The appointment of a Chief State Data Privacy Officer is on the State Board of Education’s (SBOE) Thursday Work Session agenda. State Superintendent Dr. Tommy Bice was obviously serious when he said the SBOE adoption of a Data Use and Governance Policy at the regular October meeting was just the beginning of the education data (“ed data”) journey.
What is a Chief State Data Privacy Officer? No clear definition currently exists, though this is an executive-level position that is catching on in many education environments. It appears that many Departments of Education (DOE) have a Chief Information Officer, and the U.S. Department of Education (USDOE) hired a Chief Privacy Officer in 2011, but no “Chief State Data Privacy Officers” could be located at the state DOE level.
In 2009, the Fordham Center on Law and Information Policy (CLIP) recommended “states should have a Chief Privacy Officer in the department of education who assures that privacy protections are implemented for any educational record database and who publicly reports privacy impact assessments for database programs, proposals, and vendor contracts”.
The Data Quality Campaign (DQC), in response to CLIP’s report, said that while the creation of a Chief Privacy Officer may be a good idea, it isn’t absolutely necessary. Further, it may be difficult for state DOEs to afford a Chief Privacy Officer and that as long as the function of data privacy had someone dedicated and in charge, states could call it whatever they wanted.
Looking down the road a bit, there are steps that states can take to ensure the security and privacy of students’ ed data. This excellent primer from the DQC details the components that policymakers should give full consideration to along the way. Again, while no specific mention of a Chief Data Privacy Officer is made, the DQC does recommend that state policymakers ensure that there are enough human resources dedicated to governance of ed data.
Here is a model state law posted on the web site “Opt Out FERPA” setting up the Chief Privacy Officer for Education position. The site advocates for the office to be created under the direction of the Governor. According to the site, “the purpose of the Act is to protect the privacy and security of personal information maintained by schools by creating the Office of the Chief Privacy Officer for Education to oversee, audit, consult, and report on matters that affect privacy and security of school records that contain personally identifiable information”. Take a look.
Tune in to uStream on Thursday morning to view the SBOE work session, beginning at 11:00 a.m. CDT for live discussion on this issue. It is the second item on the agenda. The first item is the Preliminary Budget Discussion. That, too, deserves your full attention.
Pssst: Here is an excellent document prepared by the National PTA and DQC giving parents and families direction as to exactly which types of questions to ask of school officials to ensure their children’s ed data is secure and private. Couldn’t wait to share it.