Threats to student data privacy have received considerable attention recently. Educational solutions at local levels are increasingly deployed in the cloud, managed by third party entities, and are being taken to “privacy tasks” by the huge influx of small applications entering the enterprise. Numerous other factors introduce new concerns about who might be granted (or otherwise obtain) access to student health records, discipline actions or other identification (ex: name, address and phone) information. Conversely, there is potential data available in these applications including performance, student developed content, etc. that would be valuable to collect as part of a larger portfolio for the learner.
The Access 4 Learning Community is a unique blend of schools, regional support entities, government agencies, and vendors coming together to discuss and develop privacy technical “blueprints” for marketplace solutions and effective practices to better enable schools to perform their critical data steward roles.. The Community is addressing the real-world issues surrounding privacy being confronted by practitioners through two mechanisms:
1. SIF Technical Specifications empowering Privacy via:
- Encrypted by Default (prevents eavesdroppers)
- Access Control of Objects (controls who may get what chunks of data)
- Conveys Who is Asking for Data (so providers can restrict data access at the field level)
- Targeted Events to Appropriate Contexts (so real time data doesn’t have to be a privacy problem)
- End-To-End Encryption Compatible (so middleware isn’t a privacy risk)
- Centralized Filtering Possible (so middleware can help ensure privacy)
2. The Student Privacy Task Force Privacy Artifacts Volume 1:
- Student Data Classifications: Various data points carry with them various levels of privacy concerns. The Task Force has collected the most common student data points and proposed levels of data privacy sensitivity. Since this group is international in representation, the areas of classification include those utilized in North America, Australia and the United Kingdom.
- Data Privacy Use Cases: Many times the security of a particular data point is contingent on the context in how it is being utilized. Presented is a collectively developed template for Use Case development and examples of its usage in various real-world data privacy scenarios.
- Administrative Data Privacy “Best Practices”: The Task Force is also focused on providing actionable guidance to allow end users to implement strategies and practices to effectively manage their data demands. In this first volume, the group presents a “Data Breech Template” to be used by end users with their vendors ideally to provide clarity around roles and responsibilities if a breech occurs.