• May 22, 2019

Protecting Privacy and Information Security in a Federal Postsecondary Student Data System

Protecting Privacy and Information Security in a Federal Postsecondary Student Data System

Protecting Privacy and Information Security in a Federal Postsecondary Student Data System 996 605 Vantage Technology Consulting Group

Portions of the content in this blog were first published by the Institute for Higher Education Policy (IHEP) in May 2019 as part of a series of policy papers exploring ways to advance and improve postsecondary data systems to promote student success and protect student privacy. Read the full policy paper on the IHEP website.


In March 2019, a bipartisan group of U.S. Senators introduced legislation to overturn a longstanding ban on the creation of a federal data system that would measure employment and graduation outcomes of college students.  The 2019 College Transparency Act (2019 CTA) envisions the creation and deployment of a federal postsecondary student-level data network (SLDN), developed and maintained within the National Center for Education Statistics (NCES).

Located within the Department of Education, NCES is the primary federal entity for collecting and analyzing U.S. education data.

Why consider a federal postsecondary student-level data network?

The postsecondary SLDN contemplated by the 2019 CTA would provide students, parents, institutions, and policy makers with a full and complete picture of college access and outcomes measures. It would be designed to help students and parents make decisions about college choice, and would give institutions and policy makers valuable insight about the state of higher education.  While data regarding college access and outcomes measures are already collected—colleges and universities, multistate collaboratives, private organizations, and the federal government all collect, share, and use different types of postsecondary data—the infrastructure is fragmented, disconnected, and uncoordinated. As a result, the available dataset is inadequate to meet the needs of all who depend on it. This is the limitation that the 2019 College Transparency Act seeks to change by creating a federal SLDN.

How will it work?

In a federal SLDN data will flow between colleges and universities, multistate collaboratives, private organizations, and the federal government. In order to provide meaningful information to students, parents, and policy makers, data from these different entities must be contributed to the federal SLDN in a way that allows for matching, by some common key or identifier, throughout the entire infrastructure.

Sometimes data used in the SLDN will be shared in identifiable formats, such as from an institution to the federal SLDN to provide enrollment, price, and completion data at the student level. Other times that data will flow in aggregate formats, such as from the SLDN to a state agency to provide college transfer, completion, and workforce outcomes. Given that multiple entities, some private and some governmental, will contribute, use, and analyze data within the SLDN, data governance structures and clear information security and privacy practices will need to be agreed to and followed by all participating entities.

How will student data be protected?

The amount of student and family data collected by and linked within a federal SLDN could give unprecedented insight into questions of college access, affordability, and student outcomes. Despite the benefits of providing access to accurate, timely, and high-quality aggregate information about student outcomes, ensuring the adequate security of such a system and protecting the privacy of individuals who have contributed identifiable data to that system are critical concerns. This is especially true because some of the data contributed to the system may be identifiable to specific students and their college experiences (even though the data shared back out to the public via the SLDN will not share identifiable information).

Personally identifiable information (PII) is information that identifies a specific individual. It can include a single piece of information used alone, such as a person’s name or Social Security Number (SSN). Or it can be data elements that, when combined together, can identify a particular individual. Common personally identifiable data elements include name, SSN, physical address, email address, zip code, race, age, gender, GPS location, telephone number, college or university identification number, and account numbers.

The 2019 College Transparency Act specifically recognizes these concerns by directing the NCES to develop and maintain a security- and privacy-protected student data network consistent with federal privacy and information security laws governing federal information technology systems and data collections. (As its name implies, a federal information system is an information system that is used or operated by a federal agency or on behalf of a federal agency. They include information technology (IT) resources used for the “collection, processing, maintenance, use, sharing, dissemination, or disposition of information.”[i])

Understanding the information security and privacy protections provided by U.S. federal laws is complicated because no one law governs these topics. Instead, a number of laws work together to provide a framework to safeguard federal information technology systems and data collections. Some of the main federal information security and privacy laws that would apply to the SLDN proposed by the 2019 CTA include:

  • The Privacy Act of 1974,
  • The E-Government Act of 2002,
  • The Confidential Information Protection and Statistical Efficiency Act of 2002,
  • The Federal Information Security Management Act of 2002, and
  • OMB Breach Notification Requirements.

In addition to creating and operating the SLDN consistent with federal privacy and information security laws, the 2019 CTA includes a number of different provisions designed to ensure the security and privacy of data contained in a federal SLDN. Among its provisions, the act:

  • Requires NCES to create and regularly revise its privacy, security, and access guidelines that govern the use and disclosure of data collected for the SLDN. 2019 CTA § (l)(8).
  • Specifies the type of PII that may never be included in the federal SLDN, to include elements such as health data, citizenship status, and political status. 2019 CTA § (l)(2)(B). 2019 CTA § (l)(2)(F).
  • Outlines permissible uses of SLDN data and states the consequences of unlawful willful disclosure. 2019 CTA § (l)(5)(E); § (l)(7).
  • Prohibits the use of the SLDN for law enforcement activities or any other activity that might result in adverse action against a student. 2019 CTA § (l)(5)(E).
  • Directs NCES to provide notice to students outlining which data are collected and used in the SLDN. 2019 CTA § (l)(1)(C)(vi).
  • Requires NCES to provide students with a process to access their information and correct inaccuracies. 2019 CTA § (l)(3)(C)(iv).

What happens next?

If enacted, the 2019 CTA provides for a four-year transition period to develop and implement the federal SLDN. During this transition period, NCES should:

  • Immediately constitute and actively engage with the CTA-created Postsecondary Student Data System Advisory Committee during the entire systems development process to ensure that security and privacy provisions are embedded in the SLDN from design to implementation.
  • Outline the systems development lifecycle approach that it will follow in creating the SLDN, ensuring conformity with any Department of Education lifecycle management specifications.[ii]
  • Consult best practices guidance regarding security and privacy practices during the systems development lifecycle.[iii]
  • Follow the privacy and security requirements set out in the 2019 CTA.
  • Adhere to federal privacy and information security laws regarding the creation and operation of federal IT systems.

 


This post was authored by Joanna Lyn Grama, JD, CISSP who is a Senior Consultant at Vantage Technology Consulting Group where she advises clients and provides thought leadership on information security policy, compliance, governance and data privacy issues.

ENDNOTES

[i] 44 U.S. Code § 3502.

[ii] See Department of Education, Department Directive OC-1016 (2016). The Lifecycle Management (LCM) Framework was retrieved from Department of Education website,

[iii] Kissel, R., Stine, K., Scholl, M., Rossman, H., Fahlsing, J., Gulick, J. (2008). Security Considerations in the System Development Life Cycle, Special Publication 800-64r2. Washington, DC: Retrived from National Institute of Standards and Technology website.