Data Governance Plan
Effective Revision Date: 9/26/2018
Data governance is an organizational approach to data and information management that is formalized as a set of policies and procedures that encompass the full life cycle of data; from acquisition, to use, to disposal. Walden School of Liberal Arts (hereafter Walden) takes seriously its moral and legal responsibility to protect student privacy and ensure data security. Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401 requires that Walden adopts a Data Governance Plan.
2 SCOPE AND APPLICABILITY
This policy is applicable to all employees, temporary employees, and contractors of Walden. The policy must be used to assess agreements made to disclose data to third-parties. This policy must also be used to assess the risk of conducting business. In accordance with Walden policy and procedures, this policy will be reviewed and adjusted on an annual basis or more frequently, as needed. This policy is designed to ensure only authorized disclosure of confidential information. The following 8 subsections provide data governance policies and processes for Walden:
1. Data Advisory Groups
2. Non-Disclosure Assurances for Employees
3. Data Security and Privacy Training for Employees
4. Data Disclosure
5. Data Breach
6. Record Retention and Expungement
7. Data Quality
Furthermore, this Walden Data Governance Plan works in conjunction with the Agency Information Security Policy, which:
• Designates Walden as the steward for all confidential information maintained within Walden.
• Designates Data Stewards access for all confidential information.
• Requires Data Stewards to maintain a record of all confidential information that they are responsible for.
• Requires Data Stewards to manage confidential information according to this policy and all other applicable policies, standards and plans.
• Complies with all legal, regulatory, and contractual obligations regarding privacy of Agency data. Where such requirements exceed the specific stipulation of this policy, the legal, regulatory, or contractual obligation shall take precedence.
• Provides the authority to design, implement, and maintain privacy procedures meeting Walden standards concerning the privacy of data in motion, at rest and processed by related information systems.
• Ensures that all Walden board members, employees, contractors, and volunteers comply with the policy and undergo annual privacy training.
• Provides policies and process for
– Systems administration,
– Network security,
– Application security,
– Endpoint, server, and device Security
– Identity, authentication, and access management,
– Data protection and cryptography,
– Monitoring, vulnerability, and patch management,
– High availability, disaster recovery, and physical protection,
– Incident Responses,
– Acquisition and asset management, and
– Policy, audit, e-discovery, and training.
3 DATA ADVISORY GROUPS
Walden has a three tier data governance structure to ensure that data is protected at all levels of Walden’s educational system.
3.2 Group Membership
Membership in the groups require board approval. Group membership is for the duration of their contract with Walden. If individual members exit the group prior to fulfilling the duration of their contract, the board may authorize Walden’s Chief Officer to appoint a replacement member.
3.3 Individual and Group Responsibilities
The following outlines individual Walden staff and advisory group responsibilities.
Student Data Manager
Authorize and manage the sharing, outside of the education entity, of personally identifiable student data from a cumulative record for the education entity.
Act as the primary local point of contact for the state student data officer.
A student data manager may share personally identifiable student data that are:
of a student with the student and the student's parent,
required by state or federal law,
in an aggregate form with appropriate data redaction techniques applied,
for a school official,
for an authorized caseworker or other representative of the Department of Human Services or the Juvenile Court,
in response to a subpoena issued by a court,
submitted data requests from external researchers or evaluators.
A student data manager may not share personally identifiable student data for the purpose of external research or evaluation.
Create and maintain a list of all LEA staff that have access to personally identifiable student data.
Ensure annual LEA level training on data privacy to all staff members, including volunteers. Document all staff names, roles, and training dates, times, locations, and agendas.
IT Systems Security Manager
Acts as the primary point of contact for state student data security administration in assisting the board to administer this part.
Ensures compliance with security systems laws throughout the public education system, including:
providing training and support to applicable Walden employees, and
producing resource materials, model plans, and model forms for Walden systems security.
Investigates complaints of alleged violations of systems breaches.
Provides an annual report to the board on Walden’s systems security needs.
Uphold and follow all policies in the Data Governance Plan and the Technology Security Policy (see also Appendix A).
4 EMPLOYEE NON-DISCLOSURE ASSURANCES
Employee non-disclosure assurances are intended to minimize the risk of human error and misuse of information.
All Walden board members, employees, contractors and volunteers must sign and obey the Walden Employee Non-Disclosure Agreement (See Appendix A), which describes the permissible uses of state technology and information.
Non-compliance with the agreements shall result in consequences up to and including removal of access to Walden network; if this access is required for employment, employees and contractors may be subject to dismissal.
4.3 Non-Disclosure Assurances
All student data utilized by Walden is protected as defined by the Family Educational Rights and Privacy Act (FERPA) and Utah statute. This policy outlines the way Walden staff is to utilize data and protect personally identifiable and confidential information. A signed agreement form is required from all Walden staff to verify agreement to adhere to/abide by these practices and will be maintained in Walden Human Resources. All Walden employees (including contract or temporary) will:
Complete a Security and Privacy Fundamentals Training.
Complete a Security and Privacy Training for Researchers and Evaluators, if your position is if requested by the Student Data Manager.
Consult with Walden internal data owners when creating or disseminating reports containing data.
Use password-protected Walden-authorized computers when accessing any student-level or staff-level records.
NOT share individual passwords for personal computers or data systems with anyone.
Log out of any data system/portal and close the browser after each use.
Store sensitive data on appropriately secured location. Unsecured access and flash drives, DVD, CD-ROM or other removable media, or personally owned computers or devices are not deemed appropriate for storage of sensitive, confidential or student data.
Keep printed reports with personally identifiable information in a locked location while unattended, and use the secure document destruction service provided at Walden when disposing of such records.
NOT share personally identifying data during public presentations, webinars, etc. If users need to demonstrate student/staff level data, demo records should be used for such presentations.
Redact any personally identifiable information when sharing sample reports with general audiences, in accordance with guidance provided by the student data manager, found in Appendix B (Protecting PII in Public Reporting).
Take steps to avoid disclosure of personally identifiable information in reports, such as aggregating, data suppression, rounding, recoding, blurring, perturbation, etc.
Delete files containing sensitive data after using them on computers, or move them to secured servers or personal folders accessible only by authorized parties.
NOT use email to send screenshots, text, or attachments that contain personally identifiable or other sensitive information. If users receive an email containing such information, they will delete the screenshots/text when forwarding or replying to these messages. If there is any doubt about the sensitivity of the data the Student Data Privacy Manager should be consulted.
Use secure methods when sharing or transmitting sensitive data. The approved method is MoveIt when working with Utah State (or another secure method approved or required by state agencies) and internally through a Walden approved service.
NOT transmit student/staff-level data externally unless expressly authorized in writing by the data owner and then only transmit data via approved methods such as described in item ten.
Limit use of individual data to the purposes which have been authorized within the scope of job responsibilities.
4.4 Data security and privacy training
Walden will provide a range of training opportunities for all Walden staff, including volunteers, contractors and temporary employees with access to student educational data or confidential educator records in order to minimize the risk of human error and misuse of information.
All Walden board members, employees, and contracted partners.
New employees that do not comply may not be able to use Walden networks or technology.
Within the first week of employment, all Walden board members, employees, and contracted partners must sign and follow the Walden Employee Acceptable Use Policy, which describes the permissible uses of state technology and information.
New employees that do not comply may not be able to use Walden networks or technology. Within the first week of employment, all Walden board members, employees, and contracted partners also must sign and obey the Walden Employee Non-Disclosure Agreement, which describes appropriate uses and the safeguarding of student and educator data.
All current Walden board members and employees are required to participate in an annual Security and Privacy Fundamentals Training.
Walden requires a targeted Security and Privacy Training for Data Stewards and IT staff for other specific groups within the agency that collect, store, or disclose data. The Student Data Manager will identify these groups and will determine the annual training topics for these targeted groups based on Walden training needs.
Participation in the training as well as a signed copy of the Employee Non-Disclosure Agreement will be annually monitored by supervisors. Supervisors and the board secretary will annually report all Walden board members, employees, and contracted partners who do not have these requirements completed to the IT Security Manager.
5 DATA DISCLOSURE
Providing data to persons and entities outside of Walden increases transparency, promotes education in Walden, and increases knowledge about Utah public education. This policy establishes the protocols and procedures for sharing data maintained by Walden. It is intended to be consistent with the disclosure provisions of the federal Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g, 34 CFR Part 99 and Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401.
5.2 Policy for disclosure of Personally Identifiable Information (PII)
5.2.1 Student or Student’s Parent/Guardian Access
In accordance with FERPA regulations 20 U.S.C. § 1232g (a)(1) (A) (B) (C) and (D), Walden will provide parents with access to their student’s education records, or an eligible student access to his or her own education records (excluding information on other students, the financial records of parents, and confidential letters of recommendation if the student has waived the right to access), within 45 days of receiving an official request. Walden is not required to provide data that it does not maintain, nor is Walden required to create education records in response to an eligible student's request.
5.2.2 Third Party Vendor
Third party vendors may have access to students’ personally identifiable information if the vendor is designated as a “school official” as defined in FERPA, 34 CFR §§ 99.31(a)(1) and 99.7(a)(3)(iii). A school official may include parties such as: professors, instructors, administrators, health staff, counselors, attorneys, clerical staff, trustees, members of committees and disciplinary boards, and a contractor, consultant, volunteer or other party to whom the school has outsourced institutional services or functions. All third-party vendors contracting with Walden must be compliant with Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401. Vendors determined not to be compliant may not be allowed to enter into future contracts with Walden without third-party verification that they are compliant with federal and state law and board rule.
5.2.3 Internal Partner Requests
Internal partners to Walden include Walden and school officials that are determined to have a legitimate educational interest in the information. All requests shall be documented in Walden’s internal data review document.
5.2.4 Governmental Agency Requests
Walden may not disclose personally identifiable information of students to external persons or organizations to conduct research or evaluation that is not directly related to a state or federal program reporting requirement, audit, or evaluation. The requesting governmental agency must provide evidence the federal or state requirements to share data in order to satisfy FERPA disclosure exceptions to data without consent in the case of a federal or state
The Student Data Manager will ensure the proper data disclosure avoidance are included if necessary. An Interagency Agreement must be reviewed by legal staff and must include “FERPA-Student Level Data Protection Standard Terms and Conditions or Required Attachment Language.”
5.3 Policy for External disclosure of Non-Personally Identifiable Information (PII)
External data requests from individuals or organizations that are not intending on conducting external research or are not fulfilling a state or federal reporting requirement, audit, or evaluation.
5.3.2 Student Data Disclosure Risk Levels
The Student Data Manager will make final determinations on classification of student data requests risk level.
5.3.3 Student Data Disclosure Process
All requests for the disclosure of data by a Requesting External Researcher or
• Submit the Data Request form to the Student Data Manager.
• The appropriate representative from the Walden will reach out with additional details including the Walden’s Data Sharing Agreement.
• Walden’s Data Sharing Agreement must be signed and returned to the appropriate representative.
• For all partnership agreements, the representative will follow the Walden Data Governance Plan prior to final approval/signing of any agreement.
• Upon final approval given by the administration or the Walden Board, representative will prepare data and share as necessary.
5.4 Data Disclosure to a Requesting External Researcher or Evaluator
Responsibility: The Student Data Manager will ensure the proper data are shared with external researcher or evaluator to comply with federal, state, and board rules.Walden may not disclose personally identifiable information of students to external persons or organizations to conduct research or evaluation that is not directly related to a state or federal program audit or evaluation. Data that do not disclose PII may be shared with external researcher or evaluators for projects unrelated to federal or state requirements if:
A Walden Director, Superintendent, or board member sponsors an external researcher or evaluator request.
Student data are not PII and are de-identified through disclosure avoidance techniques and other pertinent techniques as determined by the Student Data Management.
Researchers and evaluators supply Walden a copy of any publication or presentation that uses Walden data 10 business days prior to any publication or presentation.
Process: Data disclosure to a requesting external researcher or evaluator shall follow the process outlined under 5.3.3.
6 DATA BREACH
Establishing a plan for responding to a data breach, complete with clearly defined roles and responsibilities, will promote better response coordination and help educational organizations shorten their incident response time. Prompt response is essential for minimizing the risk of any further data loss and, therefore, plays an important role in mitigating any negative consequences of the breach, including potential harm to affected individuals.
Walden shall follow industry best practices to protect information and data. In the event of a data breach or inadvertent disclosure of personally identifiable information, Walden staff shall follow industry best practices outlined in the Agency IT Security Policy for responding to the breach. Further, Walden shall follow best practices for notifying affected parties, including students, in the case of an adult student, or parents or legal guardians, if the student is not an adult student.
Concerns about security breaches must be reported immediately to the IT security manager who will collaborate with appropriate members of Walden administration to determine whether a security breach has occurred. If the Walden data breach response team determines that one or more employees or contracted partners have substantially failed to comply with Walden’s Agency IT Security Policy and relevant privacy policies, they will identify appropriate consequences, which may include termination of employment or a contract and further legal action. Concerns about security breaches that involve the IT Security Manager must be reported immediately to the Superintendent. Walden will provide and periodically update, in keeping with industry best practices, resources for LEA staff, faculty, and volunteers in preparing for and responding to a security breach. Walden will make these resources available on its website.
7 RECORD RETENTION AND EXPUNGEMENT
Records retention and expungement policies promote efficient management of records, preservation of records of enduring value, quality access to public information, and data privacy.
Walden board members and staff.
Walden and Walden staff and faculty shall retain and dispose of student records in accordance with Section 63G-2-604, 53A-1-1407, and shall comply with active retention schedules for student records per Utah Division of Archive and Record Services. In accordance with 53A-1-1407, the Walden shall expunge student data that is stored upon request of the student if the student is at least 23 years old. Walden may expunge medical records and behavioral test assessments. Walden will not expunge student records of grades, transcripts, a record of the student’s enrollment or assessment information. Walden staff will collaborate with Utah State Archives and Records Services, the Utah State Board of Education, and other appropriate State agencies in updating data retention schedules. Walden maintained student-level discipline data will be expunged after three years.
8 QUALITY ASSURANCES AND TRANSPARENCY REQUIREMENTS
Data quality is achieved when information is valid for the use to which it is applied, is consistent with other reported data and users of the data have confidence in and rely upon it. Good data quality does not solely exist with the data itself, but is also a function of appropriate data interpretation and use and the perceived quality of the data. Thus, true data quality involves not just those auditing, cleaning and reporting the data, but also data consumers. Data quality at is addressed in five areas:
8.1.1 Data Governance Structure
The Walden data governance policy is structured to encourage the effective and appropriate use of educational data. The Walden data governance structure centers on the idea that data is the responsibility of all Walden sections and that data driven decision making is the goal of all data collection, storage, reporting and analysis. Data driven decision making guides what data is collected, reported, and analyzed.
8.1.2 Data Requirements and Definitions
Clear and consistent data requirements and definitions are necessary for good data quality. In Walden’s Data Governance Plan, Walden communicates data requirements and definitions through. Walden communicates with Walden IT staff regularly, at training meetings, conferences, and other Walden IT events. Where possible, Walden program specialists are invited to these meetings and the same guidance is given to the appropriate Walden program directors. On the data reporting side, the production and presentation layers provide standard data definitions and business rules.
8.1.3 Data Collection
Data elements should be collected only once—no duplicate data collections are permitted. Where possible, data is collected at the lowest level available (i.e. at the student/teacher level). Thus, there are no aggregate data collections if the aggregate data can be derived or calculated from the detailed data. For all new data collections,Walden provides clear guidelines for data collection and the purpose of the data request. Walden also notifies stakeholders as soon as possible about future data collections.
8.1.4 Data Auditing
Walden Board of Trustees Internal Audit Committee performs regular and ad hoc data auditing. They analyze data in the warehouse for anomalies, investigate the source of the anomalies, and work with IT and/or LEAs and Charter Schools in explaining and/or correcting the anomalies.
8.1.5 Quality Control Checklist
Checklists have been proven to increase quality (See Appendix C). Therefore, before releasing high-risk data, the Student Data Manager must successfully complete the data release checklist in three areas: reliability, validity and presentation.
9 DATA TRANSPARENCY
Annually, Walden will publically post:
a Metadata Dictionary as described in Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401.
Appendix A. Walden Employee Non-Disclosure Agreement
As an employee of Walden, I hereby affirm that (initial):
______ I have read the Employee Non-Disclosure Assurances attached to this agreement form and read and reviewed Walden’s Data Governance Plan and policies. These assurances address general procedures, data use/sharing, and data security.
______ I will abide by the terms of Walden’s policies and its subordinate process and procedures;
______ I grant permission for the manual and electronic collection and retention of security related information, including but not limited to photographic or videotape images, of your attempts to access the facility and/or workstations.
______ I have completed Walden’s Data Security and Privacy Fundamentals Training. OR
______ I will complete Walden’s Data Security and Privacy Fundamentals Training within 30 days.
Using Walden Data and Reporting Systems
______ I will use a password-protected computer when accessing data and reporting systems, viewing student/staff records, and downloading reports.
______ I will not share or exchange individual passwords, for either personal computer(s) or Walden system user accounts, with Walden staff or participating program staff.
______ I will lock or close my computer whenever I leave my computer unattended.
______ I will only access data in which I have received permission to use in order to fulfill job duties.
______ I will not attempt to identify individuals with the data, except as is required to fulfill job or volunteer duties.
Handling Sensitive Data
______ I will keep sensitive data on password-protected Walden-authorized computers.
______ I will keep any printed files containing personally identifiable information in a locked location while unattended.
______ I will not share student/staff-identifying data during public presentations, webinars, etc. I understand that dummy records should be used for such presentations.
______ I will delete files containing sensitive data after working with them from my desktop or local computer drives.
Reporting & Data Sharing
______ I will not disclose, share, or publish any confidential data analysis without the approval of my supervisor.
______ I will take steps to avoid disclosure of personally identifiable information in LEA- or school-level reports, such as aggregating, data suppression, rounding, recoding, blurring, perturbation, etc.
______ I will not use email to send screenshots, text, or attachments that contain personally identifiable or other sensitive information. If I receive an email containing such information, I will delete the screenshots/text when forwarding or replying to these messages.
______I will not transmit student/staff-level data externally unless explicitly authorized in writing.
______ I understand that when sharing student/staff-identifying data with authorized individuals, the only approved methods are listed under sections 4.3 and 5 of the Walden Data Governance Plan.
______ I will immediately report any data breaches, suspected data breaches, or any other suspicious activity related to data access to my supervisor and the Walden Information Security Officer. Moreover, I acknowledge my role as a public servant and steward of student/staff information, and affirm that I will handle personal information with care to prevent disclosure.
Consequences for Non-Compliance
______ I understand that access to the Walden network and systems can be suspended based on any violation of this contract or risk of unauthorized disclosure of confidential information;
______ I understand that failure to report violation of confidentiality by others is just as serious as my own violation and may subject me to personnel action, including termination.
Termination of Employment
______ I agree that upon the cessation of my employment from Walden, I will not disclose or otherwise disseminate any confidential or personally identifiable information to anyone outside of Walden without the prior written permission of the Walden Student Data Manager.
Print Name: _______________________________________
Appendix B. Protecting PII in Public Reporting
Public education reports offer the challenge of meeting transparency requirements while also meeting legal requirements to protect each student’s personally identifiable information (PII). Recognizing this, the reporting requirements state that subgroup disaggregation of the data may not be published if the results would yield personally identifiable information about an individual student. While the data used by Walden is comprehensive, the data made available to the public is masked to avoid unintended disclosure of personally identifiable information at summary school or LEA -level reports.
This is done by applying the following statistical method for protecting PII.
Underlying counts for groups or subgroups totals are not reported.
If a reporting group has 1 or more subgroup(s) with 10 or fewer students.
The results of the subgroup(s) with 10 or fewer students are recoded as “N<10”
For remaining subgroups within the reporting group
For subgroups with 300 or more students, apply the following suppression rules.
Values of 99% to 100% are recoded to ≥99%
Values of 0% to 1% are recoded to ≤1%
For subgroups with 100 or more than but less than 300 students, apply the following suppression rules.
Values of 98% to 100% are recoded to ≥98%
Values of 0% to 2% are recoded to ≤2%
For subgroups with 40 or more but less than 100 students, apply the following suppression rules.
Values of 95% to 100% are recoded to ≥95%
Values of 0% to 5% are recoded to ≤5%
For subgroups with 20 or more but less than 40 students, apply the following suppression rules.
Values of 90% to 100% are recoded to ≥90%
Values of 0% to 10% are recoded to ≤10%
Recode the percentage in all remaining categories in all groups into intervals as follows (11-19,20-29,…,80-89)
For subgroups with 10 or more but less than 20 students, apply the following suppression rules.
Values of 80% to 100% are recoded to ≥80%
Values of 0% to 20% are recoded to ≤20%
Recode the percentage in all remaining categories in all groups into intervals as follows (20-29,30-39,…,70-79)
Appendix C. Example Quality Control Checklist
Reliability (results are consistent)
Same definitions were used for same or similar data previously reported or it is made very clear in answering the request how and why different definitions were used
Results are consistent with other reported results or conflicting results are identified and an explanation provided in request as to why is different
All data used to answer this particular request was consistently defined (i.e. if teacher data and student data are reported together, are from the same year/time period)
Another Walden data steward could reproduce the results using the information provided in the metadata
Validity (results measure what are supposed to measure, data addresses the request)
Request was clarified
Identified and included all data owners that would have a stake in the data used
Data owners approve of data definitions and business rules used in the request
All pertinent business rules were applied
Data answers the intent of the request (intent ascertained from clarifying request)
Data answers the purpose of the request (audience, use, etc.)
Limits of the data are clearly stated
Definitions of terms and business rules are outlined so that a typical person can understand what the data represents
Small n-sizes and other privacy issues are appropriately handled
Wording, spelling, and grammar are correct
Data presentation is well organized and meets the needs of the requester
Data is provided in a format appropriate to the request
A typical person could not easily misinterpret the presentation of the data