This section provides best practice resources related to the topic of disclosure avoidance, which refers to the efforts made to reduce the risk of unauthorized or accidental access to, release, transfer, or other communication of personally identifiable information from educational records (PII). To ensure that PII and other sensitive student data are protected at all times, educational agencies and institutions must be able to select data avoidance techniques that provide appropriate level of protection and apply them correctly. To aid educational stakeholders with making these decisions, the Privacy Technical Assistance Center (PTAC) developed a number of documents describing available disclosure limitation techniques, their intended purpose and application, and best practices to follow to ensure disclosure methods are applied appropriately.
Available resources are listed below in chronological order, with the most recent at the top of the page:
PTAC provides an overview of the guidance documents around Data Disclosure avoidance and best practice strategies for protecting personally identifiable information from education records (PII) in aggregate reports. The webinar provides suggestions on how to ensure that necessary confidentiality requirements are met, including compliance with the Family Educational Rights and Privacy Act (FERPA).
This case study illustrates best practices for minimizing access to sensitive information with education data maintained in a Statewide Longitudinal Data System. Two additional documents accompany this study: (1) An alphabetized glossary of terms related to data de-identification, and (2) FAQs about protecting personally identifiable information in education records when publically reporting student data.
This presentation reviews key disclosure avoidance concepts and provides best practice suggestions for implementing the techniques to ensure proper protection of the privacy and confidentiality of student records under the Family Educational Rights and Privacy Act.
This Statewide Longitudinal Data Systems (SLDS) Technical Brief examines what protecting student privacy means in a reporting context. To protect a student's privacy, the student's personally identifiable information must be protected from public release. When schools, districts, or states publish reports on students' educational progress, they typically release aggregated data–data for groups of students–to prevent disclosure of information about an individual. However, even with aggregation, unintended disclosures of personally identifiable information may occur. Current reporting practices are described and each is accompanied by an example table that is used to consider whether the intended protections are successful. The Brief also illustrates that some practices work better than others in protecting against disclosures of personally identifiable information about individual students. Each data protection practice requires some loss of information. The challenge rests in identifying practices that protect information about individual students, while at the same time minimizing the negative impact on the utility of the publicly reported data. Drawing upon the review and analysis of current practices, the Brief concludes with a set of recommended reporting rules that can be applied in reports of percentages and rates that are used to describe student outcomes to the public. These reporting rules are intended to maximize the amount of detail that can be safely reported without allowing disclosures from student outcome measures that are based on small numbers of students.
On April 21st, 2016 the Office of the Chief Privacy Officer issued a formal letter to Louisiana answering questions relating to protecting student privacy in public reporting. The document addresses the U.S. Department of Education’s practices and recommendations to States on how to protect privacy when publicly reporting enrollment data.