State Education Standard State Education Standard

September 2024Volume 24, No. 3


Ensuring Student Data Privacy through Better Governance

State boards should champion laws to stand up robust cross-agency boards and advocate for best practice.

By Paige Kowalski

Pennsylvania State Capital Dome
Photo credit: iStock

Everyone who uses student information has a responsibility to maintain students’ privacy and the security of their data. That might seem obvious. But in a world of real, sometimes pervasive student privacy concerns, state board of education leaders ought to ground every conversation they have about student data in a commitment to safeguards. They ought to also advocate for best practices in cross-agency data governance.

Ensuring student data privacy is about so much more than complying with the Family Educational Rights and Privacy Act (FERPA). Following FERPA and other privacy laws is the bare minimum. To do more than what is legally required and build trust in how leaders are keeping data safe requires policy leaders to work together in an intentional way to center individuals and their privacy.

A real person is behind each data point. While privacy must be top of mind when thinking about collecting and using personally identifiable information, policymakers and educators owe it to students to also be thinking about how to use information to support them better. There is real value in sharing data. In fact, ensuring that data are used in support of students is an equal obligation that goes hand in hand with allaying and mitigating privacy concerns.

Ensuring that data are used in support of students is an equal obligation that goes hand in hand with allaying and mitigating privacy concerns.

Education agencies are often mandated to collect individual data, but collecting data in itself does not build trust. Individuals must receive some benefit in exchange. Most often, this benefit is returned to students and their families in the somewhat abstract form of research findings or key policy decisions that help improve services and systems that benefit students, their families, and their communities. But if agencies do not return valuable information—or communities are not aware it is happening—people are less likely to feel that their private information should be shared or even collected in the first place.

Cross-agency data governance addresses these thorny issues and is the key to ensuring privacy. Data governance isn’t a “nice to have” tacked on to a bigger solution to student data privacy. Data governance is a critical piece to ensuring that states and agencies share and combine data to answer important questions and deliver value to the public. It is the first, most important step toward enabling robust data access.

What Is Cross-Agency Data Governance?

The most vexing problems of policy and practice center on student transition points along their education-to-workforce journey. As a student moves from K-12 to postsecondary education, for example, policymakers, educators, and the students themselves need access to seamlessly integrated data from multiple sources to make better decisions and structure more informed pathways. Siloed data across education and the workforce gets in the way of delivering what these stakeholders need to move forward.

Statewide longitudinal data systems (SLDSs) connect data from early childhood through K-12, postsecondary, and the workforce. In some states, these systems also connect education and workforce data to individual-level data from other state agencies, such as health and human services. Such sharing gives policymakers cross-sector insights that answer their pressing policy questions and help them direct resources more efficiently. Most important, SLDSs can help individuals and local leaders make more informed education and workforce decisions.

Ensuring safe, secure data sharing requires cross-agency data governance, which in turn requires a formal, leadership-level body responsible and accountable for deciding how data linked between state agencies are connected, secured, accessed, and used to meet state education and workforce goals.[1] Data governing boards define clear purposes, roles, and responsibilities for participating agencies in the SLDS and ensure accountability for data quality, privacy, and security.

The benefits of governing data through a board include the following:

  • Sustainability. Sustains the SLDS by ensuring that decisions and priorities are codified and persist through administrations and leader turnover.
  • Transparency and trust. Ensures that the right people are at the decision-making table, and open meetings build trust in the SLDS and in the board’s decisions.
  • Privacy and security. Ensures one body is responsible and accountable for establishing how people’s data will be protected.
  • Accountability. Establishes who is in charge. Finger pointing among board equals does not work.
  • Access. Sets a shared vision for how an SLDS can be leveraged to give people, agencies, and policymakers appropriate levels of access to data and analyses.
  • Policy alignment. Ensures that SLDS decisions are aligned to the policy priorities of the state rather than the loudest voice in the room.

In most states, there are coordinated processes for data-sharing agreements and memorandums of understanding (MOUs), but policy leaders are not driving them, and the public has little to no insight into them. The risk here is that such processes lack transparency and that no one is held accountable for results. It is not enough to hope that all agencies signing an MOU will follow through with their commitments to data governance. And even when they do follow through at first, data governance policies and practices often change or disappear as leadership changes.

The best way to ensure that governing bodies have the right membership and are sustained over time is by codifying them in state law. Codified data governance can both mandate that a board be created and provide it the authority to ensure privacy—as well as maintaining transparent decision making and accountability over time.

The best way to ensure that governing bodies have the right membership and are sustained over time is by codifying them in state law.

Best Practices

Data governance is often mischaracterized as a technical project, when it is actually a series of policy-relevant, interdisciplinary, value-laden decisions that require buy-in and prioritization from high-level political leadership. To ensure that a state’s data governance structure provides an effective forum for cross-agency decision making, there are several best practices state policy leaders should prioritize:

  • Codify governance legislation to ensure sustainability, create decision making authority, and define responsibilities for data collection, privacy and security, and access.
  • Develop a guiding vision and mission for state leaders and the people they serve to guide how the SLDS can support state policy priorities and individual needs.
  • Establish an independent center for the SLDS and governing body so that SLDS decisions are made through an autonomous, multiagency policy lens. Governing bodies can build trust by creating a space for cross-agency collaboration, facilitating a shared data culture, and ensuring that processes and decisions are transparent.
  • Staff and structure the board strategically to create the human capacity needed to manage the system and ensure accountability. Best-practice governing bodies include agency heads from each of the agencies that contribute data to the system as well as other stakeholders that represent state education and workforce priorities (e.g., business leaders, district leaders, and community organizations).
  • Formally engage with outside organizations to ensure that diverse stakeholders representing state education and workforce priorities are at the table at every level of decision making. Cross-agency data governance creates forums for communication and decision making that are open to and include input from the public as well as local government.

What State Legislatures Can Do

Agencies in every state share data with each other, but a lack of transparency into these activities leads to mistrust, privacy risks, and myriad inefficiencies. Fortunately, states across the country are prioritizing this work. While only a few have codified data governance, those that have can provide many lessons and examples of best practices for other states to learn from.

In 2023, Alabama, Montana, and Rhode Island enacted cross-agency data governance laws.[2] They joined just four others—California, Kentucky, Maryland, and North Dakota—that convene leaders from cross-sector agencies to make transparent decisions about data.[3] Colorado passed a similar law this year.[4] Kansas and Massachusetts were considering this type of legislation in their most recent legislative sessions.[5] Indiana and Virginia also tasked state leaders with studying and providing recommendations on data governance structures for their state data ecosystems.[6]

State policy leaders can also learn from the following examples:

In creating its Cradle-to-Career Data System, California prioritized stakeholder engagement.[7] Not only was California the first state to center families, communities, and practitioners in their P-20W data system, the state’s decision-making and design process was transparent and inclusive. Its 2019 law called for formation of a working group and two legislatively mandated advisory groups to ensure transparency in decision making.[8] These groups, which represented policy and research perspectives as well as practitioners, opened a lengthy window for public participation that drew in multiple perspectives.

Colorado’s 2024 law aims to secure data sharing. One of the bill’s purposes was to “enhance the security of data sharing by minimizing the number of data-sharing agreements between contributing agencies and standardized data-sharing practices.” By pulling data into one place and having a single unit of decision making and accountability, Colorado will help ensure privacy by minimizing the number of people making decisions and handling the data. This legislation marks the first time a state law has drawn an explicit line between governance and privacy, highlighting improved governance as the solution to privacy concerns.

A Kentucky law created the Kentucky Center for Statistics, which a governing body oversees.[9] The law built a foundation for sustainable data governance, even as state and internal leadership changed. Created as an independent entity, Kentucky’s body is housed neither within the state’s department of education nor labor. This independence allows it to work freely across the entire education pipeline and with sectors like child welfare or health.

When Maryland created the Maryland Longitudinal Data System Center in 2010 to govern its data system, the center was charged with ensuring data security.[10] In updates since, Maryland has charged it with also performing “regular audits for compliance with data privacy and security standards.”

Each of these examples highlights the importance of bringing together human, technical, and administrative infrastructure to ensure that data systems and those who use them are ensuring student data privacy. Joining these pieces lets leaders quickly, easily, effectively, and efficiently gather information on how much efforts to protect data cost, how data are being protected, and what data exist. When leaders understand all of these facts, they are better able to safeguard student data and prioritize privacy.

What State Boards Can Do

While state boards of education engage with and make decisions about K-12 policies, so many of the issues they deal with require them to look at data that comes from outside the K-12 system. But because it affects children and youth, concerns about data privacy will always be voiced loudest in K-12 than in any other sector. State policy leaders across the country have a vested interest in having access to robust state data systems and in ensuring that any effort in the state that involves data be intentional and transparent about privacy and use.

The most important step that state board members can take to ensure that state data are governed well is to ask questions. Legislators and other elected officials must act to create a statewide data system and implement data governance, including a governing body. But members of state boards can interrogate the existing data governance policies and practices and consider how they should change in order to ensure student data privacy.

The most important step that state board members can take to ensure that state data are governed well is to ask questions.

State boards can champion sustainable cross-agency governance that maximizes investments in state data systems, increases transparency, and ensures privacy. Once data governance has been codified into state law, state board members can charge the governing body with building trust in data by including representation from members of the public, being transparent about policies and practices, and demonstrating accountability for safeguarding data and using data ethically and responsibly.

The ultimate goal is to ensure that everyone with a stake in the education system has the access they need to make important decisions about education and workforce pathways. When state data systems are meeting people’s needs and delivering value to people, everyone benefits. From a student to a state legislator, everyone will have the tailored access they need to drive student success, economic mobility, and systemic change when data are governed well.

My organization, the Data Quality Campaign, has published a vision for data access.[11] It lays out clear ways for state leaders to reimagine their state data systems—chief among them, codifying cross-agency data governance in state legislation. No single state leader can tackle this work; it requires the action of agency leaders, governors, legislatures, state boards, and other state leaders. With joint leadership, every state can change policy and practice to enable robust access for individuals, the public, and policymakers. Privacy and security are obligations—not obstacles—to realizing this vision of a world where people have meaningful access to data.

Paige Kowalski is executive vice president of the Data Quality Campaign.

Notes

[1] Data Quality Campaign, “Data 101: A Briefing Book for Policymakers on Education to Workforce Data” (2023), https://dataqualitycampaign.org/resource/data-101/.

[2] Data Quality Campaign, “Education and Workforce Data Legislation Review: What Happened in 2023?” web page (2023).

[3] Data Quality Campaign, “The Art of the Possible: Data Governance Lessons Learned from Kentucky, Maryland, and Washington,” case study (2018).

[4] Colorado General Assembly, Education-Based Workforce Readiness, HB24-1364, 74th General Assembly, 2nd sess., passed May 10, 2024.

[5] Kansas House of Representatives, HB 2774, 2023–24 Legislative Session, introduced February 8. 2024; Commonwealth of Massachusetts, Senate, S. 2666, 193rd Session, referred April 29, 2024.

[6] Indiana General Assembly, Legislative Council Resolution 24-01, 123rd General Assembly, 2024 Regular Session, adopted May 14, 2024; Virginia General Assembly, HB 1083, 2024 Regular Session, enacted April 4, 2024.

[7] Data Quality Campaign, “Investing in California’s Data Future: How California’s P–20W Cradle-to-Career Data System Could Take the State from Last to First,” case study (2022).

[8] California Legislature, Senate, SB 53, 2019–20 Regular Session, amended March 5, 2019.

[9] Kentucky General Assembly, 151B.132, created 2013.

[10] Maryland General Assembly, Senate, SB 275, 2010 Regular Session, approved May 4, 2010.

[11] Data Quality Campaign, “What Now? A Vision to Transform State Data Systems to Inform People’s Pathways through Education and the Workforce” (2023), https://dataqualitycampaign.org/resource/a-vision-to-transform-state-data-systems/.





Also In this Issue

Child using system AI Chatbot in computer or mobile application. Chatbot conversation, Ai Artificial Intelligence technology. OpenAI generate. Futuristic technology. Virtual assistant on internet.

State Education Policy and the New Artificial Intelligence

By Glenn M. Kleiman and H. Alix Gallagher

The technology is new, but the challenges are familiar.





Mixed race group of excited students sitting in a computer lab at school and using virtual reality goggles.

Opportunities and Challenges: Insights from North Carolina’s AI Guidelines

By Vera Cubero

Early guidance helps all schools seize the technology’s potential and mitigate the risks.





A young girl is sitting on the floor in a library, looking at her tablet. There are other children in the background, also looking at their tablets.

Connecting the National Educational Technology Plan to State Policy: A Roadmap for State Boards

By Julia Fallon

State leaders can use the plan to gauge whether their policies are expanding technology access, teachers’ capacity, and the learning experience.





Elementary School Science Class: Over the Shoulder Little Boy and Girl Use Laptop with Screen Showing Programming Software. Physics Teacher Explains Lesson to a Diverse Class full of Smart Kids

Navigating Systemic Access to Computer Science Learning

By Janice Mak

Real advances to broaden participation in K-12 computing will come when state boards take a 360-degree view.





Pennsylvania State Capital Dome

Ensuring Student Data Privacy through Better Governance

By Paige Kowalski

State boards should champion laws to stand up robust cross-agency boards and advocate for best practice.





Advanced child sitting at computer, IT literacy lessons for children, education

Advancing Policy to Foster K-12 Media Literacy

By Samia Alkam and Daniela DiGiacomo

Some state leaders are moving to provide students with what they need to better navigate the digital world. More should.





Flat vibrant vector illustration depicting information technology danger education.

Shielding Student Data: The Critical Role of State Boards in K-12 Cybersecurity

By Reg Leichty

A coordinated push is needed to ward off increased threats and mounting costs.







Note

Featured Items

Image of a black man voting. Credit: Canva

State Education Elections in 2024 Yield Few Shifts

Voters in nine states, three territories, and the District of Columbia elected 64 state board candidates.
Cropped shot of elementary school children using a tablet in class i

Technology in Education

Savvy state leaders will set their sights on ways to broaden access to technology’s benefits, solve problems confronting educators, and protect students against the risks of misuse.
i

Developing Content Standards: A Foundational Task for State Boards

State boards of education typically play a central role in approving academic content standards, though their authority varies by state. This boardsmanship review outlines guiding principles and common processes to help state boards develop high-quality standards.

Upcoming Events

From the States