utilized mostly by the Germans in WW2 to encipher and decipher wartime communications.  Eventually the Enigma machines functionality were undone by British cryptologist in a project codenamed “Ultra” speeding up the end of the war.

Encoding? Cryptology?  War?  What does all of this have to do with educational data management and usage?  A lot!  Pick up a newspaper today and you will see articles on data “breeches” from the National Security Agency, through retail marketplace providers all the way down to student information security concerns with the various data project alphabet soup we all are aware in the role we play supporting data usage.  Apparently there is a need for an “Ultra-proof Enigma” for the data we steward!
It is generally recognized that while data security and data privacy issues overlap to some degree but there are enough differences that data privacy concerns can effectively be treated separately.  Educational solutions at the school and district levels are increasingly deployed in the cloud, and that introduces a set of new concerns about who might be granted (or otherwise obtain) access to student health records, discipline actions or demographic identification information.
During the 2014 SIF Annual Meeting, at a session called “Who Owns the Data?”, a large group of school, state and vendor representatives determined a SIF Project Team was needed to focus on privacy issues surrounding access to and use of sensitive student related data.   This (international) Project Team will concentrate on end user (School, Local Authority, District and State) issues relating to student data privacy.  It will investigate the impact of educational cloud service providers and determine what set of “common privacy policies” they must commit to in order to meet, or where necessary exceed, FERPA and local data privacy mandates.
The work will address questions relating to:
  • Who “owns” the data?
  • Who “has” the data?
  • Who can access the data?
  • Who determines who can access the data?
  • Who can change the data?
  • Who defines “rules of ownership”?
  • Who enforces these rules?
  • Who verifies these rules are enforced?
  • Are there any special requirements when data is stored in 3rd party cloud?
The group will define a set of data privacy “effective practices” and document how those can be specified and enforced in solutions based upon openly developed technical standards usage in marketplace provider products and their end user customers.
Ask anyone, one of my favorite mantra is “You can’t have passion without participation!”  To participate in this critical work drop me a line at lfruth@sifassociation.org.
 

No comments:

Post a Comment