Policies - Data Privacy

This policy statement is written to clearly delineate the process of how access to all Maine Department of Education data systems, which contain data on Maine schools and districts, including individual student and staff records, is granted. Maine education data systems will be used for the purpose of providing data needed for supporting data-driven, intelligent decision making and to facilitate state and federal reporting, including data required for the federal Elementary and Secondary Education Act. These systems help school districts maintain more accurate information and manage district data more efficiently.

These education information systems will be managed by the Maine Department of Education (MDOE) in accordance with federal laws, such as the federal Family Educational Rights and Privacy Act (FERPA) and the Individuals with Disabilities Education Act and its implementing regulations (34 CFR 300.610 -646), and Maine statutes and regulations (e.g., MRS Title 20-A). All of these laws and policies are essential to maintaining the confidentiality of student records as they are collected and as they are maintained within Maine education data systems.

This policy statement contains information about the procedures that will be used to ensure the confidentiality of student and records maintained by the Department. It does not expand or in any way change the allowable uses by staff of the education data systems or the availability of the student and staff records to any other educator or member of the public.

Student & Staff Information in Maine Department of Education Information Systems

Maine education data systems are intended to support better decision-making and policies for improving the performance of students and schools, reduce reporting burdens (ultimately), help to facilitate the entry of students into a new district, and ensure that timely, high quality data are available to legitimate users.

These information systems contain information about all public districts and schools in Maine with students in pre-kindergarten programs (all programs for children prior to kindergarten), kindergarten programs, grades one through twelve, and all students receiving special education services through age 21. Among the data to be maintained are:

• Directory information names of administrators, address information, school or district type, and other general information on school staff and facilities.
• Student records minimal data about student participation in state and federal programs for which reporting is required, including information about English language learners and students in the Migrant Education Program (MEP), Title I, and Career and Technical Education (CTE under Perkins grant) and applicable federally reported subgroups. Assessment data are also included. Through the use of a unique state student identifier, links to the existing statewide special education and migrant databases will be used to minimize redundant data collection.
• Staff records information about the backgrounds and assignments of school staff.

Maine’s education data systems contain a selected set of data about individual students that will allow for the assignment of a unique student identifier and that provides a district administrator with the capacity to locate the identifier, of a student who has transferred into his/her district from another district within Maine. The goal of the state ID system is to maintain a unique identifier for every Maine student such that: 1) only one student is ever assigned a particular number; 2) once a student is assigned a number, that number is always associated with that student throughout his or her educational career; and 3) a student is only assigned one number so that the student is not duplicated in the State’s Student Information System database.

A similar unique identifier is also assigned to all school staff working in Maine.

All the data in the Department of Education’s information systems comes directly from the school districts. Districts are required to update their information as changes occur.

The data elements collected reflect a consensus on what is needed for reporting and decision-making and are based on what is considered best practice as identified by national educational groups. Complete descriptions of data elements are included in the Department’s Data Standards and Data Dictionary. Included are: definitions, code sets, formatting information, periodicity, contacts, and other reporting requirements. This information is updated whenever changes are made, and districts and schools are informed of changes as soon as possible.

The Education Data Manager (on staff at the MDOE) is the designated authority to establish and maintain a system of data protection for the student and staff information system in accordance with the Family Educational Rights and Privacy Act (FERPA) and other relevant state and federal laws and regulations.

Definitions and Background to this policy

Maine adheres to the confidentiality requirements of both federal and state laws including, but not limited to, the Family Educational Rights and Privacy Act (FERPA), the Individuals with Disabilities Education Act (IDEA), the Protection of Pupil Rights Amendment (PPRA), and the National School Lunch Act. The following definitions are derived from these and other related documents.

Privacy refers to an individual’s right to freedom from intrusion due to disclosure of information without his or her consent.

Confidentiality refers to an agency’s obligation not to disclose or transmit information about individual students to unauthorized parties. Confidentiality consists of the measures used by an authorized agency to protect how personally identifiable information is collected and maintained and when consent by the student or his or her parent/guardian is required to release information.

Personally identifiable information includes, but is not limited to: the student’s name; the name of the student’s parent/guardian or other family member; the address of the student or student’s family; a personal identifier, such as the Social Security Number or MaineCare ID; personal characteristics or other information that would make the student’s identity easily traceable. A small set of this information will be used for assigning a unique state student identifier and for identifying students who have transferred from another district within the state or who have returned to the state who already have a Maine state student ID assigned.

Disclosure means to permit access to, release, transfer, or otherwise communicate personally identifiable information contained in education records to any party, by any means, including oral, written, or electronic means.

Access means to view, print, download, copy, or otherwise retrieve data from a computer, computer system, or computer network.

Confidential data means information that would tend, by itself or with other information, to identify particular person(s). Confidential data includes information which is intended for the use of a particular person/group and whose unauthorized disclosure could be prejudicial to the individual it identifies.

Responsibility of the Maine Department of Education

The MDOE is responsible for setting the standards for what data will be collected and how the data will be transferred by districts to the MDOE. The MDOE works with Maine educators to clearly define each data element that will be collected, including when the data element should be collected, what code set should be used, if any, and any other information that will ensure that the data are accurate, correct and timely (A.C.T.). In addition, MDOE must provide formats for how the data are collected and reporting periods for when districts must submit the data. This information is published in the Data Calendar available to Maine educators online or in paper format. To the extent possible, the MDOE will provide guidance and assistance to districts as they complete the reporting requirements. MDOE is also responsible for guaranteeing the security and confidentiality of the data maintained within this system, particularly the student data. (This is discussed in more detail below.) Finally, the MDOE is responsible for ensuring that the system information is made available to those with a “need to access”, and to guard against improper disclosure of the data. (This is also discussed in more detail below.)

Responsibility of School Districts

As the originators of a large portion of the student level and staff data, districts (and their schools) are responsible for the accuracy, completeness, and timeliness of the data. Districts must provide guidance to their schools on how to record data and how to submit the data to the district, and monitor the schools to ensure the data are submitted on time and in the correct format. Districts are required to adhere to the reporting requirements of the MDOE. Districts are also responsible for identifying where corrections to their data are needed and completing the steps needed to get the data changed both in their own systems as well as in MDOE data systems.

Measures used to Protect Confidentiality

To ensure the maintenance of confidentiality of the student records maintained in MDOE data systems, this policy includes four privacy and confidentiality protections. These include assignment of a unique identifier, data security, restricted access, and statistical disclosure.

1. Assignment of a unique number, called the Maine State Student Identifier (ID), will help to protect the confidentiality of individual student records in the student information system. The Student ID will be computer generated and contain no embedded meaning and, after being checked for duplicates, will become permanently associated with the student. Duplicates will be reconciled using a set of information, such as the first name, last name, date of birth, gender, race/ethnicity, parent/guardian name, and Social Security Number (if available) of the student.

2. Security includes the technical measures put into place by the MDOE to ensure that records are not lost, stolen, vandalized, illegally accessed, or otherwise rendered useless. The servers containing the information for the MDOE data systems are maintained in secure locations either at the Office of Information Technology (OIT) or under remote hosting agreements with third-party vendors. In all cases, the hosting is maintained under the strict security policies of OIT. These policies can be found at http://www.maine.gov/oit/policies/index.shtml. The Education Data Manager works with the OIT staff to ensure appropriate protection and intrusion detection efforts are in place for the system components. The OIT staff will monitor security notices affecting the system software and will maintain the current software patches for the system components housed at the OIT. They will also work with the remote hosting vendor(s) to ensure their systems remain up-to-date. The OIT staff will monitor the access logs for the database for activity in violation of this Data Access and Management Policy document.

3. Restricted access to the data is imposed by this policy and is implemented by the Education Data Manager. It significantly limits who will be able to view the data and for what purposes. Education data systems have four access levels, which are described below. Each of the levels is consistent with a specific educational purpose as set forth in Section 99.31 (FERPA).

4. MDOE data systems are used to produce summary reports from individual data that relate to groups of students and staff, rather than to single individuals. There are some cases where populations may include only a few individuals. Statistical disclosure is the risk that arises when a population is so narrowly defined that tabulations are apt to produce a reported number small enough to permit the identification of a single individual. In such cases, the Education Data Manager will apply statistical procedures to ensure that confidentiality is maintained. For instance, in a search of the state assessment scores of Native American students, a particular school might reveal information about just two students. A possibility of inadvertently reporting personally identifiable information about these students is eliminated by setting a cell size cutoff. The Education Data Manager will block any aggregate results with a statistical cutoff in which fewer than ten students might be disclosed.

Student Data

A key purpose for collecting individual student records is to provide access to statistical information that improves the education-related decisions of teachers, administrators, policymakers, parents, and other education stakeholders as well as the general public. However, it is essential to ensure that the individually identifiable student information is released only to those persons with a legitimate educational interest and who are approved by the MDOE for access to this information. All approvals for groups or individuals given access to student level information will be documented and maintained by the Education Data Manager.

1. Access to Student Data at MDOE

It is useful to think of a single record of an individual student as a folder that contains many pieces of information, such as name, school building number, gender, or date of birth, etc. These are called fields. Every field in the student information system is assigned an access level between 1 and 4, with Level 1 being the highest level. All access levels are assigned in a way that maximizes usage by educators without risking inappropriate disclosure of personally identifiable information.

The MDOE data systems will be accessed through an electronic authentication process. This process provides restricted access based upon User ID and Password validation. Only individuals who have been authorized through submission of a signed Login Request Form or through their designated District Administrator are allowed access. Teachers in a Maine school system must request secure level access through their District Administrator.

Level 1 Access allows authorized MDOE staff to read and write to all the records and fields in the database. This level is only permitted to a minimum number of authorized staff members who operate or manage the database or are responsible for maintaining the accuracy, security, and audit corrections in the performance of their duties. Authorization by the Education Data Manager is required for this level of access.

Level 2 Access places limits on access to individual student records but not fields. For example, superintendents (or their designees) of local school districts may see all of the fields (data) collected about any of the students in his or her school district and can direct that data be resubmitted if errors are identified.

Level 3 Access provides limited access to individual student records and fields. For example, teachers may be allowed to view some of the fields in the records of their students.

Level 4 Access provides access to a limited set of fields for all students within the state. The purpose of this level is to allow designated district personnel who are responsible for registering new students to determine a student’s ID through use of a student locator system. Information that could help to better place a new student for instruction may be included. This is consistent with 34 CFR Section 99.31(a)(2) (FERPA).

Some MDOE staff responsible for audits, operations, accreditation, and reporting to state and federal government agencies will have access to a limited set of fields. The fields that are available at this level will be specified in the data dictionary once they are identified.

2. Release of Student Data to Researchers and Other Agencies

According to FERPA, personally identifiable information about students may be released without parental permission to researchers authorized to develop, validate or administer predictive tests, administer student aid programs, or improve instruction. The Education Data Manager may grant such requests for educational purposes, if privacy, confidentiality, and security are ensured. In addition, the MDOE may work with Maine institutions of higher education to determine the success of students as they move from high school to post-secondary education, and to track the successful placement of students who graduated with a concentration in career and technical programs. Authorization at this level is for the sole purpose of increasing the existing body of knowledge about the Maine educational system. Researchers must submit a written request for permission to have access to personally identifiable data that explains the purpose of the research study to the state Education Data Manager specifying for which educational agency or institution the study is being conducted, and how the researchers will ensure data confidentiality and security. This request will be considered on a case-by-case basis to determine if the request is in accordance with federal and state laws. The release of student data to researchers outside the agency is considered a loan of data (i.e., the recipients do not have ownership of the data). Researchers are required to destroy the data once their research is completed. 
All recipients/users of the requested restricted use data must sign a Memorandum of Agreement for Disclosure of Individually Identifiable Records Data Sharing and Confidentiality Agreement that indicates that the user agrees to abide by the Procedures for Protection of Individually Identifiable Student/Teacher Information. If permission is granted, the state Education Data Manager shall receive a copy of any analysis or reports created with the data. Data access provisions may change if mandated by federal statute, state law, or administrative rules.

3. Requests for Student Data Access by Students or Their Parents

Upon the request of any individual (or the individual’s parent/guardian if the individual is under the age of eighteen) under 34 CFR Section 99.20 (FERPA) to gain access to his/her (child’s) record contained in Infinite Campus State Edition, the Education Data Manager will provide a copy of all or any portion in a comprehensible format as applicable. Since the originating sources of the information are local education agencies, parents/guardians should seek first to review and amend the student’s record through the originating local education agency. However, MDOE will make other appropriate arrangements for parental (or student) access and review as needed, as required under 20 U.S.C. 1232g(a)(1)(B). MDOE may charge a minimal amount for copying this information.
Unauthorized persons must contact the originating local education agency concerning access to personally identifiable student data. They are required, under FERPA, to obtain written permission to obtain access from the local education agency.

4. Federal Disclosure Restrictions

A key purpose of the student information system is to provide access to statistical information that improves the education-related decisions of teachers, administrators, policymakers, parents, and other education stakeholders as well as the general public.

Private or confidential data on an individual student shall not be created, collected, stored, used, maintained, or disseminated in violation of federal or state law, and shall not be used for any purpose other than those already stated. If the Education Data Manager enters into a contract with a private individual or third party to perform any of the system manager functions, that agreement shall require that the data be protected in the same fashion. 
Under this policy, no private or confidential data will be released by MDOE except to the following parties or under the following conditions as set forth in 34 CFR 99.31 and 99.35 (FERPA):

• School officials with a legitimate educational interest;
• Contractors, consultants or volunteers to which school officials have outsourced institutional services or function;
• Specified officials for audit or evaluation purposes;
• Specified federal officials;
• Appropriate parties in connection with financial aid to a student;
• Organizations conducting certain studies for or on behalf of the school;
• Accrediting organizations;
• To comply with a judicial order or lawfully issued subpoena;
• Appropriate officials in cases of health and safety emergencies; and
• State and local authorities, within a juvenile system, pursuant to specific state law.

Data will be disclosed in these eight circumstances only on the conditions that: (1) the party to whom the data are released signs an agreement to not disclose the information to any third party without the prior written consent of the Education Data Manager, the company who provided the student assessment data (if assessment data are being disclosed), or the school district from whom the data were received; (2) the data are protected in a manner that does not permit the personal identification of an individual by anyone except the party referenced in the disclosure; and (3) the data are destroyed when no longer needed for the purposes under which the disclosure was granted.

The Education Data Manager will use appropriate measures to protect the confidentiality of student records and account for all disclosures. This includes keeping a list of the data, nature, and purposes of the disclosure, and to whom the disclosure was made.

5. Improper Disclosure of Student Records

The Education Data Manager is responsible for determining whether a request for access to the student records constitutes a legitimate request for an appropriate usage of student data. If the request does not meet standards established by the MDOE, consistent with FERPA for the appropriate release of student data, then the Education Data Manager will deny the request. All correspondence regarding access to student level data will be documented in writing and maintained by the Education Data Manager.
The Education Data Manager is also responsible for determining if personally identifiable information has been improperly disclosed by a Maine official or a third party in violation of this policy. If an improper disclosure is made by someone other than a Maine official, then the parties will be restricted from any access to MDOE student data for five years as required by FERPA. This action will be documented and maintained by the Education Data Manager.

6. Destruction of Data

All individual student data in MDOE data systems will be active and then archived for the length of time required by Maine records retention schedules. Data that are no longer needed will be archived or destroyed in a manner that protects the privacy and the confidentiality of the individuals involved.  

Staff Data

Staff records in MEDMS consist of limited information about the staff person, including but not limited to background information and assignments. This information is meant to be used for state and federal reporting and long range planning. It is not meant to be used for evaluation of the staff member.? Staff evaluations are the responsibility of the local education agency where they are employed.

1. Access to and Release of Staff Records

Unlike student records, staff records are not strictly protected by federal law. Some records of school and district staff who are employees of a publicly funded agency are generally considered “open records.” Release of these records is subject to the federal Freedom of Information Act (FOIA) and the Maine Freedom of Access Act (FOAA).

2. Requests for Data Access by a Staff Person

Upon the request of any individual to gain access to his/her record contained in MEDMS, the Education Data Manager will provide a copy of all or any portion in a comprehensible form. Since the originating sources of the information are local education agencies, staff persons should first seek to review and/or amend their records through the originating Local Education Agency (LEA). However, MDOE will make other appropriate arrangements for access and review as needed. The MDOE may charge a minimal amount for information.

3. Staff Identifier

Maine education data systems may include the Social Security Number for staff members; however, Maine law restricts the release of Social Security numbers. Thus, if individual staff records are released, then the State Staff ID will be included where needed.

4. Destruction of Data

All individual staff data in the MEDMS will be active and then archived for the length of time required by Maine records retention schedules. Data that are no longer needed will be archived or destroyed in a manner that protects the privacy and the confidentiality of the individuals involved.

Generation of Reports

MDOE will share with school districts the responsibility for reporting data about Maine schools. School districts will submit required state reporting data to MDOE using the MDOE data systems. In addition, districts and schools will be able to get access to their own data through these systems based on their access levels (but not data from other schools or districts). In each school and district, specific staff will be provided permission to see individual student records as part of the submission and reporting functions based on their approved access to student level data for their organizations.

As is done currently, select MDOE staff will produce regular reports from the MDOE data systems. On occasion, MDOE staff may produce a report in answer to a request from policy makers such as the State Board of Education, the Governor’s Office or the State Legislature. No one other than specified MDOE staff will have access to individually identifiable student data within the data systems. No public reports will be produced with tables containing small enough cells (number counts less than ten) such that individual students can be identified.

Copies of reports may be provided to school districts, may be posted on the MDOE website or may be used solely internally by authorized MDOE staff.