Privacy

Medium

How does SLDS protect the privacy of North Dakota students and their families?

Quality, timely, longitudinal data has the power to inform the policies, programs, and instructional practices that can improve student outcomes.

The SLDS understands the value and necessity of providing education data to state and local policymakers, parents, and the citizens of this state.

At the same time, SLDS is committed to protecting confidential education records. The SLDS is governed by its data owners and privacy policies and procedures must follow state and federal laws such as Family Educational Rights and Privacy Act (FERPA). Its data security protocols follow strict state of North Dakota standards and best practice technology protocols.  A list of state laws and references to FERPA are provided below.

SLDS is also committed to transparently telling North Dakota stakeholders about our education data collections, storage, and disclosure policies and practices.

DATA COLLECTIONS

Why data are collected

  • School funding.
  • Accountability and compliance with laws.
  • Transparency.
  • Inform education policies and practices, leading to improved student outcomes.

Who submits data?

  • Public K-12 school districts and participating private schools.
  • Public colleges and universities.
  • It is expected that some private colleges will participate.
  • ND workforce development training and education programs.

What data we collect

Examples are:

  • Student demographic, enrollment, program participation and outcomes.
  • Student courses enrolled and course completion data.
  • Student assessment/test results.
  • Personnel and staffing information.
  • School directory information.
  • School expenditures and revenues (DPI financial collection).
  • College enrollments out of state and in-state.

Not collected:

  • Beliefs or practices on issues such as sex, family life, morality or religion.
  • Political, voting, family financial, biometric or medical records, including information on a students' psychological or emotional state.

How we collect data

Data are collected via a set of secure data exchanges including: web-based applications DPI or SLDS maintains with the Information Technology Department, electronic extractions through secure protocols, and secured file transfers. Examples are:

  • Department of Public Instruction Automated Reporting System (STARS).
  • ND University Systems Campus Solutions (student information system).
  • K12 student information system or state student information system.
  • Job Service ND.

How data are stored​

Data are stored in separate databases for K12, Higher Education and Job Service which provide each of these entities their own reporting systems.  The ND Statewide Longitudinal Data System uses information from these databases when answering policy questions.

  • The SLDS privately joins and securely stores data from multiple sources when performing research.
  • Allows connecting individual-level data from entity to entity and year to year.
  • Uses unique codes so personal, confidential information is protected.

For more details about DATA COLLECTIONS:

DATA SYSTEM

Access to the data system is only granted to individuals who require access as part of their employment responsibilities.  Once data access is granted, it is limited only to the datasets aligned to each individual’s job role (i.e., a K-12 user does not have access to Job Service data, etc.  Additionally, a K-12 user would have access to data only to students for which they are responsible).​

Who has access to the data system?

  • Authorized school administrators and teachers (allowed through FERPA and security-trained SLDS) and contractual IT personnel whose job duties require access.
  • Authorized SLDS personnel conducting program audits or evaluation studies (limited access).

How system access is controlled

  • Access permissions are role-based, authenticated by agency and school leaders.
  • Users are only permitted to see aggregate data unless their role authorizes individual access and data sharing agreements and law permit access.
  • Data sharing agreements are utilized for data sets involving multiple agency data.
  • Access lists and logs are actively monitored.

What keeps the system secure?

  • State of North Dakota protocols protect against the loss, theft, vandalism, illegal access and corruption of the data.
  • Hosted on a secure platform with backup and disaster recovery capability.
  • Automatic encryption and secure socket layering is used.
  • SLDS policy requires reviews of internal IT system controls.

Where the data are stored

  • Within the ND Information Technology Departments (ITD) facility.
  • A secure backup facility maintained by ITD.

For more details about the DATA SYSTEM:

DATA DISCLOSURE

In all cases, FERPA guides whether, with whom, what and how we share confidential education data. When FERPA permits disclosure, we release the least amount of information necessary, and we make sure recipients understand and agree to FERPA and related laws.

How data is shared with the public

  • ND SLDS School Data portal.
  • Aggregate data only.
  • Cell suppression used for small groups.

How data is shared with educators

  • ND SLDS School Data portal and ND eTranscript application.
  • Schools may grant secure login access to that school's individual-level, non-suppressed data.
  • SLDS policy requires authorized users to be trained on FERPA and related privacy laws.
  • Password expirations and login timeouts are used.
  • Regular verification of authorized users.

How data is shared with lawmakers

  • Aggregate data only.
  • Federal and state required reports.
  • Ad hoc requests from legislators.

How data is shared with other state agencies

  • Formal agreements are established between agencies.
  • All parties agree to all laws governing the data.
  • Records are encrypted and, where appropriate, de-identified.
  • Data is limited to only what is required for a program evaluation or audit.
  • Must meet FERPA guidelines for disclosure.

How data is shared with researchers

  • The SLDS requires rigorous review, approval, and monitoring process.
  • Only for improving outcomes of North Dakota students.
  • Records are de-identified (unique codes instead of personally identifiable information (PII)) after matching.
  • Strict data storage, usage, reporting and disposal rules.

For more details about DATA DISCLOSURE:

DATA GOVERNANCE

SLDS has clearly assigned responsibilities for oversight, implementation and monitoring of policies and processes that ensure data are only used or disclosed for proper purposes at every level of the system.

Who ensures data safeguards

  • SLDS Committee members
  • SLDS Program Manager
  • ITD SLDS staff
  • ITD information technology and security officials
  • Several ND school districts and education groups provide expertise and advice on data collection, maintenance, and security

For more details about DATA GOVERNANCE:

  • The SLDS Committee purpose and members

 

​ADDITIONAL RESOURCES