2015-06-16 Education Security Protocols


DATE: June 16, 2015
TO:

HONORABLE CHRIS ROTHFUSS

HONORABLE MARY THRONE

FROM:

Flint Waters, State Chief Information Officer FW_Initials.png

SUBJECT:

Security Protocols Governing the Collection, Access and Dissemination of

Education Information
CC:

Tony Young, Deputy Chief of Staff, Governor’s Office

Mary Kay Hill, Policy Director, Governor’s Office

Jillian Balow, State Superintendent of Public Instruction


EXECUTIVE SUMMARY:

The State Chief Information Officer (CIO) is providing recommendations based on the request of Chairpersons Rothfuss and Throne on efforts to develop security protocols governing the collection, access and dissemination of education information.


The Wyoming Department of Education (WDE) is currently in the early stages of a complete modernization of their data systems with strong support from the State CIO. Now is the ideal time to challenge previous norms and reinvent how Wyoming manages student information.


In many cases, student Personally Identifiable Information (PII) has been collected to validate proper assignment of WISER IDs across school districts. It is possible for one student to be included in the reporting of multiple school districts. There is potential for some statistical errors due to inaccurate WISER ID assignments. IF the potential impact of these errors is a small enough sampling, it may be possible to leverage an optimal design with the WISER ID and eliminate or dramatically reduce the collection of student PII after a WISER ID has been correctly assigned.


In an optimal data collection design, the only location that would house student PII would be the WISER ID registration system, which converts student details into de-identified serial numbers that would then be used in all other areas of the data collection system. Due to a high expectation level on the precision of reporting, the student PII has been included in data collections to ensure WISER IDs were being correctly submitted. This approach resulted in somewhat higher precision in student record identification, but at a high cost to personal privacy and greater risk of data compromise. This scenario is not an absolute, just a starting conversation point.


Several suggestions have been previously offered in terms of allowing parents to opt out of information collection or potential reductions in distribution of student data. To best inform the work of the Task Force on Digital Information Privacy, a factual basis is required, enabling members to effectively consider and draft potential legislation.



RECOMMENDATION:

Efforts are well documented to enhance the security of student data once it has been collected by the WDE. The State CIO recommends the following additional steps to better equip the Task Force with information in support of potential legislation on better protecting the security or privacy of student data.

  • Review the design of the State Report Manager (SRM) system. The SRM system could be configured to zero out data fields submitted by school districts, but not required for further use in reporting. This approach would require specific support for WDE to offset claims that they have altered content, but could be done.

  • Strive to make data submission less burdensome on school districts and reduce the amount of data correction and validation required by WDE

  • Assess the potential to document all personally identifiable data elements currently submitted to the State by school districts (Per WDE this task is not yet completed in WDE Report Viewer)

    • Identify each PII field

    • Identify why the field is required

    • If the field is statutorily required, provide the link to the original State and/or Federal mandate

    • Identify impact if the field was not collected or collected as anonymous detail

  • In the Task Force review of data collections, begin from a position that all reporting requirements can be met with anonymized or statistical data only, then prove where this approach is not a valid assumption. This approach could take considerable effort and the Department of Enterprise Technology Services (ETS) would be open to providing assistance to further this assessment.

  • Calculate the human and fiscal resource impact on WDE and school districts of any efforts to reduce the amount of personal information submitted/collected.

  • If reporting requirements can be met with anonymized data:

    • Protecting personal student information can be focused at the school district level

    • WDE staff workload could likely be reduced

    • Legislative mandates would likely be minimized

  • If Wyoming could move to an effective use of anonymized information in reporting student information, all prior data captured could be permanently archived to off-net storage solutions until data retention requirements lapsed, allowing for the destruction of previously obtained student PII.