Student data privacy: The role of policymakers and schools

DQC’s aim is to “make the case for education data while ensuring state policymakers meet their moral and legal responsibilities to safeguard this information and ensure its appropriate and ethical use,” according to a resource that identifies and dispels a number of myths about education data.

Data Myth: The federal government collects academic and other information about individual students.
Fact: A number of federal laws explicitly prohibit the federal government from creating a federal database with information, such as social security numbers, that can personally identify students. The federal government doesn’t have access to student-level information that is kept in state databases. The Common Core State Standards have additional data guidelines to keep student information protected and safeguard privacy.

Data Myth: Federal grant programs such as the Statewide Longitudinal Data Systems program and Race to the Top are a way to create one database that will house a national collection of student information.
Fact: States that receive federal grants are not allowed to report student-level data to the federal government. These data systems were often under construction before federal grants became available.

Data Myth: The National Education Data Model (NEDM) aims to collect sensitive individual student information.
Fact: On its site, the NEDM notes that it is not a data collection, but rather is a conceptual data model. Student data and privacy are not compromised.

Data Myth: The Family Educational Rights and Privacy Act (FERPA) has grown weaker, and is the only law that protects student privacy.
Fact: FERPA has been clarified and aligned with other laws pertaining to student data, and states were often unclear on basic facts about student data privacy before these clarifications. States have enacted laws parallel to FERPA.

The DQC offers a primer for policymakers on student data use, privacy, security, and confidentiality.

The primer includes National Center for Education Statistics definitions of various data-related terms.

  • Personally identifiable information includes information that can be used to distinguish or trace an individual’s identify.
  • Privacy is individual autonomy and personal control over who has access to a person’s own information, including when, how, and why.
  • Security is the physical protection of data.
  • Confidentiality involves obligations of those who have access to another individual’s personally identifiable information.

When it comes to protecting student data privacy, confidentiality, and security, state policymakers have three responsibilities, all of which are interconnected, the DQC notes:

  • Establish roles for data stewardship. Define and clearly communicate authority, responsibility, and accountability for decision-making, management, and security of data.
  • Ensure policy documentation, transparency, and enforcement. Document laws, policies, and decisions related to data governance and communicate these policies and procedures in a way that is accessible to stakeholders, including agency staff, students, parents, and the public.
  • Support organizational capacity. Ensure the state has the capacity and resources to implement and sustains these policies and procedures, including staff and technical system infrastructure.

Editor’s note: Stay tuned for Part 2 of our look at student data, featuring Data for Action 2013, which will run on Nov. 19.

Laura Ascione
Latest posts by Laura Ascione (see all)

Want to share a great resource? Let us know at